Azure Stack HCI 上的 Azure Kubernetes 服务的系统要求System requirements for Azure Kubernetes Service on Azure Stack HCI

适用于:Azure Stack HCIApplies to: Azure Stack HCI

本文介绍设置 Azure Stack HCI 上的 Azure Kubernetes 服务并使用它创建 Kubernetes 群集的要求。This article covers the requirements for setting up Azure Kubernetes Service on Azure Stack HCI and using it to create Kubernetes clusters. 有关 Azure Stack HCI 上的 Azure Kubernetes 服务的概述,请参阅 Azure Stack HCI 上的 AKS 概述For an overview of Azure Kubernetes Service on Azure Stack HCI, see AKS on Azure Stack HCI overview.

确定硬件要求Determine hardware requirements

建议你从我们的合作伙伴那里购买经验证的 Azure Stack HCI 硬件/软件解决方案。We recommend purchasing a validated Azure Stack HCI hardware/software solution from our partners. 这些解决方案是依据我们的参考体系结构设计和汇编的,并且经过了验证,能够确保兼容性和可靠性,因此你可以快速起步和运行。These solutions are designed, assembled, and validated against our reference architecture to ensure compatibility and reliability so you get up and running quickly. 检查所用的系统、组件、设备和驱动程序是否是通过 Windows Server 目录认证的 Windows Server 2019。Check that the systems, components, devices, and drivers you are using are Windows Server 2019 Certified per the Windows Server Catalog.

一般要求General requirements

若要使 Azure Stack HCI 上的 Azure Kubernetes 服务在 Active Directory 环境中以最佳方式运行,请确保满足以下要求:For Azure Kubernetes Service on Azure Stack HCI to function optimally in an Active Directory environment, ensure the following requirements are fulfilled:

  • 确保设置时间同步,并且所有群集节点和域控制器上的差异不超过 2 分钟。Ensure time synchronization is setup and the divergence is not greater than 2 minutes across all cluster nodes and the domain controller. 有关设置时间同步的信息,请访问 Windows 时间服务For information on setting time synchronization visit Windows Time Service.

  • 确保在 Azure Stack HCI 群集上添加、更新和管理 Azure Kubernetes 服务的用户帐户在 Active Directory 中拥有正确的权限。Ensure that the user account(s) adding, updating, and managing Azure Kubernetes Service on Azure Stack HCI clusters have the correct permissions in Active Directory. 如果使用组织单位 (OU) 管理服务器和服务的组策略,则用户帐户需要针对 OU 中所有对象的列出、读取、修改和删除权限。If you are using Organizational Units (OUs) to manage group policies for servers and services, the user account(s) will require list, read, modify, and delete permissions on all objects in the OU.

  • 对于将 Azure Stack HCI 群集上的 Azure Kubernetes 服务添加到的服务器和服务,建议使用单独的 OU。We recommend using a separate OU for the servers and services you add your Azure Kubernetes Service on Azure Stack HCI clusters to. 这样,你便可以更精细地控制访问和权限。This will allow you to control access and permissions with more granularity.

  • 如果在 Active Directory 中的容器上使用 GPO 模板,请确保从该策略中豁免部署 AKS-HCI。If you are using GPO templates on containers in Active Directory, ensure deploying AKS-HCI is exempt from that policy. 后续预览版本将提供服务器强化。Server hardening will be available in a subsequent preview release.

计算要求Compute requirements

  • 群集中最多有四台服务器的 Azure Stack HCI 群集。An Azure Stack HCI cluster with a maximum of four servers in the cluster. 建议群集中的每台服务器至少具有 24 个 CPU 核心和至少 512 GB RAM。We recommend that each server in the cluster have at least 24 CPU cores and at least 512 GB RAM.

  • 虽然在技术上可以在单节点 Azure Stack HCI 服务器上运行 Azure Kubernetes 服务,但不建议这样做。While you can technically run Azure Kubernetes Service on a single node Azure Stack HCI Server, we do not recommend doing so.

  • Azure Stack HCI 上的 Azure Kubernetes 服务的其他计算要求与 Azure Stack HCI 的要求一致。Other compute requirements for Azure Kubernetes Service on Azure Stack HCI are in line with Azure Stack HCI's requirements. 有关 Azure Stack HCI 的服务器要求的详细信息,请访问 Azure Stack HCI 要求Visit Azure Stack HCI Requirements for more details on Azure Stack HCI's server requirements.

  • 此预览版本需要使用 EN-US 区域和语言选择在群集中的每台服务器上安装 Azure Stack HCI 操作系统;目前在安装之后更改它们还不充分。This preview release requires that you install the Azure Stack HCI operating system on each server in the cluster using the EN-US region and language selections; changing them after installation isn't sufficient at this time.

网络要求Network requirements

Azure Stack HCI 上的 Azure Kubernetes 服务要求在各个服务器节点之间具有可靠的高带宽、低延迟网络连接。Azure Kubernetes Service on Azure Stack HCI requires a reliable high-bandwidth, low-latency network connection between each server node. 应该验证以下各项:You should verify the following:

  • 如果使用 Windows Admin Center,请验证是否已配置了现有的外部虚拟交换机。Verify that you have an existing, external virtual switch configured if you’re using Windows Admin Center. 对于 Azure Stack HCI 群集,此交换机在所有群集节点上必须相同。For Azure Stack HCI clusters, this switch must be the same across all cluster nodes.

  • 验证是否在所有网络适配器上禁用了 IPv6。Verify that you have disabled IPv6 on all network adapters.

  • 网络必须具有可用的 DHCP 服务器,才能向 VM 和 VM 主机提供 TCP/IP 地址。The network must have an available DHCP server to provide TCP/IP addresses to the VMs and VM hosts. DHCP 服务器还应包含 NTP 和 DNS 主机信息。The DHCP server should also contain NTP and DNS host information.

  • 还建议 DHCP 服务器具有 Azure Stack HCI 群集可访问的专用 IPv4 地址范围。We also recommend having a DHCP server with a dedicated scope of IPv4 addresses accessible by the Azure Stack HCI cluster. 例如,可以为默认网关保留 10.0.1.1,为 Kubernetes 服务保留 10.0.1.2 到 10.0.1.102,并将 10.0.1.103-10.0.1.254 用于 Kubernetes 群集 VM。For example, you can reserve 10.0.1.1 for the default gateway, 10.0.1.2 to 10.0.1.102 for Kubernetes services and use 10.0.1.103-10.0.1.254 for Kubernetes cluster VMs.

  • DHCP 服务器提供的 IPv4 地址应该可进行路由,并且具有 7 天租用过期时间,以避免在 VM 更新或重新预配时丢失 IP 连接。The IPv4 addresses provided by the DHCP server should be routable and have a 7-day lease expiration to avoid loss of IP connectivity in case of VM update or reprovisioning.

  • 不建议使用 VLAN 标记。We don't recommend to have VLAN tags. 在 Azure Stack HCI 群集网络交换机上使用访问或未标记端口。Use access or untagged ports on your Azure Stack HCI cluster network switches.

  • 在设置过程中,不建议将专用静态虚拟 IP 池用于负载平衡器虚拟 IP 池。We don't recommend to use a dedicated static virtual IP pool for the load balancer virtual IP pool during setup. DHCP IP 池用于虚拟机,而虚拟 IP 池用于负载均衡器,需要可进行路由。The DHCP IP pool is used for the virtual machines whereas the virtual IP pool is used for the load balancer, and needs to be routable. DHCP IP 池不需要可路由到外部 Internet。The DHCP IP pool does not need to be routable to the external internet.

  • 若要使所有节点都能够相互通信,需要 DNS 名称解析。DNS name resolution is required for all nodes to be able to communicate with each other. 对于 Kubernetes 外部名称解析,我们在获取 IP 地址时使用 DHCP 服务器提供的 DNS 服务器。For Kubernetes external name resolution, we use the DNS servers provided by the DHCP server when the IP address is obtained. 对于 Kubernetes 内部名称解析,我们使用默认 Kubernetes 核心基于 DNS 的解决方案。For Kubernetes internal name resolution, we use the default Kubernetes core DNS based solution.

  • 对于此预览版本,我们不支持使用代理服务器将 Windows Admin Center、Azure Stack HCI 群集节点和 Azure Stack HCI 群集节点上的 Azure Kubernetes 服务连接到 Internet。For this preview release, we don't support using a proxy server to connect the Windows Admin Center, Azure Stack HCI cluster nodes, and the Azure Kubernetes Service on Azure Stack HCI cluster nodes to the internet.

网络端口和 URL 要求Network port and URL requirements

在 Azure Stack HCI 上创建 Azure Kubernetes 群集时,将在群集中的每台服务器上自动打开以下防火墙端口。When creating an Azure Kubernetes Cluster on Azure Stack HCI, we will automatically open the following firewall ports on each server in the cluster.

防火墙端口Firewall Port 说明Description
4500045000 wssdagent GPRC 服务器端口wssdagent GPRC server port
4500145001 wssdagent GPRC 身份验证端口wssdagent GPRC authentication port
5500055000 wssdcloudagent GPRC 服务器端口wssdcloudagent GPRC server port
5500155001 wssdcloudagent GPRC 身份验证端口wssdcloudagent GPRC authentication port

Windows Admin Center 计算机和 Azure Stack HCI 群集中的所有节点都需要防火墙 URL 例外。Firewall URL exceptions are needed for the Windows Admin Center machine and all nodes in the Azure Stack HCI cluster.

URLURL 端口Port 服务Service 注释Notes
https://get.helm.sh/ 443443 下载代理、WACDownload Agent, WAC 用于下载 Helm 二进制文件Used to download the Helm binaries
https://storage.googleapis.com/ 443443 Cloud InitCloud Init 下载 Kubernetes 二进制文件Downloading Kubernetes binaries
https://azurecliprod.blob.core.windows.net/ 443443 Cloud InitCloud Init 下载二进制文件和容器Downloading binaries and containers
https://aka.ms/installazurecliwindows 443443 WACWAC 下载 Azure CLIDownloading Azure CLI
.api.cdp.microsoft.com、.dl.delivery.mp.microsoft.com、*.emdl.ws.microsoft.com*.api.cdp.microsoft.com, *.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com 80、44380, 443 下载代理Download Agent 下载元数据Downloading metadata
.dl.delivery.mp.microsoft.com、.do.dsp.mp.microsoft.com.*.dl.delivery.mp.microsoft.com, *.do.dsp.mp.microsoft.com. 80、44380, 443 下载代理Download Agent 下载 VHD 映像Downloading VHD images
ecpacr.azurecr.ioecpacr.azurecr.io 443443 KubernetesKubernetes 下载容器映像Downloading container images

存储要求Storage requirements

Azure Stack HCI 上的 Azure Kubernetes 服务支持以下存储实现:The following storage implementations are supported by Azure Kubernetes Service on Azure Stack HCI:

名称Name 存储类型Storage Type 必需容量Required Capacity
Azure Stack HCI 群集Azure Stack HCI Cluster CSVCSV 1 TB1 TB
单节点 Azure Stack HCISingle Node Azure Stack HCI 直接连接的存储Direct Attached Storage 500 GB500 GB

查看支持的最大硬件规格Review maximum supported hardware specifications

超出以下规格的 Azure Stack HCI 上的 Azure Kubernetes 服务部署不受支持:Azure Kubernetes Service on Azure Stack HCI deployments that exceed the following specifications are not supported:

资源Resource 最大值Maximum
每个群集的物理服务器数Physical servers per cluster 44
Kubernetes 群集Kubernetes Clusters 44
VM 的总量Total number of VMs 200200

Windows Admin CenterWindows Admin Center

Windows Admin Center 是用于创建和管理 Azure Stack HCI 上的 Azure Kubernetes 服务的用户界面。Windows Admin Center is the user interface for creating and managing Azure Kubernetes Service on Azure Stack HCI. 若要将 Windows Admin Center 与 Azure Stack HCI 上的 Azure Kubernetes 服务一起使用,必须满足以下列表中的所有条件。To use Windows Admin Center with Azure Kubernetes Service on Azure Stack HCI, you must meet all the criteria in the list below.

在 Windows Admin Center 系统上On your Windows Admin Center system

运行 Windows Admin Center 网关的计算机必须:The machine running the Windows Admin Center gateway must:

  • Windows 10(目前不支持 Windows Admin Center 服务器)Windows 10 (we don't support Windows Admin Center servers right now)
  • 60 GB 可用空间60 GB of free space
  • 已向 Azure 注册Registered with Azure
  • 与 Azure Stack HCI 群集处于同一个域中In the same domain as the Azure Stack HCI cluster

后续步骤Next steps

满足上述所有先决条件之后,可以使用以下各项设置 Azure Stack HCI 上的 Azure Kubernetes 服务主机:After you have satisfied all of the prerequisites above, you can set up a Azure Kubernetes Service host on Azure Stack HCI using: