快速入门:使用 Azure 门户部署 Azure Kubernetes 服务 (AKS) 群集Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
Azure Kubernetes 服务 (AKS) 是可用于快速部署和管理群集的托管式 Kubernetes 服务。Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage clusters. 本快速入门介绍如何使用 Azure 门户部署 AKS 群集。In this quickstart, you deploy an AKS cluster using the Azure portal. 该群集中将运行一个包含 Web 前端和 Redis 实例的多容器应用程序。A multi-container application that includes a web front end and a Redis instance is run in the cluster. 然后,你将了解如何监视群集的运行状况,以及监视运行该应用程序的 Pod。You then see how to monitor the health of the cluster and pods that run your application.
本快速入门假设读者基本了解 Kubernetes 的概念。This quickstart assumes a basic understanding of Kubernetes concepts. 有关详细信息,请参阅 Azure Kubernetes 服务 (AKS) 的 Kubernetes 核心概念。For more information, see Kubernetes core concepts for Azure Kubernetes Service (AKS).
如果没有 Azure 订阅,请在开始前创建一个试用订阅。If you don't have an Azure subscription, create a Trial Subscription before you begin.
登录 AzureSign in to Azure
在 https://portal.azure.cn 中登录 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.
创建 AKS 群集Create an AKS cluster
若要创建 AKS 群集,请完成以下步骤:To create an AKS cluster, complete the following steps:
在 Azure 门户菜单或 主页 上,选择“创建资源”,键入“Kubernetes 服务”并在“新建”页中选择 Enter 键,然后在“市场”页中选择“Kubernetes 服务”。On the Azure portal menu or from the Home page, select Create a resource, type Kubernetes Service and select the Enter key in New page, and select Kubernetes Service in Marketplace page.
在“基本信息”页面上,配置以下选项:On the Basics page, configure the following options:
- 项目详细信息:选择 Azure 订阅,然后选择或创建 Azure 资源组,例如 myResourceGroup。Project details: Select an Azure Subscription, then select or create an Azure Resource group, such as myResourceGroup.
- 群集详细信息:输入 Kubernetes 群集名称,例如 myAKSCluster。Cluster details: Enter a Kubernetes cluster name, such as myAKSCluster. 选择 AKS 群集的“区域”和“Kubernetes 版本” 。Select a Region and Kubernetes version for the AKS cluster.
- 主节点池:选择 AKS 节点的 VM 节点大小。Primary node pool: Select a VM Node size for the AKS nodes. 一旦部署 AKS 群集,则不能更改 VM 大小。The VM size can't be changed once an AKS cluster has been deployed.
- 选择要部署到群集中的节点数。Select the number of nodes to deploy into the cluster. 对于本快速入门,请将“节点计数”设置为“1”。For this quickstart, set Node count to 1. 部署群集后,可以调整节点计数。Node count can be adjusted after the cluster has been deployed.
在完成时选择“下一步:节点池”。Select Next: Node pools when complete.
在“节点池”页上,保留默认选项。On the Node pools page, keep the default options. 单击屏幕底部的“下一步:身份验证”。At the bottom of the screen, click Next: Authentication.
注意
创建新的 AAD 服务主体可能需要几分钟的时间才能传播并变得可用,这样会导致 Azure 门户中出现“找不到服务主体”错误和验证失败。Creating new AAD Service Principals may take multiple minutes to propagate and become available causing Service Principal not found errors and validation failures in Azure portal. 如果遇到这种情况,请访问此处进行缓解。If you hit this please visit here for mitigation.
在“身份验证”页上,配置以下选项:On the Authentication page, configure the following options:
- 将“服务主体”字段保留为“(新)默认服务主体”以创建新的服务主体。Create a new service principal by leaving the Service Principal field with (new) default service principal. 或者,可以选择“配置服务主体”以使用现有的服务主体。Or you can choose Configure service principal to use an existing one. 如果使用现有的服务主体,则需要提供 SPN 客户端 ID 和机密。If you use an existing one, you will need to provide the SPN client ID and secret.
- 启用 Kubernetes 基于角色的访问控制 (Kubernetes RBAC) 所对应的选项。Enable the option for Kubernetes role-based access control (Kubernetes RBAC). 这样可以对部署在 AKS 群集中的 Kubernetes 资源进行更精细的访问控制。This will provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.
或者,可以使用托管标识而不是服务主体。Alternatively, you can use a managed identity instead of a service principal. 有关详细信息,请参阅使用托管标识。See use managed identities for more information.
默认情况下将使用“基本”网络,并且会启用适用于容器的 Azure Monitor。By default, Basic networking is used, and Azure Monitor for containers is enabled. 验证完成后,依次单击“查看 + 创建”、“创建”。Click Review + create and then Create when validation completes.
创建 AKS 群集需要几分钟时间。It takes a few minutes to create the AKS cluster. 完成部署后,单击“转到资源”,或浏览到 AKS 群集资源组(如 myResourceGroup),然后选择 AKS 资源(如 myAKSCluster)。When your deployment is complete, click Go to resource, or browse to the AKS cluster resource group, such as myResourceGroup, and select the AKS resource, such as myAKSCluster. 此时会显示 AKS 群集仪表板,如以下示例所示:The AKS cluster dashboard is shown, as in this example:
连接到群集Connect to the cluster
若要管理 Kubernetes 群集,请使用 Kubernetes 命令行客户端 kubectl。To manage a Kubernetes cluster, you use kubectl, the Kubernetes command-line client.
若要将 kubectl 配置为连接到 Kubernetes 群集,请使用 az aks get-credentials 命令。To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command. 此命令将下载凭据,并将 Kubernetes CLI 配置为使用这些凭据。This command downloads credentials and configures the Kubernetes CLI to use them. 以下示例获取名为 myResourceGroup 的资源组中群集名称 myAKSCluster 的凭据:The following example gets credentials for the cluster name myAKSCluster in the resource group named myResourceGroup:
备注
在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloud。If you want to switch back to Global Azure, run az cloud set -n AzureCloud again.
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
若要验证到群集的连接,请使用 kubectl get 命令返回群集节点列表。To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes.
kubectl get nodes
以下示例输出显示在上一步创建的单个节点。The following example output shows the single node created in the previous steps. 请确保节点的状态为 Ready:Make sure that the status of the node is Ready:
NAME STATUS ROLES AGE VERSION
aks-agentpool-14693408-0 Ready agent 15m v1.11.5
运行应用程序Run the application
Kubernetes 清单文件定义群集的所需状态,例如,要运行哪些容器映像。A Kubernetes manifest file defines a desired state for the cluster, such as what container images to run. 在本快速入门中,清单用于创建运行 Azure Vote 应用程序所需的所有对象。In this quickstart, a manifest is used to create all objects needed to run the Azure Vote application. 此清单包括两个 Kubernetes 部署 - 一个用于 Azure Vote Python 示例应用程序,另一个用于 Redis 实例。This manifest includes two Kubernetes deployments - one for the sample Azure Vote Python applications, and the other for a Redis instance. 此外,还会创建两个 Kubernetes 服务 - 一个内部服务用于 Redis 实例,一个外部服务用于从 Internet 访问 Azure Vote 应用程序。Two Kubernetes Services are also created - an internal service for the Redis instance, and an external service to access the Azure Vote application from the internet.
在本地 Shell 中,使用编辑器创建一个名为 azure-vote.yaml 的文件,如 code azure-vote.yaml、nano azure-vote.yaml 或 vi azure-vote.yaml。In the local Shell, use an editor to create a file named azure-vote.yaml, such as code azure-vote.yaml, nano azure-vote.yaml or vi azure-vote.yaml. 然后复制以下 YAML 定义:Then copy in the following YAML definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: azure-vote-back
spec:
replicas: 1
selector:
matchLabels:
app: azure-vote-back
template:
metadata:
labels:
app: azure-vote-back
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: azure-vote-back
image: mcr.microsoft.com/oss/bitnami/redis:6.0.8
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 6379
name: redis
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-back
spec:
ports:
- port: 6379
selector:
app: azure-vote-back
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: azure-vote-front
spec:
replicas: 1
selector:
matchLabels:
app: azure-vote-front
template:
metadata:
labels:
app: azure-vote-front
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: azure-vote-front
image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 80
env:
- name: REDIS
value: "azure-vote-back"
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-front
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: azure-vote-front
使用 kubectl apply 命令部署应用程序,并指定 YAML 清单的名称:Deploy the application using the kubectl apply command and specify the name of your YAML manifest:
kubectl apply -f azure-vote.yaml
以下示例输出显示已成功创建了部署和服务:The following example output shows the Deployments and Services created successfully:
deployment "azure-vote-back" created
service "azure-vote-back" created
deployment "azure-vote-front" created
service "azure-vote-front" created
测试应用程序Test the application
应用程序运行时,Kubernetes 服务将向 Internet 公开应用程序前端。When the application runs, a Kubernetes service exposes the application front end to the internet. 此过程可能需要几分钟才能完成。This process can take a few minutes to complete.
若要监视进度,请将 kubectl get service 命令与 --watch 参数配合使用。To monitor progress, use the kubectl get service command with the --watch argument.
kubectl get service azure-vote-front --watch
最初,azure-vote-front 服务的 EXTERNAL-IP 显示为 pending。Initially the EXTERNAL-IP for the azure-vote-front service is shown as pending.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
azure-vote-front LoadBalancer 10.0.37.27 <pending> 80:30572/TCP 6s
当 EXTERNAL-IP 地址从 pending 更改为实际公共 IP 地址时,请使用 CTRL-C 停止 kubectl 监视进程。When the EXTERNAL-IP address changes from pending to an actual public IP address, use CTRL-C to stop the kubectl watch process. 以下示例输出显示向服务分配了有效的公共 IP 地址:The following example output shows a valid public IP address assigned to the service:
azure-vote-front LoadBalancer 10.0.37.27 52.179.23.131 80:30572/TCP 2m
若要查看 Azure Vote 应用的实际效果,请打开 Web 浏览器并转到服务的外部 IP 地址。To see the Azure Vote app in action, open a web browser to the external IP address of your service.
监视运行状况和日志Monitor health and logs
创建群集后,适用于容器的 Azure Monitor 便已启用。When you created the cluster, Azure Monitor for containers was enabled. 此监视功能为 AKS 群集以及群集上运行的 Pod 提供运行状况指标。This monitoring feature provides health metrics for both the AKS cluster and pods running on the cluster.
在 Azure 门户中填充此数据可能需要几分钟。It may take a few minutes for this data to populate in the Azure portal. 若要查看 Azure Vote Pod 的当前状态、运行时间和资源使用情况,请浏览回到 Azure 门户中的 AKS 资源,例如 myAKSCluster。To see current status, uptime, and resource usage for the Azure Vote pods, browse back to the AKS resource in the Azure portal, such as myAKSCluster. 然后可以访问运行状况,如下所示:You can then access the health status as follows:
- 在左侧的“监视”下,选择“见解”Under Monitoring on the left-hand side, choose Insights
- 在顶部,选择“+ 添加筛选器”Across the top, choose to + Add Filter
- 选择“命名空间”作为属性,然后选择 <All but kube-system>Select Namespace as the property, then choose <All but kube-system>
- 选择查看“容器”。Choose to view the Containers.
将显示 azure-vote-back 和 azure-vote-front 容器,如下面的示例中所示:The azure-vote-back and azure-vote-front containers are displayed, as shown in the following example:
若要查看 azure-vote-front Pod 的日志,请从容器列表的下拉列表中选择“查看容器日志”。To see logs for the azure-vote-front pod, select the View container logs from the drop down of the containers list. 这些日志包括容器中的 stdout 和 stderr 流。These logs include the stdout and stderr streams from the container.
删除群集Delete cluster
不再需要群集时,可以删除群集资源,这会一并删除所有关联的资源。When the cluster is no longer needed, delete the cluster resource, which deletes all associated resources. 选择 AKS 群集仪表板上的“删除”按钮即可在 Azure 门户中完成此操作。This operation can be completed in the Azure portal by selecting the Delete button on the AKS cluster dashboard. 也可在本地 Shell 中使用 az aks delete 命令:Alternatively, the az aks delete command can be used in the local Shell:
az aks delete --resource-group myResourceGroup --name myAKSCluster --no-wait
备注
删除群集时,AKS 群集使用的 Azure Active Directory 服务主体不会被删除。When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. 有关如何删除服务主体的步骤,请参阅 AKS 服务主体的注意事项和删除。For steps on how to remove the service principal, see AKS service principal considerations and deletion. 如果你使用了托管标识,则该标识由平台托管,不需要删除。If you used a managed identity, the identity is managed by the platform and does not require removal.
获取代码Get the code
本快速入门使用预先创建的容器映像创建了 Kubernetes 部署。In this quickstart, pre-created container images were used to create a Kubernetes deployment. GitHub 上提供了相关的应用程序代码、Dockerfile 和 Kubernetes 清单文件。The related application code, Dockerfile, and Kubernetes manifest file are available on GitHub.
https://github.com/Azure-Samples/azure-voting-app-redis
后续步骤Next steps
在本快速入门中,部署了 Kubernetes 群集,并向该群集部署了多容器应用程序。In this quickstart, you deployed a Kubernetes cluster and deployed a multi-container application to it.
若要详细了解 AKS 并演练部署示例的完整代码,请继续阅读“Kubernetes 群集”教程。To learn more about AKS, and walk through a complete code to deployment example, continue to the Kubernetes cluster tutorial.