教程:使用新的应用程序网关实例为新的 AKS 群集启用入口控制器加载项(预览版)Tutorial: Enable the Ingress Controller add-on (preview) for a new AKS cluster with a new Application Gateway instance

你可以使用 Azure CLI 为 Azure Kubernetes 服务 (AKS) 群集启用应用程序网关入口控制器 (AGIC) 加载项。You can use the Azure CLI to enable the Application Gateway Ingress Controller (AGIC) add-on for an Azure Kubernetes Services (AKS) cluster. 此加载项目前以预览版提供。The add-on is currently in preview.

在本教程中,你将创建一个启用 AGIC 加载项的 AKS 群集。In this tutorial, you'll create an AKS cluster with the AGIC add-on enabled. 创建群集时,将自动创建要使用的 Azure 应用程序网关实例。Creating the cluster will automatically create an Azure Application Gateway instance to use. 然后将部署一个示例应用程序,该应用程序将利用该加载项通过应用程序网关公开应用程序。You'll then deploy a sample application that will use the add-on to expose the application through Application Gateway.

此加载项为 AKS 群集提供了一种比之前通过 Helm 进行部署快得多的 AGIC 部署方法。The add-on provides a much faster way to deploy AGIC for your AKS cluster than previously through Helm. 它还提供了完全托管体验。It also offers a fully managed experience.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 创建资源组。Create a resource group.
  • 创建启用 AGIC 加载项的新 AKS 群集。Create a new AKS cluster with the AGIC add-on enabled.
  • 在 AKS 群集上部署将 AGIC 用于入口的示例应用程序。Deploy a sample application by using AGIC for ingress on the AKS cluster.
  • 检查是否可以通过应用程序网关访问应用程序。Check that the application is reachable through Application Gateway.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

先决条件Prerequisites

如果选择在本地安装并使用 CLI,本教程要求运行 Azure CLI 2.0.4 或更高版本。If you choose to install and use the CLI locally, this tutorial requires you to run Azure CLI version 2.0.4 or later. 要查找版本,请运行 az --versionTo find the version, run az --version. 如需进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install the Azure CLI.

若要注册 AKS-IngressApplicationGatewayAddon 功能标志,请使用 az feature register 命令,如以下示例所示:Register the AKS-IngressApplicationGatewayAddon feature flag by using the az feature register command as shown in the following example. 当该加载项仍处于预览阶段时,对于每个订阅,只需执行此操作一次。You'll need to do this only once per subscription while the add-on is still in preview.

az feature register --name AKS-IngressApplicationGatewayAddon --namespace Microsoft.ContainerService

可能需要花费几分钟时间,状态才会显示为“Registered”。It might take a few minutes for the status to show Registered. 可以使用 az feature list 命令来检查注册状态:You can check the registration status by using the az feature list command:

az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AKS-IngressApplicationGatewayAddon')].{Name:name,State:properties.state}"

准备就绪后,使用 az provider register 命令刷新 Microsoft.ContainerService 资源提供程序的注册状态:When you're ready, refresh the registration of the Microsoft.ContainerService resource provider by using the az provider register command:

az provider register --namespace Microsoft.ContainerService

安装或更新本教程的 aks-preview 扩展。Install or update the aks-preview extension for this tutorial. 运行以下 Azure CLI 命令:Use the following Azure CLI commands:

az extension add --name aks-preview
az extension list
az extension update --name aks-preview
az extension list

创建资源组Create a resource group

在 Azure 中,可将相关的资源分配到资源组。In Azure, you allocate related resources to a resource group. 使用 az group create 创建资源组。Create a resource group by using az group create. 下面的示例在 canadacentral 位置(区域)创建名为 myResourceGroup 的资源组 :The following example creates a resource group named myResourceGroup in the canadacentral location (region):

az group create --name myResourceGroup --location canadacentral

部署启用了加载项的 AKS 群集Deploy an AKS cluster with the add-on enabled

现在将部署启用了 AGIC 加载项的新 AKS 群集。You'll now deploy a new AKS cluster with the AGIC add-on enabled. 如果你未提供要在此过程中使用的现有应用程序网关实例,我们将自动创建并设置新的应用程序网关实例,用于向 AKS 群集提供流量。If you don't provide an existing Application Gateway instance to use in this process, we'll automatically create and set up a new Application Gateway instance to serve traffic to the AKS cluster.

备注

应用程序网关入口控制器加载项仅支持应用程序网关 v2 SKU(标准版和 WAF 版),不支持应用程序网关 v1 SKU 。The Application Gateway Ingress Controller add-on supports only Application Gateway v2 SKUs (Standard and WAF), and not the Application Gateway v1 SKUs. 通过 AGIC 加载项部署新的应用程序网关实例时,只能部署应用程序网关 Standard_v2 SKU。When you're deploying a new Application Gateway instance through the AGIC add-on, you can deploy only an Application Gateway Standard_v2 SKU. 如果要为应用程序网关 WAF_v2 SKU 启用该加载项,请使用以下方法之一:If you want to enable the add-on for an Application Gateway WAF_v2 SKU, use either of these methods:

下面的示例将使用 Azure CNI托管标识部署名为 myCluster 的新 AKS 群集。In the following example, you'll deploy a new AKS cluster named myCluster by using Azure CNI and managed identities. 还将在创建的 myResourceGroup 资源组中启用 AGIC 加载项。The AGIC add-on will be enabled in the resource group that you created, myResourceGroup.

如果在未指定现有应用程序网关实例的情况下部署启用 AGIC 加载项的新 AKS 群集,则将自动创建 Standard_v2 SKU 应用程序网关实例。Deploying a new AKS cluster with the AGIC add-on enabled without specifying an existing Application Gateway instance will mean an automatic creation of a Standard_v2 SKU Application Gateway instance. 因此还需要指定应用程序网关实例的名称和子网地址空间。So, you'll also specify the name and subnet address space of the Application Gateway instance. 应用程序网关实例的名称将是 myApplicationGateway,将要使用的子网地址空间是 10.2.0.0/16。The name of the Application Gateway instance will be myApplicationGateway, and the subnet address space we're using is 10.2.0.0/16. 请确保你已在本教程开头添加或更新了 aks-preview 扩展。Make sure that you added or updated the aks-preview extension at the beginning of this tutorial.

az aks create -n myCluster -g myResourceGroup --network-plugin azure --enable-managed-identity -a ingress-appgw --appgw-name myApplicationGateway --appgw-subnet-prefix "10.2.0.0/16" 

若要为 az aks create 命令配置其他参数,请参阅这些参考To configure additional parameters for the az aks create command, see these references.

备注

创建的 AKS 群集将显示在创建的 myResourceGroup 资源组中。The AKS cluster that you created will appear in the resource group that you created, myResourceGroup. 但是,自动创建的应用程序网关实例将位于代理池所在的节点资源组中。However, the automatically created Application Gateway instance will be in the node resource group, where the agent pools are. 默认情况下,节点资源组将命名为 MC_resource-group-name_cluster-name_location,但可以修改。The node resource group by is named MC_resource-group-name_cluster-name_location by default, but can be modified.

部署使用 AGIC 的示例应用程序Deploy a sample application by using AGIC

现在将为创建的 AKS 群集部署示例应用程序。You'll now deploy a sample application to the AKS cluster that you created. 该应用程序将使用 AGIC 加载项作为入口,并会将应用程序网关实例连接到 AKS 群集。The application will use the AGIC add-on for ingress and connect the Application Gateway instance to the AKS cluster.

首先,通过运行 az aks get-credentials 命令获取 AKS 群集的凭据:First, get credentials to the AKS cluster by running the az aks get-credentials command:

az aks get-credentials -n myCluster -g myResourceGroup

获取凭据后,运行以下命令来设置一个示例应用程序,该应用程序将 AGIC 用作群集的入口。Now that you have credentials, run the following command to set up a sample application that uses AGIC for ingress to the cluster. AGIC 会使用你部署的新示例应用程序的相应路由规则更新你之前设置的应用程序网关实例。AGIC will update the Application Gateway instance that you set up earlier with corresponding routing rules to the new sample application that you deployed.

kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/docs/examples/aspnetapp.yaml 

检查应用程序是否可供访问Check that the application is reachable

将应用程序网关实例设置为向 AKS 群集提供流量以后,接下来让我们验证是否可以访问你的应用程序。Now that the Application Gateway instance is set up to serve traffic to the AKS cluster, let's verify that your application is reachable. 首先获取入口的 IP 地址:First, get the IP address of the ingress:

kubectl get ingress

通过以下任一方式检查所创建的示例应用程序是否正在运行:Check that the sample application that you created is running by either:

  • 访问运行前面的命令所获取的应用程序网关实例的 IP 地址。Visiting the IP address of the Application Gateway instance that you got from running the preceding command.
  • 使用 curlUsing curl.

应用程序网关可能需要一分钟才能获取更新。Application Gateway might take a minute to get the update. 如果应用程序网关在门户上仍处于“正在更新”状态,请等待更新完成,然后再尝试访问该 IP 地址。If Application Gateway is still in an Updating state on the portal, let it finish before you try to reach the IP address.

清理资源Clean up resources

如果不再需要资源组、应用程序网关实例以及所有相关资源,请将其删除。When you no longer need them, remove the resource group, the Application Gateway instance, and all related resources:

az group delete --name myResourceGroup

后续步骤Next steps