为 AKS 群集禁用并重新启用 AGIC 加载项Disable and re-enable AGIC add-on for your AKS cluster

部署为 AKS 加载项的应用程序网关入口控制器 (AGIC) 允许你在 Azure CLI 中通过一行命令来启用和禁用该加载项。Application Gateway Ingress Controller (AGIC) deployed as an AKS add-on allows you to enable and disable the add-on with one line in Azure CLI. 禁用 AGIC 加载项时,应用程序网关的生命周期将有所不同,具体取决于应用程序网关是由 AGIC 加载项创建的,还是独立于 AGIC 加载项进行部署的。The life cycle of the Application Gateway will differ when you disable the AGIC add-on, depending on if the Application Gateway was created by the AGIC add-on, or if it was deployed separately from the AGIC add-on. 如果你禁用了 AGIC 加载项,则可运行相同的命令来重新启用它,或者使用现有的 AKS 群集和应用程序网关来启用它。You can run the same command to re-enable the AGIC add-on if you ever disable it, or to enable the AGIC add-on using an existing AKS cluster and Application Gateway.

禁用具有关联的应用程序网关的 AGIC 加载项Disabling AGIC add-on with associated Application Gateway

如果在你首次设置所有内容时,AGIC 加载项自动部署了应用程序网关,则禁用 AGIC 加载项默认情况下会根据几个条件删除应用程序网关。If the AGIC add-on automatically deployed the Application Gateway for you when you first set everything up, then disabling the AGIC add-on will by default delete the Application Gateway based on a couple criteria. 当你禁用 AGIC 加载项时,它将查找两个条件来确定是否应删除关联的应用程序网关:There are two criteria that the AGIC add-on looks for to determine if it should delete the associated Application Gateway when you disable it:

  • 与 AGIC 加载项关联的应用程序网关是否部署在 MC_* 节点资源组中?Is the Application Gateway that the AGIC add-on is associated with deployed in the MC_* node resource group?
  • 与 AGIC 加载项关联的应用程序网关是否具有“created-by: ingress-appgw”标记?Does the Application Gateway that the AGIC add-on is associated with have the tag "created-by: ingress-appgw"? AGIC 使用该标记来确定应用程序网关是否是由该加载项部署的。The tag is used by AGIC to determine if the Application Gateway was deployed by the add-on or not.

如果同时满足这两个条件,则 AGIC 加载项在被禁用时将删除其创建的应用程序网关;但是,它不会删除通过其/在其中部署了应用程序网关的公共 IP 或子网。If both criteria are met, then the AGIC add-on will delete the Application Gateway it created when the add-on is disabled; however, it won't delete the public IP or the subnet in which the Application Gateway was deployed with/in. 如果不满足第一个条件,则应用程序网关是否具有“created-by: ingress-appgw”标记将无关紧要 - 禁用该加载项不会删除应用程序网关。If the first criteria is not met, then it won't matter if the Application Gateway has the "created-by: ingress-appgw" tag - disabling the add-on won't delete the Application Gateway. 同样,如果不满足第二个条件(即,应用程序网关没有该标记),则禁用加载项不会删除 MC_ * 节点资源组中的应用程序网关。Likewise, if the second criteria is not met, i.e. the Application Gateway lacks that tag, then disabling the add-on won't delete the Application Gateway in the MC_* node resource group.

提示

如果你不希望在禁用该加载项时删除应用程序网关,但它同时满足这两个条件,则请删除“created-by: ingress-appgw”标记,以防加载项删除你的应用程序网关。If you don't want the Application Gateway to be deleted when disabling the add-on, but it meets both criteria then remove the "created-by: ingress-appgw" tag to prevent the add-on from deleting your Application Gateway.

若要禁用 AGIC 加载项,请运行以下命令:To disable the AGIC add-on, run the following command:

az aks disable-addons -n <AKS-cluster-name> -g <AKS-resource-group-name> -a ingress-appgw 

在现有的应用程序网关和 AKS 群集上启用 AGIC 加载项Enable AGIC add-on on existing Application Gateway and AKS Cluster

如果你禁用了 AGIC 加载项并需要重新启用该加载项,或者想要使用现有应用程序网关和 AKS 群集启用该加载项,则请运行以下命令:If you ever disable the AGIC add-on and need to re-enable the add-on, or want to enable the add-on using an existing Application Gateway and AKS cluster, then run the following command:

appgwId=$(az network application-gateway show -n <application-gateway-name> -g <resource-group-name> -o tsv --query "id") 
az aks enable-addons -n <AKS-cluster-name> -g <AKS-cluster-resource-group> -a ingress-appgw --appgw-id $appgwId

后续步骤Next steps

若要更详细地了解如何使用现有应用程序网关和 AKS 群集来启用 AGIC 加载项,请参阅 AGIC 加载项的“棕色地带”部署For more details on how to enable the AGIC add-on using an existing Application Gateway and AKS cluster, see AGIC add-on brownfield deployment.