Skip to main content

Run Windows container with Hyper-V isolation mode in Kubernetes

· 3 min read

Windows Container 有两种隔离运行模式 Hyper-V 和 Process, 参见:Isolation Modes

两种模式下的 host 的 OS 版本与 containter 的 OS 版本存在兼容性又不相同,参见:Windows container version compatibility

很明显 Hyper-V 模式的兼容性要比 Process 模式要好,向下兼容,也就是高版本的 host OS 可以运行低版本的 container OS, 反之不行;

而 Process 模式下 Windows Server 中则要求 host OS 与 container OS 的版本完全相同, Windows 10 中则不支持 Process 模式.

某一天,我想在 Kubernetes Windows 节点中以 Hyper-V 模式运行 Container, 于是乎发现1.17 的文档中写道:

Note: In this document, when we talk about Windows containers we mean Windows containers with process isolation. Windows containers with Hyper-V isolation is planned for a future release.

不甘心又 google 了一下,发现:

1. 有人提了 bug, 已经被修复了: https://github.com/kubernetes/kubernetes/issues/58750 2. 代码也 merge 了: https://github.com/kubernetes/kubernetes/pull/58751 3. 有人在测试过程中遇到问题,也解决了: https://github.com/kubernetes/kubernetes/issues/62812

但我测试的过程中却提示:

Error response from daemon: CreateComputeSystem test: The container operating system does not match the host operating system.

我的环境:

Kubernetes Ver: 1.14.8

Kubernetes Node OS Ver: Windows Server Datacenter 10.0.17763.504, 属于 1809 的版本

Container Base Image: windowsservercore-1709

Deployment yaml:

apiVersion: <span style="color: #ff0000;">apps/v1beta2</span>
kind: Deployment
metadata:
  labels:
    app: test
  name: test
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      annotations:
        <span style="color: #ff0000;">experimental.windows.kubernetes.io/isolation-type: hyperv</span>
      labels:
        app: test
...

然后对比了下 github 别人试成功的 deployment yaml, 发现人家用的是 apps/v1

apiVersion: <span style="color: #ff0000;">apps/v1</span>
kind: Deployment
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  ...

目前在 k8s 中启用 hyperv isolation 的三个条件:

  1. kubelet 启用参数: --feature-gates=HyperVContainer=true
  2. Pod/Deployment apiVersion: apps/v1
  3. spec.template.metadata.annotations[].experimental.windows.kubernetes.io/isolation-type:hyperv

参见: https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#hyper-v-isolation

目前我的云提供商给的 kubernetes 1.14.8 又不支持 apps/v1 ...

于是乎,我要么等提供商升级 kubernetes,要么自己升级 container OS 跟 kubernetes node OS 一样...

ClustrMaps