Azure Kubernetes 服务 (AKS)Azure Kubernetes Service (AKS)

可以使用 Azure Kubernetes 服务 (AKS) 在 Azure 中轻松地部署托管的 Kubernetes 群集。Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS 通过将大量管理工作量卸载到 Azure,来降低管理 Kubernetes 所产生的复杂性和操作开销。AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. 作为一个托管 Kubernetes 服务,Azure 可以自动处理运行状况监视和维护等关键任务。As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. Kubernetes 主节点由 Azure 管理。The Kubernetes masters are managed by Azure. 用户仅管理和维护代理节点。You only manage and maintain the agent nodes. 作为托管型 Kubernetes 服务,AKS 是免费的 - 你只需支付群集中的代理节点费,不需支付主节点的费用。As a managed Kubernetes service, AKS is free - you only pay for the agent nodes within your clusters, not for the masters.

可以在 Azure 门户中使用 Azure CLI 或模板驱动型部署选项(例如资源管理器模板和 Terraform)来创建 AKS 群集。You can create an AKS cluster in the Azure portal, with the Azure CLI, or template driven deployment options such as Resource Manager templates and Terraform. 当你部署 AKS 群集时,系统会为你部署和配置 Kubernetes 主节点和所有节点。When you deploy an AKS cluster, the Kubernetes master and all nodes are deployed and configured for you. 另外,也可在部署过程中配置其他功能,例如高级网络、Azure Active Directory 集成、监视。Additional features such as advanced networking, Azure Active Directory integration, and monitoring can also be configured during the deployment process. AKS 支持 Windows Server 容器。Windows Server containers are supported in AKS.

有关 Kubernetes 基础知识的详细信息,请参阅 AKS 的 Kubernetes 核心概念For more information on Kubernetes basics, see Kubernetes core concepts for AKS.

若要开始,请通过 Azure 门户或者通过 Azure CLI 完成 AKS 快速入门。To get started, complete the AKS quickstart in the Azure portal or with the Azure CLI.

访问权限、安全性和监视Access, security, and monitoring

为了增强安全性和管理,AKS 允许你集成 Azure Active Directory 并使用 Kubernetes 基于角色的访问控制 (RBAC)。For improved security and management, AKS lets you integrate with Azure Active Directory and use Kubernetes role-based access control (RBAC). 也可监视群集和资源的运行状况。You can also monitor the health of your cluster and resources.

标识和安全管理Identity and security management

为了限制对群集资源的访问,AKS 支持 Kubernetes 基于角色的访问控制 (RBAC)To limit access to cluster resources, AKS supports Kubernetes role-based access control (RBAC). RBAC 允许你控制用户访问 Kubernetes 资源和命名空间,并控制在这些资源上设置的具体权限。RBAC lets you control access to Kubernetes resources and namespaces, and permissions to those resources. 还可将 AKS 群集配置为与 Azure Active Directory (AD) 集成。You can also configure an AKS cluster to integrate with Azure Active Directory (AD). 使用 Azure AD 集成时,可以将 Kubernetes 访问权限配置为基于现有标识和组成员身份。With Azure AD integration, Kubernetes access can be configured based on existing identity and group membership. 可以为现有的 Azure AD 用户和组提供对 AKS 资源的访问权限,以及提供集成式登录体验。Your existing Azure AD users and groups can be provided access to AKS resources and with an integrated sign-on experience.

有关标识的详细信息,请参阅 AKS 的访问权限和标识选项For more information on identity, see Access and identity options for AKS.

若要确保 AKS 群集的安全性,请参阅将 Azure Active Directory 与 AKS 集成To secure your AKS clusters, see Integrate Azure Active Directory with AKS.

集成式日志记录和监视Integrated logging and monitoring

为了了解 AKS 群集和部署的应用程序的性能,负责监视容器运行状况的 Azure Monitor 会从容器、节点和控制器收集内存和处理器指标。To understand how your AKS cluster and deployed applications are performing, Azure Monitor for container health collects memory and processor metrics from containers, nodes, and controllers. 可以查看容器日志,也可查看 Kubernetes 主节点日志Container logs are available, and you can also review the Kubernetes master logs. 此监视数据存储在 Azure Log Analytics 工作区中,可以通过 Azure 门户、Azure CLI 或 REST 终结点获取。This monitoring data is stored in an Azure Log Analytics workspace, and is available through the Azure portal, Azure CLI, or a REST endpoint.

有关详细信息,请参阅监视 Azure Kubernetes 服务容器运行状况For more information, see Monitor Azure Kubernetes Service container health.

群集和节点Clusters and nodes

AKS 节点在 Azure 虚拟机上运行。AKS nodes run on Azure virtual machines. 可以将存储连接到节点和 Pod、升级群集配置以及使用 GPU。You can connect storage to nodes and pods, upgrade cluster components, and use GPUs. AKS 支持运行多个节点池的 Kubernetes 群集,以支持混合操作系统和 Windows Server 容器。AKS supports Kubernetes clusters that run multiple node pools to support mixed operating systems and Windows Server containers. Linux 节点运行自定义的 Ubuntu OS 映像,Windows Server 节点运行自定义的 Windows Server 2019 OS 映像。Linux nodes run a customized Ubuntu OS image, and Windows Server nodes run a customized Windows Server 2019 OS image.

群集节点和 Pod 缩放Cluster node and pod scaling

如果对资源的需求发生变化,用于运行服务的群集节点或 Pod 的数目就会自动增大或减小。As demand for resources change, the number of cluster nodes or pods that run your services can automatically scale up or down. 可以使用水平的 Pod 自动缩放程序或群集自动缩放程序。You can use both the horizontal pod autoscaler or the cluster autoscaler. 这种缩放方法可以让 AKS 群集自动针对需求进行调整,只运行所需的资源。This approach to scaling lets the AKS cluster automatically adjust to demands and only run the resources needed.

有关详细信息,请参阅缩放 Azure Kubernetes 服务 (AKS) 群集For more information, see Scale an Azure Kubernetes Service (AKS) cluster.

群集节点升级Cluster node upgrades

Azure Kubernetes 服务提供多个 Kubernetes 版本。Azure Kubernetes Service offers multiple Kubernetes versions. 新版本在 AKS 中可用以后,即可使用 Azure 门户或 Azure CLI 升级群集。As new versions become available in AKS, your cluster can be upgraded using the Azure portal or Azure CLI. 在升级过程中,节点会被仔细封锁和排除以尽量减少对正在运行的应用程序造成中断。During the upgrade process, nodes are carefully cordoned and drained to minimize disruption to running applications.

若要详细了解生命周期版本,请参阅 AKS 中支持的 Kubernetes 版本To learn more about lifecycle versions, see Supported Kubernetes versions in AKS. 有关升级步骤,请参阅升级 Azure Kubernetes 服务 (AKS) 群集For steps on how to upgrade, see Upgrade an Azure Kubernetes Service (AKS) cluster.

启用 GPU 的节点GPU enabled nodes

AKS 支持创建启用了 GPU 的节点池。AKS supports the creation of GPU enabled node pools. Azure 目前提供单个或多个启用了 GPU 的 VM。Azure currently provides single or multiple GPU enabled VMs. 启用了 GPU 的 VM 是针对计算密集型、图形密集型和可视化工作负荷设计的。GPU enabled VMs are designed for compute-intensive, graphics-intensive, and visualization workloads.

有关详细信息,请参阅使用 AKS 上的 GPUFor more information, see Using GPUs on AKS.

存储卷支持Storage volume support

若要支持应用程序工作负荷,可以为持久保存的数据装载存储卷。To support application workloads, you can mount storage volumes for persistent data. 静态和动态卷都可以使用。Both static and dynamic volumes can be used. 根据要共享存储的已连接 Pod 的数目,可以使用 Azure 磁盘支持的存储进行单个 Pod 的访问,也可以使用 Azure 文件支持的存储进行多个并发 Pod 的访问。Depending on how many connected pods are to share the storage, you can use storage backed by either Azure Disks for single pod access, or Azure Files for multiple concurrent pod access.

有关详细信息,请参阅 AKS 中应用程序的存储选项For more information, see Storage options for applications in AKS.

使用 Azure 磁盘Azure 文件存储完成动态永久性卷的入门。Get started with dynamic persistent volumes using Azure Disks or Azure Files.

虚拟网络和入口Virtual networks and ingress

AKS 群集可以部署到现有的虚拟网络中。An AKS cluster can be deployed into an existing virtual network. 在此配置中,群集中的每个 Pod 在虚拟网络中分配有一个 IP 地址,并可直接与群集中的其他 Pod 以及虚拟网络中的其他节点通信。In this configuration, every pod in the cluster is assigned an IP address in the virtual network, and can directly communicate with other pods in the cluster, and other nodes in the virtual network. Pod 也可通过 ExpressRoute 或站点到站点 (S2S) VPN 连接与对等互连虚拟网络中的其他服务和本地网络建立连接。Pods can connect also to other services in a peered virtual network, and to on-premises networks over ExpressRoute or site-to-site (S2S) VPN connections.

有关详细信息,请参阅 AKS 中应用程序的网络概念For more information, see the Network concepts for applications in AKS.

使用 HTTP 应用程序路由的入口Ingress with HTTP application routing

可以通过 HTTP 应用程序路由加载项轻松地访问部署到 AKS 群集的应用程序。The HTTP application routing add-on makes it easy to access applications deployed to your AKS cluster. 启用后,HTTP 应用程序路由解决方案可以在 AKS 群集中配置入口控制器。When enabled, the HTTP application routing solution configures an ingress controller in your AKS cluster. 部署应用程序后,会自动配置可以公开访问的 DNS 名称。As applications are deployed, publicly accessible DNS names are auto configured. HTTP 应用程序路由会配置一个 DNS 区域并将其与 AKS 群集集成。The HTTP application routing configures a DNS zone and integrates it with the AKS cluster. 然后,你可以照常部署 Kubernetes 入口资源。You can then deploy Kubernetes ingress resources as normal.

开发工具集成Development tooling integration

Kubernetes 有丰富的生态系统,其中包含各种开发和管理工具,例如 Helm 和适用于 Visual Studio Code 的 Kubernetes 扩展。Kubernetes has a rich ecosystem of development and management tools such as Helm and the Kubernetes extension for Visual Studio Code. 这些工具可以与 AKS 无缝地配合使用。These tools work seamlessly with AKS.

Docker 映像支持和专用容器注册表Docker image support and private container registry

AKS 支持 Docker 映像格式。AKS supports the Docker image format. 若要对 Docker 映像进行专用存储,可以将 AKS 与 Azure 容器注册表 (ACR) 集成。For private storage of your Docker images, you can integrate AKS with Azure Container Registry (ACR).

若要创建专用映像存储,请参阅 Azure 容器注册表To create private image store, see Azure Container Registry.

Kubernetes 认证Kubernetes certification

Azure Kubernetes 服务 (AKS) 已被 CNCF 认证为符合 Kubernetes 规范。Azure Kubernetes Service (AKS) has been CNCF certified as Kubernetes conformant.

法规符合性Regulatory compliance

Azure Kubernetes 服务 (AKS) 符合 SOC、ISO、PCI DSS 和 HIPAA 规范。Azure Kubernetes Service (AKS) is compliant with SOC, ISO, PCI DSS, and HIPAA. 有关详细信息,请参阅 Azure 合规性概述For more information, see Overview of Azure compliance.

后续步骤Next steps

学习 Azure CLI 快速入门,了解有关部署和管理 AKS 的详细信息。Learn more about deploying and managing AKS with the Azure CLI quickstart.