Azure Kubernetes 服务 (AKS) 的 Kubernetes 核心概念Kubernetes core concepts for Azure Kubernetes Service (AKS)

应用程序开发继续朝着基于容器的方法发展,这增加了我们协调和管理资源的需求。Application development continues to move toward a container-based approach, increasing our need to orchestrate and manage resources. 作为领先平台,Kubernetes 对容错应用程序工作负载提供可靠计划。As the leading platform, Kubernetes provides reliable scheduling of fault-tolerant application workloads. Azure Kubernetes 服务 (AKS) 是一种托管 Kubernetes 产品/服务,可进一步简化基于容器的应用程序部署和管理。Azure Kubernetes Service (AKS), a managed Kubernetes offering, further simplifies container-based application deployment and management.

本文介绍了以下内容:This article introduces:

  • 核心 Kubernetes 基础结构组件:Core Kubernetes infrastructure components:
    • 控制平面control plane
    • 节点nodes
    • 节点池node pools
  • 工作负载资源:Workload resources:
    • Podpods
    • 部署deployments
    • sets
  • 如何将资源分组到命名空间中。How to group resources into namespaces.

什么是 Kubernetes?What is Kubernetes?

Kubernetes 是一个快速发展的平台,用于管理基于容器的应用程序及其相关网络和存储组件。Kubernetes is a rapidly evolving platform that manages container-based applications and their associated networking and storage components. Kubernetes 重点关注应用程序工作负载,而不是底层基础结构组件。Kubernetes focuses on the application workloads, not the underlying infrastructure components. Kubernetes 提供了一种声明性的部署方法,由一组针对管理操作的强大 API 提供支持。Kubernetes provides a declarative approach to deployments, backed by a robust set of APIs for management operations.

你可构建和运行可移植的、基于微服务的现代应用程序,从而使用 Kubernetes 安排和管理这些应用程序组件的可用性。You can build and run modern, portable, microservices-based applications, using Kubernetes to orchestrate and manage the availability of the application components. 由于团队通过采用基于微服务的应用程序而取得进展,因此 Kubernetes 支持无状态和有状态应用程序。Kubernetes supports both stateless and stateful applications as teams progress through the adoption of microservices-based applications.

作为开放平台,Kubernetes 可使用首选的编程语言、OS、库或消息总线生成应用程序。As an open platform, Kubernetes allows you to build your applications with your preferred programming language, OS, libraries, or messaging bus. 现有的持续集成和持续交付 (CI/CD) 工具可以与 Kubernetes 集成,以计划和部署版本。Existing continuous integration and continuous delivery (CI/CD) tools can integrate with Kubernetes to schedule and deploy releases.

AKS 提供一项托管 Kubernetes 服务,它可降低部署和核心管理任务(例如升级协调)的复杂性。AKS provides a managed Kubernetes service that reduces the complexity of deployment and core management tasks, like upgrade coordination. 由 Azure 平台来管理 AKS 控制平面,你只需为运行应用程序的 AKS 节点付费。The Azure platform manages the AKS control plane, and you only pay for the AKS nodes that run your applications. AKS 建立在开源 Azure Kubernetes 服务引擎 aks-engine 的基础之上。AKS is built on top of the open-source Azure Kubernetes Service Engine: aks-engine.

Kubernetes 群集体系结构Kubernetes cluster architecture

Kubernetes 群集分为两个组件:A Kubernetes cluster is divided into two components:

  • 控制平面:提供 Kubernetes 核心服务和应用程序工作负载的业务流程。Control plane: provides the core Kubernetes services and orchestration of application workloads.
  • 节点:运行应用程序工作负载。Nodes: run your application workloads.

Kubernetes 控制平面和节点组件

控制面板Control plane

创建 AKS 群集时,系统会自动创建和配置控制平面。When you create an AKS cluster, a control plane is automatically created and configured. 此控制平面作为提取自用户的 Azure 托管资源免费提供。This control plane is provided at no cost as a managed Azure resource abstracted from the user. 你只需为附加到 AKS 群集的节点付费。You only pay for the nodes attached to the AKS cluster. 控制平面及其资源仅驻留在创建群集的区域。The control plane and its resources reside only on the region where you created the cluster.

控制平面包括以下 Kubernetes 核心组件:The control plane includes the following core Kubernetes components:

组件Component 说明Description
kube-apiserverkube-apiserver API 服务器是公开基础 Kubernetes API 的方式。The API server is how the underlying Kubernetes APIs are exposed. 此组件为管理工具(如 kubectl 或 Kubernetes 仪表板)提供交互。This component provides the interaction for management tools, such as kubectl or the Kubernetes dashboard.
etcdetcd 高可用性 etcd 是 Kubernetes 中的键值存储,可维护 Kubernetes 群集和配置的状态。To maintain the state of your Kubernetes cluster and configuration, the highly available etcd is a key value store within Kubernetes.
kube-schedulerkube-scheduler 创建或缩放应用程序时,计划程序可确定哪些节点可运行工作负载并启动这些节点。When you create or scale applications, the Scheduler determines what nodes can run the workload and starts them.
kube-controller-managerkube-controller-manager 控制器管理器可监视许多较小的控制器,这些控制器执行 Pod 复制和节点处理等操作。The Controller Manager oversees a number of smaller Controllers that perform actions such as replicating pods and handling node operations.

AKS 提供单租户控制平面、专用 API 服务器、计划程序等。由你定义节点的数量和大小,Azure 平台负责配置控制平面和节点之间的安全通信。AKS provides a single-tenant control plane, with a dedicated API server, scheduler, etc. You define the number and size of the nodes, and the Azure platform configures the secure communication between the control plane and nodes. 通过 Kubernetes API(例如 kubectl 或 Kubernetes 仪表板)与控制平面进行交互。Interaction with the control plane occurs through Kubernetes APIs, such as kubectl or the Kubernetes dashboard.

虽然你无需使用此托管控制平面配置高可用性 etcd 存储等组件,但你无法直接访问控制平面。While you don't need to configure components (like a highly available etcd store) with this managed control plane, you can't access the control plane directly. Kubernetes 控制平面和节点升级通过 Azure CLI 或 Azure 门户进行协调。Kubernetes control plane and node upgrades are orchestrated through the Azure CLI or Azure portal. 要解决可能出现的问题,可以通过 Azure Monitor 日志查看控制平面日志。To troubleshoot possible issues, you can review the control plane logs through Azure Monitor logs.

若要配置或直接访问控制平面,请使用 aks-engine 部署你自己的 Kubernetes 群集。To configure or directly access a control plane, deploy your own Kubernetes cluster using aks-engine.

如需相关的最佳做法,请参阅 AKS 中群集安全性和升级的最佳做法For associated best practices, see Best practices for cluster security and upgrades in AKS.

节点和节点池Nodes and node pools

要运行应用程序和支持服务,需要 Kubernetes 节点。To run your applications and supporting services, you need a Kubernetes node. 一个 AKS 群集至少有一个节点,这是运行 Kubernetes 节点组件和容器运行时的 Azure 虚拟机 (VM)。An AKS cluster has at least one node, an Azure virtual machine (VM) that runs the Kubernetes node components and container runtime.

组件Component 说明Description
kubelet Kubernetes 代理,用于处理来自控制平面的业务流程请求并计划运行请求的容器。The Kubernetes agent that processes the orchestration requests from the control plane and scheduling of running the requested containers.
kube-proxykube-proxy 处理每个节点上的虚拟网络。Handles virtual networking on each node. 代理路由流量并管理服务和 Pod 的 IP 地址。The proxy routes network traffic and manages IP addressing for services and pods.
container runtimecontainer runtime 使容器化应用程序可运行并与其他资源(如虚拟网络和存储)进行交互。Allows containerized applications to run and interact with additional resources, such as the virtual network and storage. 如果 AKS 群集使用 Kubernetes 1.19 版及更高版节点池,则这些群集使用 containerd 作为其容器运行时。AKS clusters using Kubernetes version 1.19+ node pools use containerd as their container runtime. 如果 AKS 群集使用的 Kubernetes 节点池版本低于 1.19,则这些群集使用 Moby(上游 Docker)作为其容器运行时。AKS clusters using Kubernetes prior to node pool version 1.19 for node pools use Moby (upstream docker) as their container runtime.

Azure 虚拟机和 Kubernetes 节点的支持资源

节点的 Azure VM 大小定义了存储 CPU、内存、大小和可用类型(例如高性能 SSD 或常规 HDD)。The Azure VM size for your nodes defines the storage CPUs, memory, size, and type available (such as high-performance SSD or regular HDD). 围绕应用程序是否需要大量 CPU 和内存或高性能存储来计划节点大小。Plan the node size around whether your applications may require large amounts of CPU and memory or high-performance storage. 根据需要横向扩展 AKS 群集中的节点数。Scale out the number of nodes in your AKS cluster to meet demand.

在 AKS 中,群集的节点的 VM 映像基于 Ubuntu Linux 或 Windows Server 2019。In AKS, the VM image for your cluster's nodes is based on Ubuntu Linux or Windows Server 2019. 创建 AKS 群集或横向扩展节点数时,Azure 平台会自动创建和配置所请求数量的 VM。When you create an AKS cluster or scale out the number of nodes, the Azure platform automatically creates and configures the requested number of VMs. 代理节点按标准 Vm 计费,因此自动应用任何 VM 大小折扣。Agent nodes are billed as standard VMs, so any VM size discounts are automatically applied.

如果使用不同的主机 OS、容器运行时或包含不同的自定义包,请使用 aks-engine 部署你自己的 Kubernetes 群集。Deploy your own Kubernetes cluster with aks-engine if using a different host OS, container runtime, or including different custom packages. 上游 aks-engine 在 AKS 群集中受支持之前,会发布功能并提供配置选项。The upstream aks-engine releases features and provides configuration options ahead of support in AKS clusters. 例如,如果要使用 Moby 以外的容器运行时,可运行 aks-engine 来配置和部署满足当前需求的 Kubernetes 群集。So, if you wish to use a container runtime other than Moby, you can run aks-engine to configure and deploy a Kubernetes cluster that meets your current needs.

资源预留Resource reservations

AKS 使用节点资源来帮助节点作为群集的一部分运行。AKS uses node resources to help the node function as part of your cluster. 这种用法可能会造成节点的资源总数与 AKS 中可分配的资源数之间存在差异。This usage can create a discrepancy between your node's total resources and the allocatable resources in AKS. 在为用户部署的 Pod 设置请求和限制时,请注意此信息。Remember this information when setting requests and limits for user deployed pods.

若要查找节点的可分配资源,运行:To find a node's allocatable resources, run:

kubectl describe node [NODE_NAME]

为了保持节点性能和功能,AKS 会在每个节点上预留资源。To maintain node performance and functionality, AKS reserves resources on each node. 随着资源中节点的扩大,由于管理用户部署的 Pod 的需求更高,资源预留也会增加。As a node grows larger in resources, the resource reservation grows due to a higher need for management of user-deployed pods.

备注

使用容器见解 (OMS) 等 AKS 附加产品将消耗更多节点资源。Using AKS add-ons such as Container Insights (OMS) will consume additional node resources.

保留两种类型的资源:Two types of resources are reserved:

  • CPUCPU
    预留的 CPU 取决于节点类型和群集配置,这可能会由于运行其他功能而导致可分配的 CPU 变少。Reserved CPU is dependent on node type and cluster configuration, which may cause less allocatable CPU due to running additional features.

    主机上的 CPU 核心数CPU cores on host 11 22 44 88 1616 3232 6464
    Kube 预留 (millicore)Kube-reserved (millicores) 6060 100100 140140 180180 260260 420420 740740
  • 内存Memory
    AKS 使用的内存包含两个值的和。Memory utilized by AKS includes the sum of two values.

    1. kubelet 守护程序 kubelet daemon
      kubelet 守护程序安装在所有 Kubernetes 代理节点上,用于管理容器的创建和停止使用。The kubelet daemon is installed on all Kubernetes agent nodes to manage container creation and termination.

      在 AKS 上,kubelet 守护程序默认具有逐出规则 memory.available<750Mi,从而确保一个节点必须始终具有至少 750 Mi 的可分配内存。By default on AKS, kubelet daemon has the memory.available<750Mi eviction rule, ensuring a node must always have at least 750 Mi allocatable at all times. 当主机低于该可用内存阈值时,kubelet 将触发终止某个正在运行的 Pod 并释放主机上的内存。When a host is below that available memory threshold, the kubelet will trigger to terminate one of the running pods and free up memory on the host machine.

    2. 为 kubelet 守护程序正常运行而预留 (kube-reserved) 的内存的递减速率。A regressive rate of memory reservations for the kubelet daemon to properly function (kube-reserved).

      • 前 4 GB 内存的 25%25% of the first 4 GB of memory
      • 下一个 4 GB 内存的 20%(最多 8 GB)20% of the next 4 GB of memory (up to 8 GB)
      • 下一个 8 GB 内存的 10%(最多 16 GB)10% of the next 8 GB of memory (up to 16 GB)
      • 下一个 112 GB 内存的 6%(最多 128 GB)6% of the next 112 GB of memory (up to 128 GB)
      • 128 GB 以上任何内存的 2%2% of any memory above 128 GB

内存和 CPU 分配规则:Memory and CPU allocation rules:

  • 使代理节点保持正常运行,包括某些对群集运行状况至关重要的托管系统 Pod。Keep agent nodes healthy, including some hosting system pods critical to cluster health.
  • 使节点报告的可分配内存和 CPU 少于它不是 Kubernetes 群集一部分的情况。Cause the node to report less allocatable memory and CPU than it would if it were not part of a Kubernetes cluster.

上述资源预留无法更改。The above resource reservations can't be changed.

例如,如果一个节点提供 7 GB 内存,它会报告 34% 的内存不可分配,包括 750Mi 硬逐出阈值。For example, if a node offers 7 GB, it will report 34% of memory not allocatable including the 750Mi hard eviction threshold.

0.75 + (0.25*4) + (0.20*3) = 0.75GB + 1GB + 0.6GB = 2.35GB / 7GB = 33.57% reserved

除了 Kubernetes 本身的预留外,基础节点 OS 还预留了一定数量的 CPU 和内存资源以维持 OS 功能的运行。In addition to reservations for Kubernetes itself, the underlying node OS also reserves an amount of CPU and memory resources to maintain OS functions.

如需相关的最佳做法,请参阅 AKS 中适用于基本计划程序功能的最佳做法For associated best practices, see Best practices for basic scheduler features in AKS.

节点池Node pools

具有相同配置的节点将统一合并成节点池。Nodes of the same configuration are grouped together into node pools. 一个 Kubernetes 群集至少包含一个节点池。A Kubernetes cluster contains at least one node pool. 创建 AKS 群集时会定义初始节点数和大小,从而创建默认节点池。The initial number of nodes and size are defined when you create an AKS cluster, which creates a default node pool. AKS 中的此默认节点池包含运行代理节点的基础 VM。This default node pool in AKS contains the underlying VMs that run your agent nodes.

备注

为了确保群集可靠运行,应在默认节点池中至少运行两 (2) 个节点。To ensure your cluster operates reliably, you should run at least two (2) nodes in the default node pool.

针对默认节点池缩放或升级 AKS 群集。You scale or upgrade an AKS cluster against the default node pool. 你可选择缩放或升级特定节点池。You can choose to scale or upgrade a specific node pool. 对于升级操作,将在节点池中的其他节点上计划正在运行的容器,直到成功升级所有节点。For upgrade operations, running containers are scheduled on other nodes in the node pool until all the nodes are successfully upgraded.

若要详细了解如何在 AKS 中使用多个节点池,请参阅为 AKS 中的群集创建和管理多个节点池For more information about how to use multiple node pools in AKS, see Create and manage multiple node pools for a cluster in AKS.

节点选择器Node selectors

在具有多个节点池的 AKS 群集中,可能需要告知 Kubernetes 计划程序要将哪个节点池用于给定的资源。In an AKS cluster with multiple node pools, you may need to tell the Kubernetes Scheduler which node pool to use for a given resource. 例如,入口控制器不应在 Windows Server 节点上运行。For example, ingress controllers shouldn't run on Windows Server nodes.

可通过节点选择器定义各种参数(例如节点 OS),来控制应在哪里计划 Pod。Node selectors let you define various parameters, like node OS, to control where a pod should be scheduled.

以下基本示例使用节点选择器 "beta.kubernetes.io/os": linux 来计划 Linux 节点上的 NGINX 实例:The following basic example schedules an NGINX instance on a Linux node using the node selector "beta.kubernetes.io/os": linux:

kind: Pod
apiVersion: v1
metadata:
  name: nginx
spec:
  containers:
    - name: myfrontend
      image: mcr.microsoft.com/oss/nginx/nginx:1.15.12-alpine
  nodeSelector:
    "beta.kubernetes.io/os": linux

若要详细了解如何控制对 Pod 进行计划的位置,请参阅有关 AKS 中的高级计划程序功能的最佳做法For more information on how to control where pods are scheduled, see Best practices for advanced scheduler features in AKS.

PodPods

Kubernetes 使用 Pod 来运行应用程序的实例。Kubernetes uses pods to run an instance of your application. Pod 表示应用程序的单个实例。A pod represents a single instance of your application.

Pod 通常与容器是一对一映射关系。Pods typically have a 1:1 mapping with a container. 在高级方案中,一个 Pod 可能包含多个容器。In advanced scenarios, a pod may contain multiple containers. 多容器 Pod 是在同一节点上共同计划的,容器可通过它们共享相关资源。Multi-container pods are scheduled together on the same node, and allow containers to share related resources.

创建 Pod 时,可定义资源请求以请求一定数量的 CPU 或内存资源。When you create a pod, you can define resource requests to request a certain amount of CPU or memory resources. Kubernetes 计划程序尝试计划在具有可用资源的节点上运行 Pod 来满足请求。The Kubernetes Scheduler tries meet the request by scheduling the pods to run on a node with available resources. 你还可指定最大资源限制,防止某 Pod 从基础节点消耗过多计算资源。You can also specify maximum resource limits to prevent a pod from consuming too much compute resource from the underlying node. 最佳做法是包括所有 Pod 的资源限制,以帮助 Kubernetes 计划程序确定必需的允许资源。Best practice is to include resource limits for all pods to help the Kubernetes Scheduler identify necessary, permitted resources.

有关详细信息,请参阅 Kubernetes PodKubernetes Pod 生命周期For more information, see Kubernetes pods and Kubernetes pod lifecycle.

Pod 是逻辑资源,但应用程序工作负载在容器中运行。A pod is a logical resource, but application workloads run on the containers. Pod 通常是临时的、可释放的资源。Pods are typically ephemeral, disposable resources. 单个计划的 Pod 缺少某些高可用性和冗余 Kubernetes 功能。Individually scheduled pods miss some of the high availability and redundancy Kubernetes features. 相反,Pod 由 Kubernetes 控制器(例如 Deployment 控制器)进行部署和管理。Instead, pods are deployed and managed by Kubernetes Controllers, such as the Deployment Controller.

部署和 YAML 清单Deployments and YAML manifests

部署表示由 Kubernetes 部署控制器管理的相同 Pod。A deployment represents identical pods managed by the Kubernetes Deployment Controller. 部署定义了要创建的 Pod 副本数量。A deployment defines the number of pod replicas to create. Kubernetes 计划程序可确保当 Pod 或节点遇到问题时,在正常节点上计划其他 Pod。The Kubernetes Scheduler ensures that additional pods are scheduled on healthy nodes if pods or nodes encounter problems.

可以更新部署以更改 Pod 的配置、使用的容器映像或附加存储。You can update deployments to change the configuration of pods, container image used, or attached storage. 部署控制器:The Deployment Controller:

  • 排出并终止给定数量的副本。Drains and terminates a given number of replicas.
  • 根据新的部署定义创建副本。Creates replicas from the new deployment definition.
  • 继续此过程,直到部署中的所有副本都已更新。Continues the process until all replicas in the deployment are updated.

AKS 中的大多数无状态应用程序应使用部署模型,而不是计划单个 Pod。Most stateless applications in AKS should use the deployment model rather than scheduling individual pods. Kubernetes 可监视部署运行状况和状态,确保在群集中运行所需数量的副本。Kubernetes can monitor deployment health and status to ensure that the required number of replicas run within the cluster. 单个计划时,如果 Pod 遇到问题则不会重启;如果当前节点遇到问题,则不在正常节点上重新计划。When scheduled individually, pods aren't restarted if they encounter a problem, and aren't rescheduled on healthy nodes if their current node encounters a problem.

如果你的应用程序需要最低数量的可用实例,那么你不希望更新过程干扰管理决定。You don't want to disrupt management decisions with an update process if your application requires a minimum number of available instances. Pod 中断预算定义了在更新或节点升级期间部署中可删除的副本数。Pod Disruption Budgets define how many replicas in a deployment can be taken down during an update or node upgrade. 例如,如果部署中有五 (5) 个副本,则可定义四 (4) 个 Pod 中断,以便一次只允许删除或重新计划一个副本 。For example, if you have five (5) replicas in your deployment, you can define a pod disruption of 4 (four) to only allow one replica to be deleted or rescheduled at a time. 与 Pod 资源限制一样,最佳做法是在需要始终存在最低数量副本的应用程序上定义 Pod 中断预算。As with pod resource limits, best practice is to define pod disruption budgets on applications that require a minimum number of replicas to always be present.

通常使用 kubectl createkubectl apply 来创建和管理部署。Deployments are typically created and managed with kubectl create or kubectl apply. 通过定义 YAML 格式的清单文件来穿件部署。Create a deployment by defining a manifest file in the YAML format.

以下示例创建 NGINX Web 服务器的基本部署。The following example creates a basic deployment of the NGINX web server. 部署指定要创建的三 (3) 个副本,并要求在容器上打开端口 80 。The deployment specifies three (3) replicas to be created, and requires port 80 to be open on the container. 还为 CPU 和内存定义了资源请求和限制。Resource requests and limits are also defined for CPU and memory.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: mcr.microsoft.com/oss/nginx/nginx:1.15.2-alpine
        ports:
        - containerPort: 80
        resources:
          requests:
            cpu: 250m
            memory: 64Mi
          limits:
            cpu: 500m
            memory: 256Mi

通过在 YAML 清单中包含负载均衡器等服务,可创建更复杂的应用程序。More complex applications can be created by including services (such as load balancers) within the YAML manifest.

有关详细信息,请参阅 Kubernetes 部署For more information, see Kubernetes deployments.

使用 Helm 进行包管理Package management with Helm

Helm 通常用于管理 Kubernetes 中的应用程序。Helm is commonly used to manage applications in Kubernetes. 可生成和使用包含应用程序代码打包版本和 Kubernetes YAML 清单的现有公共 Helm 图表来部署资源。You can deploy resources by building and using existing public Helm charts that contain a packaged version of application code and Kubernetes YAML manifests. Helm 图表可存储在本地,也可存储在远程存储库中,例如 Azure 容器注册表 Helm 图表存储库You can store Helm charts either locally or in a remote repository, such as an Azure Container Registry Helm chart repo.

若要使用 Helm,请在计算机上安装 Helm 客户端。To use Helm, install the Helm client on your computer. 搜索或创建 Helm 图表,然后将其安装到 Kubernetes 群集。Search for or create Helm charts, and then install them to your Kubernetes cluster. 有关详细信息,请参阅在 AKS 中使用 Helm 安装现有应用程序For more information, see Install existing applications with Helm in AKS.

StatefulSet 和 DaemonSetStatefulSets and DaemonSets

借助 Kubernetes 计划程序,部署控制器能够在具有可用资源的任何可用节点上运行副本。Using the Kubernetes Scheduler, the Deployment Controller runs replicas on any available node with available resources. 虽然此方法对无状态应用程序来说可能已经足够,但部署控制器并不适合需要下列项的应用程序:While this approach may be sufficient for stateless applications, The Deployment Controller is not ideal for applications that require:

  • 永久性命名约定或存储。A persistent naming convention or storage.
  • 群集中每个特选节点上存在的副本。A replica to exist on each select node within a cluster.

不同,可通过下面两种 Kubernetes 资源管理这类应用程序:Two Kubernetes resources, however, let you manage these types of applications:

  • StatefulSet 维护超出单个 Pod 生命周期的应用程序的状态(如存储)。StatefulSets maintain the state of applications beyond an individual pod lifecycle, such as storage.
  • DaemonSet 确保在 Kubernetes 启动进程早期每个节点上都有正在运行的实例。DaemonSets ensure a running instance on each node, early in the Kubernetes bootstrap process.

StatefulSetStatefulSets

现代应用程序开发通常以无状态应用程序为目标。Modern application development often aims for stateless applications. 对于有状态应用程序(例如包含数据库组件的应用程序),可使用 StatefulSets。For stateful applications, like those that include database components, you can use StatefulSets. 与部署类似,StatefulSet 创建和管理至少一个相同的 Pod。Like deployments, a StatefulSet creates and manages at least one identical pod. StatefulSet 中的副本按照正常有序的方法来部署、缩放、升级和终止。Replicas in a StatefulSet follow a graceful, sequential approach to deployment, scale, upgrade, and termination. 以副本形式保存的命名约定、网络名称和存储用 StatefulSet 重新计划。The naming convention, network names, and storage persist as replicas are rescheduled with a StatefulSet.

使用 kind: StatefulSet 按 YAML 格式定义应用程序。Define the application in YAML format using kind: StatefulSet. 从这里,由 StatefulSet 控制器处理所需副本的部署和管理。From there, the StatefulSet Controller handles the deployment and management of the required replicas. 数据会写入到由 Azure 托管磁盘或 Azure 文件提供的永久性存储。Data is written to persistent storage, provided by Azure Managed Disks or Azure Files. 如果使用 StatefulSet,甚至在删除 StatefulSet 时,基础持久性存储仍然保持不变。With StatefulSets, the underlying persistent storage remains, even when the StatefulSet is deleted.

有关详细信息,请参阅 Kubernetes StatefulSetFor more information, see Kubernetes StatefulSets.

计划 StatefulSet 中的副本,并在 AKS 群集中的任何可用节点上运行这些副本。Replicas in a StatefulSet are scheduled and run across any available node in an AKS cluster. 若要确保集中至少有一个 Pod 在节点上运行,请改用 DaemonSet。To ensure at least one pod in your set runs on a node, you use a DaemonSet instead.

DaemonSetDaemonSets

对于特定的日志集合或监视,可能需要在所有或选定的节点上运行 Pod。For specific log collection or monitoring, you may need to run a pod on all, or selected, nodes. 可使用 DaemonSet 部署一个或多个相同的 Pod,但 DaemonSet 控制器会确保指定的每个节点都运行 Pod 实例。You can use DaemonSet deploy one or more identical pods, but the DaemonSet Controller ensures that each node specified runs an instance of the pod.

在默认的 Kubernetes 计划程序启动之前,DaemonSet 控制器可以在群集启动进程的早期计划节点上的 Pod。The DaemonSet Controller can schedule pods on nodes early in the cluster boot process, before the default Kubernetes scheduler has started. 此功能可确保在计划 Deployment 或 StatefulSet 中的传统 Pod 之前启动 DaemonSet 中的 Pod。This ability ensures that the pods in a DaemonSet are started before traditional pods in a Deployment or StatefulSet are scheduled.

与 StatefulSet 一样,系统使用 kind: DaemonSet 将 DaemonSet 定义为 YAML 定义的一部分。Like StatefulSets, a DaemonSet is defined as part of a YAML definition using kind: DaemonSet.

有关详细信息,请参阅 Kubernetes DaemonSetFor more information, see Kubernetes DaemonSets.

命名空间Namespaces

Kubernetes 资源(例如 Pod 和部署)按逻辑分组到一个命名空间中,以划分 AKS 群集并限制创建、查看或管理资源的权限。Kubernetes resources, such as pods and deployments, are logically grouped into a namespace to divide an AKS cluster and restrict create, view, or manage access to resources. 例如,可创建命名空间来分隔业务组。For example, you can create namespaces to separate business groups. 用户只能与分配的命名空间内的资源进行交互。Users can only interact with resources within their assigned namespaces.

Kubernetes 命名空间以逻辑方式划分资源和应用程序

创建 AKS 群集时,以下命名空间可用:When you create an AKS cluster, the following namespaces are available:

命名空间Namespace 说明Description
defaultdefault 不提供任何命名空间时,默认在此命名空间中创建 Pod 和部署。Where pods and deployments are created by default when none is provided. 在小型环境中,可以将应用程序直接部署到默认命名空间,而无需创建其他逻辑分隔。In smaller environments, you can deploy applications directly into the default namespace without creating additional logical separations. 与 Kubernetes API(例如 kubectl get pods)交互时,如果未指定命名空间,则使用默认值。When you interact with the Kubernetes API, such as with kubectl get pods, the default namespace is used when none is specified.
kube-systemkube-system 此命名空间中有核心资源,例如 DNS 和代理等网络功能或 Kubernetes 仪表板。Where core resources exist, such as network features like DNS and proxy, or the Kubernetes dashboard. 通常不会将应用程序部署到此命名空间中。You typically don't deploy your own applications into this namespace.
kube-publickube-public 通常不使用此命名空间,但可用于让资源在整个群集中可见,并可供任何用户查看。Typically not used, but can be used for resources to be visible across the whole cluster, and can be viewed by any user.

有关详细信息,请参阅 Kubernetes 命名空间For more information, see Kubernetes namespaces.

后续步骤Next steps

本文涵盖了一些核心 Kubernetes 组件以及如何将它们应用于 AKS 群集的内容。This article covers some of the core Kubernetes components and how they apply to AKS clusters. 有关核心 Kubernetes 和 AKS 概念的详细信息,请参阅以下文章:For more information on core Kubernetes and AKS concepts, see the following articles: