什么是 Azure 容器实例?What is Azure Container Instances?

容器正在变成对云应用程序执行打包、部署和管理操作的首选方式。Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure 容器实例提供了在 Azure 中运行容器的最简捷方式,既无需管理任何虚拟机,也不必采用更高级的服务。Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

不管什么方案(包括简单应用程序、任务自动化、生成作业),只要能够在隔离容器中操作,就可以使用 Azure 容器实例这种解决方案。Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. 对于需要完整容器业务流程的方案(包括跨多个容器的服务发现、自动缩放、协调式应用程序升级),建议使用 Azure Kubernetes Service (AKS)For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

启动时间短Fast startup times

与虚拟机 (VM) 相比,容器的启动优势明显。Containers offer significant startup benefits over virtual machines (VMs). Azure 容器实例可在数秒内启动 Azure 中的容器,且无需预配和管理 VM。Azure Container Instances can start containers in Azure in seconds, without the need to provision and manage VMs.

容器访问Container access

使用 Azure 容器实例可以通过公共 IP 地址和完全限定的域名 (FQDN) 直接向 Internet 公开容器组。Azure Container Instances enables exposing your container groups directly to the internet with an IP address and a fully qualified domain name (FQDN). 创建容器实例时,可以指定自定义的 DNS 名称标签,以便应用程序可在 customlabel .azureregion .azurecontainer.console.azure.cn 上访问。When you create a container instance, you can specify a custom DNS name label so your application is reachable at customlabel.azureregion.azurecontainer.console.azure.cn.

通过提供交互式 shell,Azure 容器实例还可以在正在运行的容器中执行命令,以帮助进行应用程序开发和故障排除。Azure Container Instances also supports executing a command in a running container by providing an interactive shell to help with application development and troubleshooting. 访问通过 HTTPS 进行,并使用 TLS 来保护客户端连接。Access takes places over HTTPS, using TLS to secure client connections.

Important

从 2020 年 1 月 13 日开始,Azure 容器实例将要求服务器和应用程序的所有安全连接都使用 TLS 1.2。Starting January 13, 2020, Azure Container Instances will require all secure connections from servers and applications to use TLS 1.2. 对 TLS 1.0 和 1.1 的支持将停用。Support for TLS 1.0 and 1.1 will be retired.

虚拟机监控程序级别的安全性Hypervisor-level security

从历史上看,容器提供了应用程序依赖项隔离和资源调控功能,但不能认为其功能已强大到可以进行恶意的多租户使用。Historically, containers have offered application dependency isolation and resource governance but have not been considered sufficiently hardened for hostile multi-tenant usage. Azure 容器实例保证容器中的应用程序像在 VM 中一样保持隔离状态。Azure Container Instances guarantees your application is as isolated in a container as it would be in a VM.

自定义大小Custom sizes

容器通常优化成只运行单个应用程序,但此类应用程序的具体需求可能差异很大。Containers are typically optimized to run just a single application, but the exact needs of those applications can differ greatly. Azure 容器实例允许确切地指定 CPU 核心数和内存量,因此可提供最佳的利用方式。Azure Container Instances provides optimum utilization by allowing exact specifications of CPU cores and memory. 费用取决于具体请求并按秒计收,因此可以根据实际需求来严格控制花费。You pay based on what you need and get billed by the second, so you can fine-tune your spending based on actual need.

对于计算密集型作业(如机器学习),Azure 容器实例可以安排 Linux 容器使用 NVIDIA Tesla GPU 资源(预览版)。For compute-intensive jobs such as machine learning, Azure Container Instances can schedule Linux containers to use NVIDIA Tesla GPU resources (preview).

持久存储Persistent storage

为了通过 Azure 容器实例来检索和持久保存状态,我们提供由 Azure 存储支持的直接装载 Azure 文件共享功能。To retrieve and persist state with Azure Container Instances, we offer direct mounting of Azure Files shares backed by Azure Storage.

## Linux 容器Linux containers

Azure 容器实例可以使用 API 来计划 Linux 容器。Azure Container Instances can schedule Linux containers with API. 直接在创建容器组时指定 OS 类型。Simply specify the OS type when you create your container groups.

某些功能当前仅限于 Linux 容器:Some features are currently restricted to Linux containers:

共同计划组Co-scheduled groups

Azure 容器实例支持对共享主机、本地网络、存储和生命周期的多容器组进行计划。Azure Container Instances supports scheduling of multi-container groups that share a host machine, local network, storage, and lifecycle. 这样即可将主要应用程序容器与其他配角容器(例如日志记录分支)结合使用。This enables you to combine your main application container with other supporting role containers, such as logging sidecars.

后续步骤Next steps

尝试按照快速入门指南,使用单个命令将容器部署到 Azure:Try deploying a container to Azure with a single command using our quickstart guide: