Azure Stack Hub 上 AKS 引擎的支持策略Support policies for AKS engine on Azure Stack Hub

本文提供有关 Azure Stack Hub 上 AKS 引擎的支持策略和限制的详细信息。This article provides details about technical support policies and limitations for AKS engine on Azure Stack Hub. 本文还详细介绍了 Kubernetes 市场项、第三方开源组件以及安全性或修补程序管理。The article also details Kubernetes Marketplace item, third-party open-source components, and security or patch management.

具有 AKS 引擎的 Azure Stack Hub 上的自托管 Kubernetes 群集Self-managed Kubernetes clusters on Azure Stack Hub with AKS engine

基础结构即服务 (IaaS) 云组件(例如计算或网络组件)可让用户访问低级别的控件机制和自定义选项。Infrastructure as a service (IaaS) cloud components, such as compute or networking components, give users access to low-level controls and customization options. AKS 引擎允许用户以透明方式利用这些 IaaS 组件放置 Kubernetes 群集,因此用户可以访问和影响部署的所有方面。AKS engine allows the user to laydown Kubernetes clusters utilizing these IaaS components transparently, so users can access and affect all aspects of their deployments.

创建群集时,客户需定义 AKS 引擎创建的 Kubernetes 主节点和工作器节点。When a cluster is created, the customer defines the Kubernetes masters and worker nodes that AKS engine creates. 客户工作负荷将在这些节点上执行。Customer workloads are executed on these nodes. 客户拥有并可以查看或修改主节点和工作器节点。Customers own and can view or modify the master and worker nodes. 不小心修改的节点可能会导致数据和工作负荷丢失,并导致群集无法正常工作。Carelessly modified nodes can cause losses of data and workloads and can render the cluster non-functional. 此外,AKS 引擎操作(如升级或缩放)将覆盖任何超出有效范围的更改。Also, AKS engine operations such as Upgrade or Scale will overwrite any out-of-bound changes. 例如,如果群集有静态 Pod,在执行了 AKS 引擎升级操作后不会保留这些 Pod。For example, if the cluster has static pods, these will not be preserved after an AKS engine upgrade operation.

由于客户群集节点执行私有代码并存储敏感数据,因此 Microsoft 支持部门只能以受限的方式访问这些节点。Because customer cluster nodes execute private code and store sensitive data, Microsoft Support can access them in only a limited way. 没有直接的客户许可或帮助,Microsoft 支持人员无法登录这些节点、无法在其中执行命令,也无法查看其日志。Microsoft Support can't sign in to, execute commands in, or view logs for these nodes without express customer permission or assistance.

版本支持Version support

AKS 引擎版本支持遵循其余 Azure Stack Hub 支持策略所建立的模式,即 Azure Stack Hub 上对 AKS 引擎版本的支持基于 n-2 公式。The AKS engine version support follows the same pattern established by the rest of the Azure Stack Hub support policy, that is support of a version of AKS engine on Azure Stack Hub is based on the n-2 formula. 例如,如果最新的 AKS 引擎版本为 v0.55.0,则支持的版本集为:0.48.0、0.51.0、0.55.0。For example, if the latest version of AKS engine is v0.55.0, the set of supported versions are: 0.48.0, 0.51.0, 0.55.0. 同样重要的是要遵循 Azure Stack Hub 更新版本和相应的对 AKS 引擎支持版本的映射(保留在 AKS 引擎发行说明中)。Also important it to follow the Azure Stack Hub update version and corresponding mapping to AKS engine supported version, this is maintained in the AKS engine release notes.

AKS 引擎支持的区域AKS engine supported areas

Microsoft 为以下各项提供技术支持:Microsoft provides technical support for the following:

  • AKS 引擎命令部署、生成、升级和缩放的相关问题。Issues with AKS engine commands: deploy, generate, upgrade, and scale. 工具应与其在 Azure 上的行为一致。The tool should be consistent with its behavior on Azure.
  • AKS 引擎概述之后部署的 Kubernetes 群集的相关问题。Issues with a Kubernetes cluster deployed following the Overview of the AKS engine.
  • 与其他 Azure Stack Hub 服务之间的连接问题。Issues with connectivity to other Azure Stack Hub services.
  • Kubernetes API 连接问题。Issues with Kubernetes API connectivity.
  • Azure Stack Hub Kubernetes 提供程序功能问题和与 Azure 资源管理器的连接问题。Issues with Azure Stack Hub Kubernetes provider functionality and connectivity with Azure Resource Manager.
  • AKS 引擎生成的 Azure Stack Hub 本机工件(如负载均衡器、网络安全组、VNET、子网、网络接口、路由表、可用性集、公共 IP 地址、存储帐户和 VM 计算机)配置的相关问题。Issues with the AKS engine-generated configuration of Azure Stack Hub native artifacts such as Load Balancers, Network Security Groups, VNETs, Subnets, Network Interfaces, Route table, Availability sets, Public IP addresses, Storage account, and VM Machines.
  • 网络性能和延迟问题。Issues with network performance and latency.
  • 已断开连接的部署中的 AKS 引擎所使用的 AKS 基本映像的相关问题。Issues with the AKS base image used by the AKS engine in disconnected deployments.

不支持 AKS 引擎区域AKS engine areas not supported

Microsoft 不为以下各项提供技术支持:Microsoft does not provide technical support for the following:

  • 在 Azure 上使用 AKS 引擎。Using the AKS engine on Azure.

  • Azure Stack Hub Kubernetes 市场项。Azure Stack Hub Kubernetes Marketplace item.

  • 使用以下 AKS 引擎群集定义选项和加载项。Using the following AKS engine cluster definition options and addons.

    • 不支持的加载项:Not supported addons:
      - Azure AD Pod Identity- Azure AD Pod Identity
      - ACI 连接器- ACI Connector
      - Blobfuse Flex Volume- Blobfuse Flex Volume
      - 群集自动缩放程序- Cluster Autoscaler
      - 容器监视- Container Monitoring
      - KeyVault Flex Volume- KeyVault Flex Volume
      - NVIDIA 设备插件- NVIDIA Device Plugin
      - Rescheduler- Rescheduler
      - SMB Flex Volume- SMB Flex Volume

    • 不支持的群集定义选项:Not supported cluster definition options:
      - KubernetesConfig 下:- Under KubernetesConfig:
      - cloudControllerManagerConfig- cloudControllerManagerConfig
      - enableDataEncryptionAtRest- enableDataEncryptionAtRest
      - enableEncryptionWithExternalKms- enableEncryptionWithExternalKms
      - enablePodSecurityPolicy- enablePodSecurityPolicy
      - etcdEncryptionKey- etcdEncryptionKey
      - useInstanceMetadata- useInstanceMetadata
      - useManagedIdentity- useManagedIdentity
      - azureCNIURLLinux- azureCNIURLLinux
      - azureCNIURLWindows- azureCNIURLWindows
      - masterProfile 下:- Under masterProfile:
      - availabilityZones- availabilityZones
      - agentPoolProfiles 下:- Under agentPoolProfiles:
      - availabilityZones- availabilityZones
      - singlePlacementGroup- singlePlacementGroup
      - scaleSetPriority- scaleSetPriority
      - scaleSetEvictionPolicy- scaleSetEvictionPolicy
      - acceleratedNetworkingEnabled- acceleratedNetworkingEnabled
      - acceleratedNetworkingEnabledWindows- acceleratedNetworkingEnabledWindows

  • Kubernetes 配置更改保存在 Kubernetes 配置存储 etcd 以外的位置。Kubernetes configuration changes persisted outside the Kubernetes configuration store etcd. 例如,在群集节点中运行的静态 Pod。For example, static pods running in nodes of the cluster.

  • 有关 Kubernetes 用法的问题。Questions about how to use Kubernetes. 例如,对于如何创建自定义入口控制器、如何使用应用程序工作负荷,或者如何应用第三方的或开源的软件包或工具,Microsoft 支持部门不提供建议。For example, Microsoft Support doesn't provide advice on how to create custom ingress controllers, use application workloads, or apply third-party or open-source software packages or tools.

  • 不是作为 AKS 引擎部署的 Kubernetes 群集的一部分提供的第三方开源项目。Third-party open-source projects that aren't provided as part of the Kubernetes cluster deployed by AKS engine. 这些项目可能包括 Kubeadm、Kubespray、Native、Istio、Helm、Envoy 等。These projects might include Kubeadm, Kubespray, Native, Istio, Helm, Envoy, or others.

  • 支持使用 AKS 引擎的方案中指定的用例方案之外的其他用例中使用 AKS 引擎。Using the AKS engine in use-case scenarios outside the ones specified in Supported scenarios with the AKS engine.

  • 第三方软件。Third-party software. 此类软件可能包括安全扫描工具以及网络设备或软件。This software can include security scanning tools and networking devices or software.

  • 有关多云或多供应商扩建的问题。Issues about multicloud or multivendor build-outs. 例如,Microsoft 不为与运行联合多公有云供应商解决方案相关的问题提供支持。For example, Microsoft doesn't support issues related to running a federated multipublic cloud vendor solution.

  • AKS 引擎支持的区域部分中未列出的网络自定义。Network customizations other than those listed in the AKS engine supported areas section.

  • 生产环境应仅使用高度可用的 Kubernetes 群集,即使用至少三个主节点和三个代理节点部署的群集。Production environments should only use highly available Kubernetes clusters, that is, clusters deployed with a minimum of three masters and three agent nodes. 生产部署中不支持少于这个数的群集。Anything less cannot be supported in production deployments.

安全问题和修补Security issues and patching

如果在 Azure Stack 中心的一个或多个 AKS 引擎或 Kubernetes 提供程序组件中发现安全漏洞,Microsoft 将为客户提供修补受影响的群集的修补程序,以缓解此问题。If a security flaw is found in one or more components of AKS engine or Kubernetes provider for Azure Stack Hub, Microsoft will make available a patch for customers to patch affected clusters to mitigate the issue. 或者,AKS 团队将为用户提供升级指导。Alternatively, the team will give users upgrade guidance. 请注意,可能需要让群集停机才能使用修补程序。Notice that patches may require downtime of the cluster. 需要重新启动时,Microsoft 会通知客户此要求。When reboots are required, Microsoft will notify the customers of this requirement. 如果用户未按照 Microsoft 指导应用修补程序,则其群集将继续容易受到安全问题的影响。If users don't apply the patches according to Microsoft guidance, their cluster will continue to be vulnerable to the security issue.

Kubernetes 市场项Kubernetes marketplace item

用户可以下载 Kubernetes 市场项,它使用户能够通过 Azure Stack Hub 用户门户中的模板间接使用 AKS 引擎来部署 Kubernetes 群集。Users can download a Kubernetes Marketplace item, which allows users to deploy Kubernetes clusters using the AKS engine indirectly through a template in the Azure Stack Hub user portal. 这比直接使用 AKS 引擎部署更简单。This makes it simpler than using the AKS engine directly. Kubernetes 市场项是一个有用的工具,可用于快速设置用于演示、测试和开发的群集。Kubernetes Marketplace item is a useful tool to quickly set up clusters for demonstrations, testing, and development. 它不用于生产,因此不包含在 Microsoft 支持的一组项目中。It is not intended for production, so it is not included in the set of items supported by Microsoft.

预览功能Preview features

对于需要扩展测试和用户反馈的功能,Microsoft 发布了功能标志后的新预览版功能或功能。For features and functionality that requires extended testing and user feedback, Microsoft releases new preview features or features behind a feature flag. 请将这些功能视为预发行版或 beta 功能。Consider these features as prerelease or beta features. 预览功能或功能标志功能不适用于生产环境。Preview features or feature-flag features aren't meant for production. 正在进行的功能更改和行为、bug 修复及其他更改可能导致群集不稳定和停机。Ongoing functionality changes and behavior, bug fixes, and other changes can result in unstable clusters and downtime. Microsoft 不支持这些功能。These features are not supported by Microsoft.

后续步骤Next steps