Azure Stack Hub 上 AKS 引擎的支援原則Support policies for AKS engine on Azure Stack Hub

本文會詳細說明 Azure Stack Hub 上 AKS 引擎的技術支援原則和限制。This article provides details about technical support policies and limitations for AKS engine on Azure Stack Hub. 本文也會詳細說明 Kubernetes Marketplace 項目、第三方開放原始碼元件,以及安全性或修補程式的管理。The article also details Kubernetes Marketplace item, third-party open-source components, and security or patch management.

在 Azure Stack Hub 上使用 AKS 引擎的自我管理 Kubernetes 叢集Self-managed Kubernetes clusters on Azure Stack Hub with AKS engine

基礎結構即服務 (IaaS) 雲端元件 (例如,計算或網路元件) 可讓使用者存取低層級的控制和自訂選項。Infrastructure as a service (IaaS) cloud components, such as compute or networking components, give users access to low-level controls and customization options. AKS 引擎可讓使用者以透明的方式來透明利用這些 IaaS 元件的 Kubernetes 叢集,讓使用者可以存取並影響其部署的所有層面。AKS engine allows the user to laydown Kubernetes clusters utilizing these IaaS components transparently, so users can access and affect all aspects of their deployments.

建立叢集時,客戶會定義 AKS 引擎所建立的 Kubernetes 主機和背景工作節點。When a cluster is created, the customer defines the Kubernetes masters and worker nodes that AKS engine creates. 客戶工作負載會在這些節點上執行。Customer workloads are executed on these nodes. 客戶擁有並可檢視或修改主機和背景工作節點。Customers own and can view or modify the master and worker nodes. 隨意修改節點可能會造成資料和工作負載遺失,而且可能導致叢集無法運作。Carelessly modified nodes can cause losses of data and workloads and can render the cluster non-functional. 此外,AKS 引擎作業 (例如,升級或縮放) 將會覆寫任何超出界限的變更。Also, AKS engine operations such as Upgrade or Scale will overwrite any out-of-bound changes. 例如,如果叢集有靜態 pod,則在 AKS 引擎升級作業之後,將不會保留這些 pod。For example, if the cluster has static pods, these will not be preserved after an AKS engine upgrade operation.

由於客戶的叢集節點會執行私用程式碼並儲存敏感性資料,因此 Microsoft 支援服務只能以有限的方式進行存取。Because customer cluster nodes execute private code and store sensitive data, Microsoft Support can access them in only a limited way. Microsoft 支援服務無法登入這些節點、在其中執行命令,或在客戶沒有快速允許或協助的情況下,檢視這些節點的記錄。Microsoft Support can't sign in to, execute commands in, or view logs for these nodes without express customer permission or assistance.

版本支援Version support

AKS 引擎版本支援遵循 Azure Stack Hub 支援原則的其餘部分所建立的相同模式,也就是 Azure Stack Hub 上支援的 AKS 引擎版本是以 n-2 公式為基礎。The AKS engine version support follows the same pattern established by the rest of the Azure Stack Hub support policy, that is support of a version of AKS engine on Azure Stack Hub is based on the n-2 formula. 例如,如果 AKS 引擎的最新版本為 v 0.55.0,則支援的版本集為:0.48.0、0.51.0、0.55.0。For example, if the latest version of AKS engine is v0.55.0, the set of supported versions are: 0.48.0, 0.51.0, 0.55.0. 此外,請務必遵循 Azure Stack Hub 更新版本,以及對應至 AKS 引擎支援版本的對應,這會在 AKS 引擎的版本資訊中進行維護。Also important it to follow the Azure Stack Hub update version and corresponding mapping to AKS engine supported version, this is maintained in the AKS engine release notes.

AKS 引擎支援的領域AKS engine supported areas

Microsoft 可針對下列問題提供技術支援:Microsoft provides technical support for the following:

  • AKS 引擎命令的問題:部署、產生、升級及縮放。Issues with AKS engine commands: deploy, generate, upgrade, and scale. 此工具應該與其在 Azure 上的行為一致。The tool should be consistent with its behavior on Azure.
  • 遵循 AKS 引擎的概觀部署 Kubernetes 叢集的問題。Issues with a Kubernetes cluster deployed following the Overview of the AKS engine.
  • 連接到其他 Azure Stack Hub 服務的問題。Issues with connectivity to other Azure Stack Hub services.
  • Kubernetes API 連線能力的問題。Issues with Kubernetes API connectivity.
  • 使用 Azure Resource Manager Azure Stack Hub Kubernetes 提供者功能和連線的問題。Issues with Azure Stack Hub Kubernetes provider functionality and connectivity with Azure Resource Manager.
  • AKS 引擎產生的 Azure Stack Hub 原生構件(例如負載平衡器、網路安全性群組、Vnet、子網、網路介面、路由表、可用性設定組、公用 IP 位址、儲存體帳戶和 VM 機器)所產生設定的問題。Issues with the AKS engine-generated configuration of Azure Stack Hub native artifacts such as Load Balancers, Network Security Groups, VNETs, Subnets, Network Interfaces, Route table, Availability sets, Public IP addresses, Storage account, and VM Machines.
  • 網路效能和延遲的問題。Issues with network performance and latency.
  • AKS 引擎在中斷連線的部署中使用 AKS 基底映像的問題。Issues with the AKS base image used by the AKS engine in disconnected deployments.

不支援的 AKS 引擎領域AKS engine areas not supported

Microsoft 不會針對下列領域提供技術支援:Microsoft does not provide technical support for the following:

  • 在 Azure 上使用 AKS 引擎。Using the AKS engine on Azure.

  • Azure Stack Hub Kubernetes Marketplace 項目。Azure Stack Hub Kubernetes Marketplace item.

  • 使用下列 AKS 引擎叢集定義選項和附加元件。Using the following AKS engine cluster definition options and addons.

    • 不支援的附加元件:Not supported addons:
      -Azure AD Pod 身分識別- Azure AD Pod Identity
      - ACI Connector- ACI Connector
      - Blobfuse Flex Volume- Blobfuse Flex Volume
      - Cluster Autoscaler- Cluster Autoscaler
      - Container Monitoring- Container Monitoring
      - KeyVault Flex Volume- KeyVault Flex Volume
      - NVIDIA Device Plugin- NVIDIA Device Plugin
      - Rescheduler- Rescheduler
      - SMB Flex Volume- SMB Flex Volume

    • 不支援的叢集定義選項:Not supported cluster definition options:
      - KubernetesConfig 底下:- Under KubernetesConfig:
      - cloudControllerManagerConfig- cloudControllerManagerConfig
      - enableDataEncryptionAtRest- enableDataEncryptionAtRest
      - enableEncryptionWithExternalKms- enableEncryptionWithExternalKms
      - enablePodSecurityPolicy- enablePodSecurityPolicy
      - etcdEncryptionKey- etcdEncryptionKey
      - useInstanceMetadata- useInstanceMetadata
      - useManagedIdentity- useManagedIdentity
      - azureCNIURLLinux- azureCNIURLLinux
      - azureCNIURLWindows- azureCNIURLWindows
      - masterProfile 底下:- Under masterProfile:
      - availabilityZones- availabilityZones
      - agentPoolProfiles 底下:- Under agentPoolProfiles:
      - availabilityZones- availabilityZones
      - singlePlacementGroup- singlePlacementGroup
      - scaleSetPriority- scaleSetPriority
      - scaleSetEvictionPolicy- scaleSetEvictionPolicy
      - acceleratedNetworkingEnabled- acceleratedNetworkingEnabled
      - acceleratedNetworkingEnabledWindows- acceleratedNetworkingEnabledWindows

  • 保存在 Kubernetes 設定存放區 etcd 外部的 Kubernetes 設定變更。Kubernetes configuration changes persisted outside the Kubernetes configuration store etcd. 例如,在叢集節點中執行的靜態 Pod。For example, static pods running in nodes of the cluster.

  • 有關如何使用 Kubernetes 的問題。Questions about how to use Kubernetes. 例如,Microsoft 支援服務不會建議您如何建立自訂輸入控制器、使用應用程式工作負載,或套用第三方或開放原始碼軟體套件或工具。For example, Microsoft Support doesn't provide advice on how to create custom ingress controllers, use application workloads, or apply third-party or open-source software packages or tools.

  • 不是以 AKS 引擎所部署 Kubernetes 叢集一部分來提供的第三方開放原始碼專案。Third-party open-source projects that aren't provided as part of the Kubernetes cluster deployed by AKS engine. 這些專案可能包括 Kubeadm、Kubespray、Native、Istio、Helm 或 Envoy 等等。These projects might include Kubeadm, Kubespray, Native, Istio, Helm, Envoy, or others.

  • AKS 引擎的支援案例所指定情況以外的使用案例中使用 AKS 引擎。Using the AKS engine in use-case scenarios outside the ones specified in Supported scenarios with the AKS engine.

  • 第三方軟體。Third-party software. 此軟體可以包含安全性掃描工具和網路裝置或軟體。This software can include security scanning tools and networking devices or software.

  • 建置多重雲端或多重廠商的相關問題。Issues about multicloud or multivendor build-outs. 例如,Microsoft 不支援與執行同盟多重公用雲端廠商解決方案相關的問題。For example, Microsoft doesn't support issues related to running a federated multipublic cloud vendor solution.

  • AKS 引擎支援的領域一節中所列項目以外的網路自訂。Network customizations other than those listed in the AKS engine supported areas section.

  • 生產環境應該只使用高度可用的 Kubernetes 叢集,也就是部署最少三個主機和三個代理程式節點的叢集。Production environments should only use highly available Kubernetes clusters, that is, clusters deployed with a minimum of three masters and three agent nodes. 在生產環境部署中,不支援任何較少的功能。Anything less cannot be supported in production deployments.

安全性問題和修補Security issues and patching

如果在 Azure Stack Hub 的一或多個 AKS 引擎或 Kubernetes 提供者元件中發現安全性缺陷,Microsoft 將會提供修補程式,讓客戶修補受影響的叢集以減輕問題。If a security flaw is found in one or more components of AKS engine or Kubernetes provider for Azure Stack Hub, Microsoft will make available a patch for customers to patch affected clusters to mitigate the issue. 或者,Microsoft 的小組也會向使用者提供升級指引。Alternatively, the team will give users upgrade guidance. 請注意,修補程式可能需要將叢集停機。Notice that patches may require downtime of the cluster. 如果必須重新開機,Microsoft 會向客戶告知這項需求。When reboots are required, Microsoft will notify the customers of this requirement. 如果使用者未根據 Microsoft 的指引來套用修補程式,其叢集將會繼續受到安全性問題的影響。If users don't apply the patches according to Microsoft guidance, their cluster will continue to be vulnerable to the security issue.

Kubernetes Marketplace 項目Kubernetes marketplace item

使用者可以下載 Kubernetes Marketplace 專案,讓使用者可以透過 Azure Stack Hub 使用者入口網站中的範本間接使用 AKS 引擎來部署 Kubernetes 叢集。Users can download a Kubernetes Marketplace item, which allows users to deploy Kubernetes clusters using the AKS engine indirectly through a template in the Azure Stack Hub user portal. 這可讓比直接使用 AKS 引擎更簡單。This makes it simpler than using the AKS engine directly. Kubernetes Marketplace 專案是一個實用的工具,可讓您快速設定用於示範、測試和開發的群集。Kubernetes Marketplace item is a useful tool to quickly set up clusters for demonstrations, testing, and development. 它不適合用于生產環境,因此不包含在 Microsoft 支援的專案集中。It is not intended for production, so it is not included in the set of items supported by Microsoft.

預覽功能Preview features

對於需要延伸測試和使用者意見反應的特性和功能,Microsoft 發行了新的預覽功能或功能旗標後的功能。For features and functionality that requires extended testing and user feedback, Microsoft releases new preview features or features behind a feature flag. 請將這些功能視為發行前版本或搶鮮版 (Beta) 功能。Consider these features as prerelease or beta features. 預覽功能或功能旗標功能並非設計來用於生產環境。Preview features or feature-flag features aren't meant for production. 持續的功能變更和行為、錯誤修正以及其他變更,可能會導致不穩定的叢集和停機時間。Ongoing functionality changes and behavior, bug fixes, and other changes can result in unstable clusters and downtime. 因此,Microsoft 不支援這些功能。These features are not supported by Microsoft.

後續步驟Next steps