使用 Azure CLI 在 Azure Kubernetes 服务 (AKS) 群集上创建 Windows Server 容器Create a Windows Server container on an Azure Kubernetes Service (AKS) cluster using the Azure CLI

Azure Kubernetes 服务 (AKS) 是可用于快速部署和管理群集的托管式 Kubernetes 服务。Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage clusters. 本文介绍如何使用 Azure CLI 部署 AKS 群集。In this article, you deploy an AKS cluster using the Azure CLI. 还可将 Windows Server 容器中的 ASP.NET 示例应用程序部署到群集。You also deploy an ASP.NET sample application in a Windows Server container to the cluster.

浏览到 ASP.NET 示例应用程序的图像

本文假定你对 Kubernetes 概念有基本的了解。This article assumes a basic understanding of Kubernetes concepts. 有关详细信息,请参阅 Azure Kubernetes 服务 (AKS) 的 Kubernetes 核心概念For more information, see Kubernetes core concepts for Azure Kubernetes Service (AKS).

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

备注

在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

限制Limitations

创建和管理支持多个节点池的 AKS 群集时存在以下限制:The following limitations apply when you create and manage AKS clusters that support multiple node pools:

  • 无法删除第一个节点池。You can't delete the first node pool.

Windows Server 节点池存在以下额外限制:The following additional limitations apply to Windows Server node pools:

  • AKS 群集最多可以包含 10 个节点池。The AKS cluster can have a maximum of 10 node pools.
  • AKS 群集的每个节点池最多可以包含 100 个节点。The AKS cluster can have a maximum of 100 nodes in each node pool.
  • Windows Server 节点池名称具有 6 个字符的限制。The Windows Server node pool name has a limit of 6 characters.

创建资源组Create a resource group

Azure 资源组是一个逻辑组,用于部署和管理 Azure 资源。An Azure resource group is a logical group in which Azure resources are deployed and managed. 创建资源组时,系统会要求你指定一个位置,When you create a resource group, you are asked to specify a location. 此位置是资源组元数据的存储位置,如果你在创建资源期间未指定另一个区域,则它还是你的资源在 Azure 中的运行位置。This location is where resource group metadata is stored, it is also where your resources run in Azure if you don't specify another region during resource creation. 使用 az group create 命令创建资源组。Create a resource group using the az group create command.

以下示例在“chinaeast2”位置创建名为“myResourceGroup”的资源组。The following example creates a resource group named myResourceGroup in the chinaeast2 location.

az group create --name myResourceGroup --location chinaeast2

以下示例输出显示已成功创建资源组:The following example output shows the resource group created successfully:

{
  "id": "/subscriptions/<guid>/resourceGroups/myResourceGroup",
  "location": "chinaeast2",
  "managedBy": null,
  "name": "myResourceGroup",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": null
}

创建 AKS 群集Create an AKS cluster

若要运行支持 Windows Server 容器的节点池的 AKS 群集,群集需要采用使用 Azure CNI(高级)网络插件的网络策略。To run an AKS cluster that supports node pools for Windows Server containers, your cluster needs to use a network policy that uses Azure CNI (advanced) network plugin. 有关帮助计划所需子网范围和网络注意事项的更多详细信息,请参阅配置 Azure CNI 网络For more detailed information to help plan out the required subnet ranges and network considerations, see configure Azure CNI networking. 使用 az aks create 命令创建名为 myAKSCluster 的 AKS 群集。Use the az aks create command to create an AKS cluster named myAKSCluster. 此命令将创建必要的网络资源(如果这些资源不存在)。This command will create the necessary network resources if they don't exist.

  • 集群配置了两个节点The cluster is configured with two nodes
  • Windows-admin-password 和 windows-admin-username 参数为群集上创建的任何 Windows Server 容器设置管理员凭据,并且必须满足 Windows Server 密码要求The windows-admin-password and windows-admin-username parameters set the admin credentials for any Windows Server containers created on the cluster and must meet Windows Server password requirements.
  • 节点池使用 VirtualMachineScaleSetsThe node pool uses VirtualMachineScaleSets

备注

为确保群集可靠运行,应在默认节点池中至少运行 2(两)个节点。To ensure your cluster to operate reliably, you should run at least 2 (two) nodes in the default node pool.

提供自己的安全 PASSWORD_WIN(请注意,本文中的命令是输入到 BASH shell 中):Provide your own secure PASSWORD_WIN (remember that the commands in this article are entered into a BASH shell):

PASSWORD_WIN="P@ssw0rd1234"

az aks create \
    --resource-group myResourceGroup \
    --name myAKSCluster \
    --node-count 2 \
    --enable-addons monitoring \
    --generate-ssh-keys \
    --windows-admin-password $PASSWORD_WIN \
    --windows-admin-username azureuser \
    --vm-set-type VirtualMachineScaleSets \
    --network-plugin azure

备注

如果出现密码验证错误,请验证 windows-admin-password 参数是否符合 Windows Server 密码要求If you get a password validation error, verify the windows-admin-password parameter meets the Windows Server password requirements. 如果密码符合要求,请尝试在另一个区域中创建资源组。If your password meets the requirements, try creating your resource group in another region. 然后尝试创建包含新资源组的群集。Then try creating the cluster with the new resource group.

片刻之后,该命令将会完成,并返回有关群集的 JSON 格式信息。After a few minutes, the command completes and returns JSON-formatted information about the cluster. 有时,预配群集所需的时间可能不止几分钟。Occasionally the cluster can take longer than a few minutes to provision. 在这种情况下,最多需要 10 分钟。Allow up to 10 minutes in these cases.

添加 Windows Server 节点池Add a Windows Server node pool

默认情况下,将使用可运行 Linux 容器的节点池创建 AKS 群集。By default, an AKS cluster is created with a node pool that can run Linux containers. 使用 az aks nodepool add 命令添加可与 Linux 节点池一同运行 Windows Server 容器的其他节点池。Use az aks nodepool add command to add an additional node pool that can run Windows Server containers alongside the Linux node pool.

az aks nodepool add \
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --os-type Windows \
    --name npwin \
    --node-count 1

上述命令将创建名为 npwin 的新节点池,并将其添加到 myAKSCluster 。The above command creates a new node pool named npwin and adds it to the myAKSCluster. 创建节点池以运行 Windows Server 容器时,node-vm-size 的默认值为 Standard_D2s_v3 。When creating a node pool to run Windows Server containers, the default value for node-vm-size is Standard_D2s_v3. 如果选择设置 node-vm-size 参数,请检查受限 VM 大小的列表。If you choose to set the node-vm-size parameter, please check the list of restricted VM sizes. 最小推荐大小为 Standard_D2s_v3。The minimum recommended size is Standard_D2s_v3. 上述命令还使用运行 az aks create 时创建的默认 VNet 中的默认子网。The above command also uses the default subnet in the default vnet created when running az aks create.

连接至群集Connect to the cluster

若要管理 Kubernetes 群集,请使用 Kubernetes 命令行客户端 kubectlTo manage a Kubernetes cluster, you use kubectl, the Kubernetes command-line client. 若要在本地安装 kubectl,请使用 az aks install-cli 命令:To install kubectl locally, use the az aks install-cli command:

az aks install-cli

若要将 kubectl 配置为连接到 Kubernetes 群集,请使用 az aks get-credentials 命令。To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command. 此命令将下载凭据,并将 Kubernetes CLI 配置为使用这些凭据。This command downloads credentials and configures the Kubernetes CLI to use them.

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

若要验证到群集的连接,请使用 kubectl get 命令返回群集节点列表。To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes.

kubectl get nodes

以下示例输出显示了群集中的所有节点。The following example output shows the all the nodes in the cluster. 请确保所有节点的状态均为“就绪”:Make sure that the status of all nodes is Ready:

NAME                                STATUS   ROLES   AGE    VERSION
aks-nodepool1-12345678-vmssfedcba   Ready    agent   13m    v1.16.9
aksnpwin987654                      Ready    agent   108s   v1.16.9

运行应用程序Run the application

Kubernetes 清单文件定义群集的所需状态,例如,要运行哪些容器映像。A Kubernetes manifest file defines a desired state for the cluster, such as what container images to run. 在本文中,清单用于创建在 Windows Server 容器中运行 ASP.NET 示例应用程序所需的所有对象。In this article, a manifest is used to create all objects needed to run the ASP.NET sample application in a Windows Server container. 此清单包括用于 ASP.NET 示例应用程序的 Kubernetes 部署,以及用于从 Internet 访问应用程序的外部 Kubernetes 服务This manifest includes a Kubernetes deployment for the ASP.NET sample application and an external Kubernetes service to access the application from the internet.

ASP.NET 示例应用程序作为 .NET Framework 示例的一部分提供并在 Windows Server 容器中运行。The ASP.NET sample application is provided as part of the .NET Framework Samples and runs in a Windows Server container. AKS 要求 Windows Server 容器基于 Windows Server 2019 或更高版本的映像。AKS requires Windows Server containers to be based on images of Windows Server 2019 or greater. Kubernetes 清单文件还必须定义节点选择器,以指示 AKS 群集在可运行 Windows Server 容器的节点上运行 ASP.NET 示例应用程序的 Pod。The Kubernetes manifest file must also define a node selector to tell your AKS cluster to run your ASP.NET sample application's pod on a node that can run Windows Server containers.

创建名为 sample.yaml 的文件,并将其复制到以下 YAML 定义中。Create a file named sample.yaml and copy in the following YAML definition. 如果使用 Azure 本地 Shell,则可以使用 vinano 来创建此文件,就像在虚拟或物理系统中操作一样:If you use the Azure local Shell, this file can be created using vi or nano as if working on a virtual or physical system:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sample
  labels:
    app: sample
spec:
  replicas: 1
  template:
    metadata:
      name: sample
      labels:
        app: sample
    spec:
      nodeSelector:
        "beta.kubernetes.io/os": windows
      containers:
      - name: sample
        image: mcr.microsoft.com/dotnet/framework/samples:aspnetapp
        resources:
          limits:
            cpu: 1
            memory: 800M
          requests:
            cpu: .1
            memory: 300M
        ports:
          - containerPort: 80
  selector:
    matchLabels:
      app: sample
---
apiVersion: v1
kind: Service
metadata:
  name: sample
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 80
  selector:
    app: sample

使用 kubectl apply 命令部署应用程序,并指定 YAML 清单的名称:Deploy the application using the kubectl apply command and specify the name of your YAML manifest:

kubectl apply -f sample.yaml

以下示例输出显示已成功创建部署和服务:The following example output shows the Deployment and Service created successfully:

deployment.apps/sample created
service/sample created

测试应用程序Test the application

应用程序运行时,Kubernetes 服务将向 Internet 公开应用程序前端。When the application runs, a Kubernetes service exposes the application front end to the internet. 此过程可能需要几分钟才能完成。This process can take a few minutes to complete. 有时,预配服务所需的时间可能不止几分钟。Occasionally the service can take longer than a few minutes to provision. 在这种情况下,最多需要 10 分钟。Allow up to 10 minutes in these cases.

若要监视进度,请将 kubectl get service 命令与 --watch 参数配合使用。To monitor progress, use the kubectl get service command with the --watch argument.

kubectl get service sample --watch

最初,示例服务的 EXTERNAL-IP 显示为“挂起” 。Initially the EXTERNAL-IP for the sample service is shown as pending.

NAME               TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
sample             LoadBalancer   10.0.37.27   <pending>     80:30572/TCP   6s

EXTERNAL-IP 地址从 pending 更改为实际公共 IP 地址时,请使用 CTRL-C 停止 kubectl 监视进程。When the EXTERNAL-IP address changes from pending to an actual public IP address, use CTRL-C to stop the kubectl watch process. 以下示例输出显示向服务分配了有效的公共 IP 地址:The following example output shows a valid public IP address assigned to the service:

sample  LoadBalancer   10.0.37.27   52.179.23.131   80:30572/TCP   2m

若要查看示例应用的实际效果,请打开 Web 浏览器并转到服务的外部 IP 地址。To see the sample app in action, open a web browser to the external IP address of your service.

浏览到 ASP.NET 示例应用程序的图像

备注

如果尝试加载页面时收到连接超时消息,则应使用以下命令 [kubectl get pods --watch] 验证示例应用是否已准备就绪。If you receive a connection timeout when trying to load the page then you should verify the sample app is ready with the following command [kubectl get pods --watch]. 有时,当你的外部 IP 地址可用时,Windows 容器将无法启动。Sometimes the windows container will not be started by the time your external IP address is available.

删除群集Delete cluster

如果不再需要群集,可以使用 az group delete 命令删除资源组、容器服务及所有相关资源。When the cluster is no longer needed, use the az group delete command to remove the resource group, container service, and all related resources.

az group delete --name myResourceGroup --yes --no-wait

备注

删除群集时,AKS 群集使用的 Azure Active Directory 服务主体不会被删除。When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. 有关如何删除服务主体的步骤,请参阅 AKS 服务主体的注意事项和删除For steps on how to remove the service principal, see AKS service principal considerations and deletion. 如果你使用了托管标识,则该标识由平台托管,不需要删除。If you used a managed identity, the identity is managed by the platform and does not require removal.

后续步骤Next steps

本文介绍了如何部署 Kubernetes 群集,以及如何将 Windows Server 容器中的 ASP.NET 示例应用程序部署到该群集。In this article, you deployed a Kubernetes cluster and deployed an ASP.NET sample application in a Windows Server container to it. 访问刚刚创建的群集的 Kubernetes Web 仪表板Access the Kubernetes web dashboard for the cluster you just created.

若要详细了解 AKS 并演练部署示例的完整代码,请继续阅读“Kubernetes 群集”教程。To learn more about AKS, and walk through a complete code to deployment example, continue to the Kubernetes cluster tutorial.