快速入门:使用 Azure 门户部署 Azure Kubernetes 服务 (AKS) 群集Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal

Azure Kubernetes 服务 (AKS) 是可用于快速部署和管理群集的托管式 Kubernetes 服务。Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage clusters. 在本快速入门中,请执行以下操作:In this quickstart, you will:

  • 使用 Azure 门户部署 AKS 群集。Deploy an AKS cluster using the Azure portal.
  • 在该群集中运行一个包含 Web 前端和 Redis 实例的多容器应用程序。Run a multi-container application with a web front-end and a Redis instance in the cluster.
  • 监视运行应用程序的群集和 Pod 的运行状况。Monitor the health of the cluster and pods that run your application.

浏览到 Azure Vote 示例应用程序的图像

本快速入门假设读者基本了解 Kubernetes 的概念。This quickstart assumes a basic understanding of Kubernetes concepts. 有关详细信息,请参阅 Azure Kubernetes 服务 (AKS) 的 Kubernetes 核心概念For more information, see Kubernetes core concepts for Azure Kubernetes Service (AKS).

如果没有 Azure 订阅,请在开始前创建一个试用版订阅If you don't have an Azure subscription, create a trial subscription before you begin.

先决条件Prerequisites

https://portal.azure.cn 中登录 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.

创建 AKS 群集Create an AKS cluster

  1. 在 Azure 门户菜单上或在“主页”中,选择“创建资源”。On the Azure portal menu or from the Home page, select Create a resource.

  2. 在“新建”页的搜索框中键入“Kubernetes 服务”,然后在搜索结果中选择“Kubernetes 服务”项并选择“创建”。Type Kubernetes Service in search box of New page, then select Kubernetes Service item in search results and select the Create.

  3. 在“基本信息”页面上,配置以下选项:On the Basics page, configure the following options:

    • 项目详细信息Project details:
      • 选择一个 Azure 订阅。Select an Azure Subscription.
      • 选择或创建一个 Azure 资源组,例如 myResourceGroupSelect or create an Azure Resource group, such as myResourceGroup.
    • 群集详细信息Cluster details:
      • 输入 Kubernetes 群集名称,例如 myAKSClusterEnter a Kubernetes cluster name, such as myAKSCluster.
      • 选择 AKS 群集的“区域”和“Kubernetes 版本” 。Select a Region and Kubernetes version for the AKS cluster.
    • 主节点池Primary node pool:
      • 为 AKS 节点选择 VM 节点大小。Select a VM Node size for the AKS nodes. 一旦部署 AKS 群集,不能更改 VM 大小。The VM size cannot be changed once an AKS cluster has been deployed.
      • 选择要部署到群集中的节点数。Select the number of nodes to deploy into the cluster. 对于本快速入门,请将“节点计数”设置为“1”。For this quickstart, set Node count to 1. 部署群集后,可以调整节点计数。Node count can be adjusted after the cluster has been deployed.

    创建 AKS 群集 - 提供基本信息

  4. 在完成时选择“下一步:节点池”。Select Next: Node pools when complete.

  5. 保留默认的“节点池”选项。Keep the default Node pools options. 单击屏幕底部的“下一步:身份验证”。At the bottom of the screen, click Next: Authentication.

    注意

    新建的 Azure AD 服务主体可能需要几分钟时间才能完成传播并可供使用,这会导致 Azure 门户中出现“找不到服务主体”错误和验证失败。Newly created Azure AD service principals may take several minutes to propagate and become available, causing "service principal not found" errors and validation failures in Azure portal. 如果遇到这种麻烦,请参阅我们的故障排除文章获取缓解措施。If you hit this bump, please visit our troubleshooting article for mitigation.

  6. 在“身份验证”页上,配置以下选项:On the Authentication page, configure the following options:

    • 通过以下方式之一创建新的群集标识:Create a new cluster identity by either:
      • 在“身份验证”字段中保留“系统分配的托管标识”,或 Leaving the Authentication field with System-assinged managed identity, or
      • 选择“服务主体”以使用服务主体。Choosing Service Principal to use a service principal.
        • 选择“(新)默认服务主体”以创建默认服务主体,或Select (new) default service principal to create a default service principal, or
        • 选择“配置服务主体”以使用现有的服务主体。Select Configure service principal to use an existing one. 需要提供现有主体的 SPN 客户端 ID 和机密。You will need to provide the existing principal's SPN client ID and secret.
    • 启用 Kubernetes 基于角色的访问控制 (Kubernetes RBAC) 选项,以便更精细地控制对部署在 AKS 群集中的 Kubernetes 资源的访问权限。Enable the Kubernetes role-based access control (Kubernetes RBAC) option to provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.

    默认情况下将使用“基本”网络,并且会启用适用于容器的 Azure Monitor。By default, Basic networking is used, and Azure Monitor for containers is enabled.

  7. 验证完成后,依次单击“查看 + 创建”、“创建”。Click Review + create and then Create when validation completes.

  8. 创建 AKS 群集需要几分钟时间。It takes a few minutes to create the AKS cluster. 部署完成后,通过以下任一方式导航到你的资源:When your deployment is complete, navigate to your resource by either:

    • 单击“转到资源”,或Clicking Go to resource, or

    • 浏览到 AKS 群集资源组并选择 AKS 资源。Browsing to the AKS cluster resource group and selecting the AKS resource.

      • 下面显示了示例群集仪表板:浏览到“myResourceGroup”并选择“myAKSCluster”资源。 Per example cluster dashboard below: browsing for myResourceGroup and selecting myAKSCluster resource.

      Azure 门户中的示例 AKS 仪表板

连接到群集Connect to the cluster

若要管理 Kubernetes 群集,请使用 Kubernetes 命令行客户端 kubectlTo manage a Kubernetes cluster, use the Kubernetes command-line client, kubectl.

备注

若要在本地 shell 安装中执行这些操作:To perform these operations in a local shell installation:

  1. 验证是否已安装 Azure CLI。Verify Azure CLI is installed.
  2. 通过 az login 命令连接到 Azure。Connect to Azure via the az login command.

备注

请先运行 az cloud set -n AzureChinaCloud 更改云环境,然后才能在 Azure 中国中使用 Azure CLI。Before you can use Azure CLI in Azure China , please run az cloud set -n AzureChinaCloud first to change the cloud environment. 若要切换回 Azure 公有云,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Azure Public Cloud, run az cloud set -n AzureCloud again.

  1. 使用 az aks get-credentials 命令将 kubectl 配置为连接到你的 Kubernetes 群集。Configure kubectl to connect to your Kubernetes cluster using the az aks get-credentials command. 以下命令将下载凭据,并将 Kubernetes CLI 配置为使用这些凭据。The following command downloads credentials and configures the Kubernetes CLI to use them.

    az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
    
  2. 使用 kubectl get 命令返回群集节点的列表,以此验证与群集之间的连接。Verify the connection to your cluster using kubectl get to return a list of the cluster nodes.

    kubectl get nodes
    

    输出显示在上一步骤中创建的单个节点。Output shows the single node created in the previous steps. 确保节点状态为 ReadyMake sure the node status is Ready:

    NAME                       STATUS    ROLES     AGE       VERSION
    aks-agentpool-14693408-0   Ready     agent     15m       v1.11.5
    

运行应用程序Run the application

Kubernetes 清单文件定义群集的所需状态,例如,要运行哪些容器映像。A Kubernetes manifest file defines a cluster's desired state, like which container images to run.

在本快速入门中,你将使用清单来创建运行 Azure Vote 应用程序所需的所有对象。In this quickstart, you will use a manifest to create all objects needed to run the Azure Vote application. 此清单包含两个 Kubernetes 部署:This manifest includes two Kubernetes deployments:

  • 示例 Azure Vote Python 应用程序。The sample Azure Vote Python applications.
  • 一个 Redis 实例。A Redis instance.

此外,还会创建两个 Kubernetes 服务:Two Kubernetes Services are also created:

  • Redis 实例的内部服务。An internal service for the Redis instance.
  • 用于通过 Internet 访问 Azure Vote 应用程序的外部服务。An external service to access the Azure Vote application from the internet.
  1. 在本地 Shell 中,使用编辑器创建一个名为 azure-vote.yaml 的文件,例如:In the local Shell, use an editor to create a file named azure-vote.yaml, such as:

    • code azure-vote.yaml
    • nano azure-vote.yamlnano azure-vote.yaml, or
    • vi azure-vote.yaml.vi azure-vote.yaml.
  2. 复制以下 YAML 定义:Copy in the following YAML definition:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: azure-vote-back
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: azure-vote-back
      template:
        metadata:
          name: azure-vote-back
        spec:
          ports:
          - port: 6379
          selector:
            app: azure-vote-back
        ---
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: azure-vote-front
        spec:
          replicas: 1
          selector:
            matchLabels:
              app: azure-vote-front
          template:
            metadata:
              labels:
                app: azure-vote-front
            spec:
              nodeSelector:
                "beta.kubernetes.io/os": linux
              containers:
              - name: azure-vote-front
                image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
                resources:
                  requests:
                    cpu: 100m
                    memory: 128Mi
                  limits:
                    cpu: 250m
                    memory: 256Mi
                ports:
                - containerPort: 80
                env:
                - name: REDIS
                  value: "azure-vote-back"
        ---
        apiVersion: v1
        kind: Service
        metadata:
          name: azure-vote-front
        spec:
          type: LoadBalancer
          ports:
          - port: 80
          selector:
            app: azure-vote-front
    
  3. 使用 kubectl apply 命令部署应用程序,并指定 YAML 清单的名称:Deploy the application using the kubectl apply command and specify the name of your YAML manifest:

    kubectl apply -f azure-vote.yaml
    

    输出显示已成功创建的部署和服务:Output shows the successfully created deployments and services:

    deployment "azure-vote-back" created
    service "azure-vote-back" created
    deployment "azure-vote-front" created
    service "azure-vote-front" created
    

测试应用程序Test the application

应用程序运行时,Kubernetes 服务将向 Internet 公开应用程序前端。When the application runs, a Kubernetes service exposes the application front end to the internet. 此过程可能需要几分钟才能完成。This process can take a few minutes to complete.

若要监视进度,请将 kubectl get service 命令与 --watch 参数配合使用。To monitor progress, use the kubectl get service command with the --watch argument.

kubectl get service azure-vote-front --watch

azure-vote-front 服务的 EXTERNAL-IP 输出最初显示为 pendingThe EXTERNAL-IP output for the azure-vote-front service will initially show as pending.

NAME               TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
azure-vote-front   LoadBalancer   10.0.37.27   <pending>     80:30572/TCP   6s

EXTERNAL-IP 地址从 pending 更改为实际公共 IP 地址后,请使用 CTRL-C 来停止 kubectl 监视进程。Once the EXTERNAL-IP address changes from pending to an actual public IP address, use CTRL-C to stop the kubectl watch process. 以下示例输出显示向服务分配了有效的公共 IP 地址:The following example output shows a valid public IP address assigned to the service:

azure-vote-front   LoadBalancer   10.0.37.27   52.179.23.131   80:30572/TCP   2m

若要查看 Azure Vote 应用的实际效果,请打开 Web 浏览器并转到服务的外部 IP 地址。To see the Azure Vote app in action, open a web browser to the external IP address of your service.

浏览到 Azure Vote 示例应用程序的图像

监视运行状况和日志Monitor health and logs

创建群集后,适用于容器的 Azure Monitor 便已启用。When you created the cluster, Azure Monitor for containers was enabled. 用于容器的 Azure Monitor 提供 AKS 群集以及该群集上运行的 Pod 的运行状况指标。Azure Monitor for containers provides health metrics for both the AKS cluster and pods running on the cluster.

指标数据需在几分钟后才会填充到 Azure 门户中。Metric data takes a few minutes to populate in the Azure portal. 若要查看 Azure Vote Pod 的当前运行状况、运行时间和资源使用情况:To see current health status, uptime, and resource usage for the Azure Vote pods:

  1. 浏览回到 Azure 门户中的 AKS 资源。Browse back to the AKS resource in the Azure portal.
  2. 在左侧的“监视”下,选择“见解”。 Under Monitoring on the left-hand side, choose Insights.
  3. 在顶部选择“+ 添加筛选器”。Across the top, choose to + Add Filter.
  4. 选择“命名空间”作为属性,然后选择 <All but kube-system>Select Namespace as the property, then choose <All but kube-system>.
  5. 选择“容器”以查看容器。Select Containers to view them.

将显示 azure-vote-backazure-vote-front 容器,如以下示例中所示:The azure-vote-back and azure-vote-front containers will display, as shown in the following example:

查看在 AKS 中运行的容器的运行状况

若要查看 azure-vote-front Pod 的日志,请从容器下拉列表中选择“查看容器日志”。To view logs for the azure-vote-front pod, select View container logs from the containers list drop-down. 这些日志包括容器中的 stdoutstderr 流。These logs include the stdout and stderr streams from the container.

查看 AKS 中的容器日志

删除群集Delete cluster

为了避免产生 Azure 费用,请清理不需要的资源。To avoid Azure charges, clean up your unnecessary resources. 在 AKS 群集仪表板上选择“删除”按钮。Select the Delete button on the AKS cluster dashboard. 也可以在本地 Shell 中使用 az aks delete 命令:You can also use the az aks delete command in the local Shell:

az aks delete --resource-group myResourceGroup --name myAKSCluster --no-wait

备注

删除群集时,AKS 群集使用的 Azure Active Directory 服务主体不会被删除。When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. 有关如何删除服务主体的步骤,请参阅 AKS 服务主体的注意事项和删除For steps on how to remove the service principal, see AKS service principal considerations and deletion.

如果你使用了托管标识,则该标识由平台托管,不需要删除。If you used a managed identity, the identity is managed by the platform and does not require removal.

获取代码Get the code

本快速入门使用现有的容器映像创建了 Kubernetes 部署。Pre-existing container images were used in this quickstart to create a Kubernetes deployment. GitHub 上提供了相关的应用程序代码、Dockerfile 和 Kubernetes 清单文件。The related application code, Dockerfile, and Kubernetes manifest file are available on GitHub.

后续步骤Next steps

在本快速入门中,你部署了一个 Kubernetes 群集,然后在其中部署了多容器应用程序。In this quickstart, you deployed a Kubernetes cluster and then deployed a multi-container application to it. 访问 AKS 群集的 Kubernetes Web 仪表板。Access the Kubernetes web dashboard for your AKS cluster.

若要通过浏览完整的示例(包括构建应用程序、从 Azure 容器注册表进行部署、更新正在运行的应用程序,以及缩放和升级群集)来了解有关 AKS 的更多信息,请继续阅读 Kubernetes 群集教程。To learn more about AKS by walking through a complete example, including building an application, deploying from Azure Container Registry, updating a running application, and scaling and upgrading your cluster, continue to the Kubernetes cluster tutorial.