使用 Active Directory 联合身份验证服务将 Kubernetes 部署到 Azure Stack HubDeploy Kubernetes to Azure Stack Hub using Active Directory Federated Services

备注

仅使用 Kubernetes Azure Stack 市场项将部署群集作为概念证明。Only use the Kubernetes Azure Stack Marketplace item to deploy clusters as a proof-of-concept. 有关 Azure Stack 上支持的 Kubernetes 群集,请使用 AKS 引擎For supported Kubernetes clusters on Azure Stack, use the AKS engine.

可以按照本文中的步骤部署和设置 Kubernetes 的资源。You can follow the steps in this article to deploy and set up the resources for Kubernetes. 如果 Active Directory 联合身份验证服务 (AD FS) 是你的标识管理服务,请按照这些步骤进行操作。Use these steps when Active Directory Federated Services (AD FS) is your identity management service.

先决条件Prerequisites

开始之前,请确保你有适当的权限且 Azure Stack Hub 已就绪。To get started, make sure you have the right permissions and that your Azure Stack Hub is ready.

  1. 生成一个 SSH 公钥和私钥对,用于登录到 Azure Stack Hub 上的 Linux VM。Generate an SSH public and private key pair to sign in to the Linux VM on Azure Stack Hub. 在创建群集时需要此公钥。You need the public key when creating the cluster.

    有关如何生成密钥的说明,请参阅 SSH 密钥生成For instructions on generating a key, see SSH Key Generation.

  2. 检查你在 Azure Stack Hub 租户门户中是否有有效的订阅,以及是否有足够的公共 IP 地址来添加新的应用程序。Check that you have a valid subscription in your Azure Stack Hub tenant portal, and that you have enough public IP addresses available to add new applications.

    此群集不能部署到 Azure Stack Hub“管理员”订阅****。The cluster cannot be deployed to an Azure Stack Hub Administrator subscription. 必须使用用户订阅。You must use a User subscription.

  3. 如果你的市场中没有 Kubernetes 群集,请联系 Azure Stack Hub 管理员。If you do not have Kubernetes Cluster in your marketplace, talk to your Azure Stack Hub administrator.

创建服务主体Create a service principal

使用 AD FS 作为标识解决方案时,需要与 Azure Stack Hub 管理员配合设置服务主体。You need to work with your Azure Stack Hub administrator to set up your service principal when using AD FS as your identity solution. 借助服务主体,应用程序可以访问 Azure Stack Hub 资源。The service principal gives your application access to Azure Stack Hub resources.

  1. Azure Stack Hub 管理员会提供有关服务主体的信息。Your Azure Stack Hub administrator provides you with the information for the service principal. 服务主体信息应如下所示:The service principal information should look like:

      ApplicationIdentifier : S-1-5-21-1512385356-3796245103-1243299919-1356
  ClientId              : 3c87e710-9f91-420b-b009-31fa9e430145
  ClientSecret          : <your client secret>
  Thumbprint            : <often this value is empty>
  ApplicationName       : Azurestack-MyApp-c30febe7-1311-4fd8-9077-3d869db28342
  PSComputerName        : 192.168.200.224
  RunspaceId            : a78c76bb-8cae-4db4-a45a-c1420613e01b

  2. 为新服务主体分配一个角色,作为订阅的参与者。Assign your new service principal a role as a contributor to your subscription. 有关说明,请参阅分配角色For instructions, see Assign a role.

部署 KubernetesDeploy Kubernetes

  1. 打开 Azure Stack Hub 门户 https://portal.local.azurestack.externalOpen the Azure Stack Hub portal https://portal.local.azurestack.external.

  2. 选择“+ 创建资源”**** > “计算”**** > “Kubernetes 群集”****。Select + Create a resource > Compute > Kubernetes Cluster. 选择“创建” ****。Select Create.

    此屏幕截图显示了用于创建 Kubernetes 群集的页面。

1.基础知识1. Basics

  1. 在“创建 Kubernetes 群集”中选择“基本信息”。****Select Basics in Create Kubernetes Cluster.

    此屏幕截图显示了添加 Kubernetes 群集基本信息的位置。

  2. 选择订阅 ID。Select your Subscription ID.

  3. 输入新资源组的名称,或者选择现有资源组。Enter the name of a new resource group or select an existing resource group. 资源名称必须为字母数字,且必须小写。The resource name needs to be alphanumeric and lowercase.

  4. 选择资源组的“位置”。****Select the Location of the resource group. 这是为 Azure Stack Hub 安装选择的区域。This is the region you choose for your Azure Stack Hub installation.

2.Kubernetes 群集设置2. Kubernetes Cluster Settings

  1. 在“创建 Kubernetes 群集”中选择“Kubernetes 群集设置”。****Select Kubernetes Cluster Settings in Create Kubernetes Cluster.

    此屏幕截图显示了配置 Kubernetes 群集设置的步骤。

  2. 输入 Linux VM 管理员用户名****。Enter the Linux VM admin username. 构成 Kubernetes 群集和 DVM 的 Linux 虚拟机的用户名。User name for the Linux Virtual Machines that are part of the Kubernetes cluster and DVM.

  3. 输入 SSH 公钥,用于向所有作为 Kubernetes 群集和 DVM 的一部分创建的 Linux 计算机授权。Enter the SSH Public Key used for authorization to all Linux machines created as part of the Kubernetes cluster and DVM.

  4. 输入特定于区域的主配置文件 DNS 前缀Enter the Master Profile DNS Prefix that is unique to the region. 这必须是特定于区域的名称,例如 k8s-12345This must be a region-unique name, such as k8s-12345. 最佳做法是尝试选择与资源组名称相同的名称。Try to chose it same as the resource group name as best practice.

    备注

    为每个群集使用新且唯一的主配置文件 DNS 前缀。For each cluster, use a new and unique master profile DNS prefix.

  5. 选择“Kubernetes 主池配置文件计数”****。Select the Kubernetes master pool profile count. 此计数包含主池中的节点数。The count contains the number of nodes in the master pool. 其范围为 1 到 7。There can be from 1 to 7. 此值应当为奇数。This value should be an odd number.

  6. 选择“Kubernetes 主 VM 的 VMSize”。****Select The VMSize of the Kubernetes master VMs.

  7. 选择“Kubernetes 节点池配置文件计数”****。Select the Kubernetes node pool profile count. 此计数包含群集中的代理数。The count contains the number of agents in the cluster.

  8. 选择“Kubernetes 节点 VM 的 VMSize”****。Select the VMSize of the Kubernetes node VMs. 这指定 Kubernetes 节点 VM 的 VM 大小。This specifies the VM Size of Kubernetes node VMs.

  9. 对于 Azure Stack Hub 安装,选择“Azure Stack Hub 标识系统”的 ADFS**** ****。Select ADFS for the Azure Stack Hub identity system for your Azure Stack Hub installation.

  10. 输入“服务主体 ClientId”,供 Kubernetes Azure 云提供程序使用****。Enter the Service principal clientId This is used by the Kubernetes Azure cloud provider. Azure Stack Hub 管理员创建服务主体时标识为应用程序 ID 的客户端 ID。The Client ID identified as the Application ID when your Azure Stack Hub administrator created the service principal.

  11. 输入“服务主体客户端机密”****。Enter the Service principal client secret. 这是 Azure Stack Hub 管理员提供的 AD FS 服务主体的客户端机密。This is the client secret provided to you for your AD FS service principle from your Azure Stack Hub administrator.

  12. 输入“Kubernetes 版本”****。Enter the Kubernetes version. 这是 Kubernetes Azure 提供程序的版本。This is the version for the Kubernetes Azure provider. Azure Stack Hub 为每个 Azure Stack Hub 版本发布一个自定义 Kubernetes 内部版本。Azure Stack Hub releases a custom Kubernetes build for each Azure Stack Hub version.

3.摘要3. Summary

  1. 选择“摘要”。Select Summary. 此边栏选项卡显示针对 Kubernetes 群集配置设置的验证消息。The blade displays a validation message for your Kubernetes Cluster configurations settings.

    部署解决方案模板

  2. 复查你的设置。Review your settings.

  3. 选择“确定”**** 以部署群集。Select OK to deploy your cluster.

提示

如果对你的部署有疑问,可以在 Azure Stack Hub 论坛发布问题或查看是否已经有人回答了该问题。If you have questions about your deployment, you can post your question or see if someone has already answered the question in the Azure Stack Hub Forum.

后续步骤Next steps

连接到群集Connect to your cluster

启用 Kubernetes 仪表板Enable the Kubernetes Dashboard