Azure

Azure Kubernetes 服务 (AKS)

Azure Kubernetes 服务 (AKS) 管理托管的 Kubernetes 环境，使用户可以在 Azure 中轻松地部署和管理容器化的应用程序。 AKS 环境启用了自动更新、自愈和轻松缩放等功能。 Kubernetes 群集主机由 Azure 免费管理。 由用户管理群集中的代理节点，且只需为节点在其上运行的 VM 付费。

Kubernetes 群集体系结构

Kubernetes 群集分为两个组件：

• 控制平面：提供 Kubernetes 核心服务和应用程序工作负载的业务流程。
• 节点：运行应用程序工作负载。
  

节点和节点池

要运行应用程序和支持服务，需要 Kubernetes 节点。 一个 AKS 群集至少有一个节点，这是运行 Kubernetes 节点组件和容器运行时的 Azure 虚拟机 (VM)。

• 节点池
  具有相同配置的节点将统一合并成节点池。 一个 Kubernetes 群集至少包含一个节点池。 创建 AKS 群集时会定义初始节点数和大小，从而创建默认节点池。 AKS 中的此默认节点池包含运行代理节点的基础 VM。

可以在 AKS 托管 Kubernetes 群集上创建两种类型的节点池：

• 系统节点池

• 用户节点池

系统节点池

系统节点池承载关键系统 Pod，它们是构成群集的控制平面。 系统节点池只允许将 Linux 用作节点 OS，并且只运行基于 Linux 的工作负载。 系统节点池中的节点保留用于系统工作负载，通常不用于运行自定义工作负载。 每个 AKS 群集都必须至少包含一个具有至少一个节点的系统节点池，并且必须为节点定义基础 VM 大小。

用户节点池

用户节点池支持用户的工作负载，用户可将 Windows 或 Linux 指定为节点操作系统。 还可以定义节点的基础 VM 大小并运行特定的工作负载。

自动路由

默认情况下，Kubernetes 群集会阻止所有外部通信。

通过启用** HTTP 应用程序路由**来解决复杂性问题。 通过此加载项，可轻松地通过自动部署的入口控制器访问群集上的应用程序。

LAB

本实验来自于Azure学习模块： 在 Azure Kubernetes 服务中部署容器化应用程序

拓扑

步骤

1. 为将在实验中重复使用的配置值创建变量

izhao_yiyi@Azure:~$ RESOURCE_GROUP=etaon.top
izhao_yiyi@Azure:~$ CLUSTER_NAME=aks-contoso-$RANDOM

2. 使用az aks create 命令以创建 AKS 群集

izhao_yiyi@Azure:~$ az aks create
–resource-group $RESOURCE_GROUP
–name $CLUSTER_NAME
–node-count 2
–enable-addons http_application_routing
–generate-ssh-keys
–node-vm-size Standard_B2s
–network-plugin azure

• –enable-addons http_application_routing参数 启用 HTTP 应用程序路由，在Azure门户上的‘网络’设置部分可以看到：
  

• –network-plugin azure参数 设置CNI的类型为Azure
  
  AKS的CNI默认为kubenet，选择Azure CNI的化，默认会建立自己的虚拟网络：
  
  前面使用的命令没有指定网络IP地址，即使用以上IP地址范围。

系统反馈

{"aadProfile": null,"addonProfiles": {"httpApplicationRouting": {"config": {"HTTPApplicationRoutingZoneName": "bdfb20a8625f417b9c17.eastasia.aksapp.io"},"enabled": true,"identity": {"clientId": "c3c858eb-cc6e-4e27-9070-9691a6efec8e","objectId": "b6cecf34-23bc-4fd9-b70a-affa5f2f4afc","resourceId": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.ManagedIdentity/userAssignedIdentities/httpapplicationrouting-aks-contoso-31096"}}},"agentPoolProfiles": [{"availabilityZones": null,"count": 2,"creationData": null,"enableAutoScaling": false,"enableEncryptionAtHost": false,"enableFips": false,"enableNodePublicIp": false,"enableUltraSsd": false,"gpuInstanceProfile": null,"kubeletConfig": null,"kubeletDiskType": "OS","linuxOsConfig": null,"maxCount": null,"maxPods": 30,"minCount": null,"mode": "System","name": "nodepool1","nodeImageVersion": "AKSUbuntu-1804gen2containerd-2021.11.06","nodeLabels": null,"nodePublicIpPrefixId": null,"nodeTaints": null,"orchestratorVersion": "1.20.9","osDiskSizeGb": 128,"osDiskType": "Managed","osSku": "Ubuntu","osType": "Linux","podSubnetId": null,"powerState": {"code": "Running"},"provisioningState": "Succeeded","proximityPlacementGroupId": null,"scaleDownMode": null,"scaleSetEvictionPolicy": null,"scaleSetPriority": null,"spotMaxPrice": null,"tags": null,"type": "VirtualMachineScaleSets","upgradeSettings": null,"vmSize": "Standard_B2s","vnetSubnetId": null,"workloadRuntime": "OCIContainer"}],"apiServerAccessProfile": null,"autoScalerProfile": null,"autoUpgradeProfile": null,"azurePortalFqdn": "aks-contos-etaontop-14adb2-ae5fb642.portal.hcp.eastasia.azmk8s.io","disableLocalAccounts": false,"diskEncryptionSetId": null,"dnsPrefix": "aks-contos-etaontop-14adb2","enablePodSecurityPolicy": false,"enableRbac": true,"extendedLocation": null,"fqdn": "aks-contos-etaontop-14adb2-ae5fb642.hcp.eastasia.azmk8s.io","fqdnSubdomain": null,"httpProxyConfig": null,"id": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/etaon.top/providers/Microsoft.ContainerService/managedClusters/aks-contoso-31096","identity": {"principalId": "03016c69-734e-46a4-a7fd-dcb437f6961a","tenantId": "7446b7c5-bb59-4186-a8df-513c195bc49f","type": "SystemAssigned","userAssignedIdentities": null},"identityProfile": {"kubeletidentity": {"clientId": "5ed42363-69bc-47b7-ad16-3a262e98a362","objectId": "0bf0c11a-2f25-4ade-b4f5-df5beab61343","resourceId": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-contoso-31096-agentpool"}},"kubernetesVersion": "1.20.9","linuxProfile": {"adminUsername": "azureuser","ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOA+F/qE7BKbdDnRyBc3yNMiLHwZbq+Y2Mec+z50i37SiyGq3PjLkqFBVIknKi4y5O7mWbo2AeDZOkNnKJMiax6nQvSTxnAy5Ijp4RqfUQjmKpi1bo+XC1FPq+Pe7HLJaNBDZA3SsY+cdIpLt4kJfsxdV9ndTCHp5ygrTAhaoCqXwoh+pvJgFN9u0K0Axoc7UE21V2yTSLoCLMcArY8qIWWtTl8xErxG9CLsBUnejWMzh67IO6Ieo+QZgirDvfYXJrkc+BU4dveCA3RjqiHNCOE6tMUR+FC7DXFSwswldJaW/JxnCSPIue20DS9zvM4F5nklibLVfhcQCq6DjTUTs1"}]}},"location": "eastasia","maxAgentPools": 100,"name": "aks-contoso-31096","networkProfile": {"dnsServiceIp": "10.0.0.10","dockerBridgeCidr": "172.17.0.1/16","ipFamilies": ["IPv4"],"loadBalancerProfile": {"allocatedOutboundPorts": null,"effectiveOutboundIPs": [{"id": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourceGroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.Network/publicIPAddresses/a69e46df-32c3-4acb-9a4a-ab01531711c4","resourceGroup": "MC_etaon.top_aks-contoso-31096_eastasia"}],"enableMultipleStandardLoadBalancers": null,"idleTimeoutInMinutes": null,"managedOutboundIPs": {"count": 1,"countIpv6": null},"outboundIPs": null,"outboundIpPrefixes": null},"loadBalancerSku": "Standard","natGatewayProfile": null,"networkMode": null,"networkPlugin": "azure","networkPolicy": null,"outboundType": "loadBalancer","podCidr": null,"podCidrs": null,"serviceCidr": "10.0.0.0/16","serviceCidrs": ["10.0.0.0/16"]},"nodeResourceGroup": "MC_etaon.top_aks-contoso-31096_eastasia","podIdentityProfile": null,"powerState": {"code": "Running"},"privateFqdn": null,"privateLinkResources": null,"provisioningState": "Succeeded","publicNetworkAccess": null,"resourceGroup": "etaon.top","securityProfile": null,"servicePrincipalProfile": {"clientId": "msi","secret": null},"sku": {"name": "Basic","tier": "Free"},"tags": null,"type": "Microsoft.ContainerService/ManagedClusters","windowsProfile": {"adminPassword": null,"adminUsername": "azureuser","enableCsiProxy": true,"gmsaProfile": null,"licenseType": null}
}

也可以从控制台看到

3. 运行以下命令将 Kubernetes 群集与 kubectl 链接
   可以通过点击‘连接’查看具体命令：
   

izhao_yiyi@Azure:~$ az aks get-credentials --resource-group etaon.top --name aks-contoso-31096
The behavior of this command has been altered by the following extension: aks-preview
Merged “aks-contoso-31096” as current context in /home/izhao_yiyi/.kube/config

izhao_yiyi@Azure:~$ kubectl get node
NAME                                STATUS   ROLES   AGE   VERSION
aks-nodepool1-00921554-vmss000000   Ready    agent   54m   v1.20.9
aks-nodepool1-00921554-vmss000001   Ready    agent   54m   v1.20.9

4. 创建应用contoso-website

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: contoso-website
spec:selector: # Define the wrapping strategymatchLabels: # Match all pods with the defined labelsapp: contoso-website # Labels follow the `name: value` templatetemplate: # This is the template of the pod inside the deploymentmetadata:labels:app: contoso-websitespec:nodeSelector:kubernetes.io/os: linuxcontainers:- image: mcr.microsoft.com/mslearn/samples/contoso-websitename: contoso-websiteresources:requests:cpu: 100mmemory: 128Milimits:cpu: 250mmemory: 256Miports:- containerPort: 80name: http

应用yaml文件，查看结果

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f deployment.yaml
deployment.apps/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
contoso-website   0/1     1            0           17s
izhao_yiyi@Azure:~/contoso-website$ kubectl get po -w
NAME                             READY   STATUS              RESTARTS   AGE
contoso-website-97988f7c-7dgfz   0/1     ContainerCreating   0          25s
contoso-website-97988f7c-7dgfz   1/1     Running             0          35s
^Cizhao_yiyi@Azure:~/contoso-website$ kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
contoso-website   1/1     1            1           41s

在控制台同样可以看到

5. 为contoso-website暴露Service（ClusterIp）

#service.yaml
apiVersion: v1
kind: Service
metadata:name: contoso-website
spec:type: ClusterIPselector:app: contoso-websiteports:- port: 80 # SERVICE exposed portname: http # SERVICE port nameprotocol: TCP # The protocol the SERVICE will listen totargetPort: http # Port to forward to in the POD

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f service.yaml
service/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get svc
NAME              TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
contoso-website   ClusterIP   10.0.88.220   <none>        80/TCP    7s

6. 在 Cloud Shell 中，运行 az network dns zone list 命令以查询 Azure DNS 区域列表

izhao_yiyi@Azure:~/contoso-website$ az aks show \ -g $RESOURCE_GROUP \ -n $CLUSTER_NAME \ -o tsv \ --query addonProfiles.httpApplicationRouting.config.HTTPApplicationRoutingZoneName
The behavior of this command has been altered by the following extension: aks-preview
bdfb20a8625f417b9c17.eastasia.aksapp.io

7. 配置ingress的yaml并部署

#ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: contoso-websiteannotations:kubernetes.io/ingress.class: addon-http-application-routing
spec:rules:- host: contoso.bdfb20a8625f417b9c17.eastasia.aksapp.iohttp:paths:- backend: # How the ingress will handle the requestsservice:name: contoso-website # Which service the request will be forwarded toport:name: http # Which port in that servicepath: / # Which path is this rule referring topathType: Prefix # See more at 

• 在yaml文件的 metadata 部分中创建了一个 annotations 项，系统将调用该文件来使用此入口的 HTTP application routing 加载项。 将该项设置为 kubernetes.io/ingress.class，并将值设置为 addon-http-application-routing
• 在rule中指定了到host的后端service

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f ingress.yaml
ingress.networking.k8s.io/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get ingress
NAME              CLASS    HOSTS                                             ADDRESS          PORTS   AGE
contoso-website   <none>   contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io   20.187.250.168   80      9s
izhao_yiyi@Azure:~/contoso-website$ kubectl describe ingress contoso-website
Name:             contoso-website
Namespace:        default
Address:          20.187.250.168
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host                                             Path  Backends----                                             ----  --------contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io/   contoso-website:http (10.240.0.54:80)
Annotations:                                       kubernetes.io/ingress.class: addon-http-application-routing
Events:                                            <none>

可以看到挂到后端的service的情况。

从控制台看


访问Web：contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io

Azure

Azure Kubernetes 服务 (AKS)

Azure Kubernetes 服务 (AKS) 管理托管的 Kubernetes 环境，使用户可以在 Azure 中轻松地部署和管理容器化的应用程序。 AKS 环境启用了自动更新、自愈和轻松缩放等功能。 Kubernetes 群集主机由 Azure 免费管理。 由用户管理群集中的代理节点，且只需为节点在其上运行的 VM 付费。

Kubernetes 群集体系结构

Kubernetes 群集分为两个组件：

• 控制平面：提供 Kubernetes 核心服务和应用程序工作负载的业务流程。
• 节点：运行应用程序工作负载。
  

节点和节点池

要运行应用程序和支持服务，需要 Kubernetes 节点。 一个 AKS 群集至少有一个节点，这是运行 Kubernetes 节点组件和容器运行时的 Azure 虚拟机 (VM)。

• 节点池
  具有相同配置的节点将统一合并成节点池。 一个 Kubernetes 群集至少包含一个节点池。 创建 AKS 群集时会定义初始节点数和大小，从而创建默认节点池。 AKS 中的此默认节点池包含运行代理节点的基础 VM。

可以在 AKS 托管 Kubernetes 群集上创建两种类型的节点池：

• 系统节点池

• 用户节点池

系统节点池

系统节点池承载关键系统 Pod，它们是构成群集的控制平面。 系统节点池只允许将 Linux 用作节点 OS，并且只运行基于 Linux 的工作负载。 系统节点池中的节点保留用于系统工作负载，通常不用于运行自定义工作负载。 每个 AKS 群集都必须至少包含一个具有至少一个节点的系统节点池，并且必须为节点定义基础 VM 大小。

用户节点池

用户节点池支持用户的工作负载，用户可将 Windows 或 Linux 指定为节点操作系统。 还可以定义节点的基础 VM 大小并运行特定的工作负载。

自动路由

默认情况下，Kubernetes 群集会阻止所有外部通信。

通过启用** HTTP 应用程序路由**来解决复杂性问题。 通过此加载项，可轻松地通过自动部署的入口控制器访问群集上的应用程序。

LAB

本实验来自于Azure学习模块： 在 Azure Kubernetes 服务中部署容器化应用程序

拓扑

步骤

1. 为将在实验中重复使用的配置值创建变量

izhao_yiyi@Azure:~$ RESOURCE_GROUP=etaon.top
izhao_yiyi@Azure:~$ CLUSTER_NAME=aks-contoso-$RANDOM

2. 使用az aks create 命令以创建 AKS 群集

izhao_yiyi@Azure:~$ az aks create
–resource-group $RESOURCE_GROUP
–name $CLUSTER_NAME
–node-count 2
–enable-addons http_application_routing
–generate-ssh-keys
–node-vm-size Standard_B2s
–network-plugin azure

• –enable-addons http_application_routing参数 启用 HTTP 应用程序路由，在Azure门户上的‘网络’设置部分可以看到：
  

• –network-plugin azure参数 设置CNI的类型为Azure
  
  AKS的CNI默认为kubenet，选择Azure CNI的化，默认会建立自己的虚拟网络：
  
  前面使用的命令没有指定网络IP地址，即使用以上IP地址范围。

系统反馈

{"aadProfile": null,"addonProfiles": {"httpApplicationRouting": {"config": {"HTTPApplicationRoutingZoneName": "bdfb20a8625f417b9c17.eastasia.aksapp.io"},"enabled": true,"identity": {"clientId": "c3c858eb-cc6e-4e27-9070-9691a6efec8e","objectId": "b6cecf34-23bc-4fd9-b70a-affa5f2f4afc","resourceId": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.ManagedIdentity/userAssignedIdentities/httpapplicationrouting-aks-contoso-31096"}}},"agentPoolProfiles": [{"availabilityZones": null,"count": 2,"creationData": null,"enableAutoScaling": false,"enableEncryptionAtHost": false,"enableFips": false,"enableNodePublicIp": false,"enableUltraSsd": false,"gpuInstanceProfile": null,"kubeletConfig": null,"kubeletDiskType": "OS","linuxOsConfig": null,"maxCount": null,"maxPods": 30,"minCount": null,"mode": "System","name": "nodepool1","nodeImageVersion": "AKSUbuntu-1804gen2containerd-2021.11.06","nodeLabels": null,"nodePublicIpPrefixId": null,"nodeTaints": null,"orchestratorVersion": "1.20.9","osDiskSizeGb": 128,"osDiskType": "Managed","osSku": "Ubuntu","osType": "Linux","podSubnetId": null,"powerState": {"code": "Running"},"provisioningState": "Succeeded","proximityPlacementGroupId": null,"scaleDownMode": null,"scaleSetEvictionPolicy": null,"scaleSetPriority": null,"spotMaxPrice": null,"tags": null,"type": "VirtualMachineScaleSets","upgradeSettings": null,"vmSize": "Standard_B2s","vnetSubnetId": null,"workloadRuntime": "OCIContainer"}],"apiServerAccessProfile": null,"autoScalerProfile": null,"autoUpgradeProfile": null,"azurePortalFqdn": "aks-contos-etaontop-14adb2-ae5fb642.portal.hcp.eastasia.azmk8s.io","disableLocalAccounts": false,"diskEncryptionSetId": null,"dnsPrefix": "aks-contos-etaontop-14adb2","enablePodSecurityPolicy": false,"enableRbac": true,"extendedLocation": null,"fqdn": "aks-contos-etaontop-14adb2-ae5fb642.hcp.eastasia.azmk8s.io","fqdnSubdomain": null,"httpProxyConfig": null,"id": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/etaon.top/providers/Microsoft.ContainerService/managedClusters/aks-contoso-31096","identity": {"principalId": "03016c69-734e-46a4-a7fd-dcb437f6961a","tenantId": "7446b7c5-bb59-4186-a8df-513c195bc49f","type": "SystemAssigned","userAssignedIdentities": null},"identityProfile": {"kubeletidentity": {"clientId": "5ed42363-69bc-47b7-ad16-3a262e98a362","objectId": "0bf0c11a-2f25-4ade-b4f5-df5beab61343","resourceId": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourcegroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-contoso-31096-agentpool"}},"kubernetesVersion": "1.20.9","linuxProfile": {"adminUsername": "azureuser","ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOA+F/qE7BKbdDnRyBc3yNMiLHwZbq+Y2Mec+z50i37SiyGq3PjLkqFBVIknKi4y5O7mWbo2AeDZOkNnKJMiax6nQvSTxnAy5Ijp4RqfUQjmKpi1bo+XC1FPq+Pe7HLJaNBDZA3SsY+cdIpLt4kJfsxdV9ndTCHp5ygrTAhaoCqXwoh+pvJgFN9u0K0Axoc7UE21V2yTSLoCLMcArY8qIWWtTl8xErxG9CLsBUnejWMzh67IO6Ieo+QZgirDvfYXJrkc+BU4dveCA3RjqiHNCOE6tMUR+FC7DXFSwswldJaW/JxnCSPIue20DS9zvM4F5nklibLVfhcQCq6DjTUTs1"}]}},"location": "eastasia","maxAgentPools": 100,"name": "aks-contoso-31096","networkProfile": {"dnsServiceIp": "10.0.0.10","dockerBridgeCidr": "172.17.0.1/16","ipFamilies": ["IPv4"],"loadBalancerProfile": {"allocatedOutboundPorts": null,"effectiveOutboundIPs": [{"id": "/subscriptions/14adb214-7b29-422a-ac8a-df2af1e51201/resourceGroups/MC_etaon.top_aks-contoso-31096_eastasia/providers/Microsoft.Network/publicIPAddresses/a69e46df-32c3-4acb-9a4a-ab01531711c4","resourceGroup": "MC_etaon.top_aks-contoso-31096_eastasia"}],"enableMultipleStandardLoadBalancers": null,"idleTimeoutInMinutes": null,"managedOutboundIPs": {"count": 1,"countIpv6": null},"outboundIPs": null,"outboundIpPrefixes": null},"loadBalancerSku": "Standard","natGatewayProfile": null,"networkMode": null,"networkPlugin": "azure","networkPolicy": null,"outboundType": "loadBalancer","podCidr": null,"podCidrs": null,"serviceCidr": "10.0.0.0/16","serviceCidrs": ["10.0.0.0/16"]},"nodeResourceGroup": "MC_etaon.top_aks-contoso-31096_eastasia","podIdentityProfile": null,"powerState": {"code": "Running"},"privateFqdn": null,"privateLinkResources": null,"provisioningState": "Succeeded","publicNetworkAccess": null,"resourceGroup": "etaon.top","securityProfile": null,"servicePrincipalProfile": {"clientId": "msi","secret": null},"sku": {"name": "Basic","tier": "Free"},"tags": null,"type": "Microsoft.ContainerService/ManagedClusters","windowsProfile": {"adminPassword": null,"adminUsername": "azureuser","enableCsiProxy": true,"gmsaProfile": null,"licenseType": null}
}

也可以从控制台看到

3. 运行以下命令将 Kubernetes 群集与 kubectl 链接
   可以通过点击‘连接’查看具体命令：
   

izhao_yiyi@Azure:~$ az aks get-credentials --resource-group etaon.top --name aks-contoso-31096
The behavior of this command has been altered by the following extension: aks-preview
Merged “aks-contoso-31096” as current context in /home/izhao_yiyi/.kube/config

izhao_yiyi@Azure:~$ kubectl get node
NAME                                STATUS   ROLES   AGE   VERSION
aks-nodepool1-00921554-vmss000000   Ready    agent   54m   v1.20.9
aks-nodepool1-00921554-vmss000001   Ready    agent   54m   v1.20.9

4. 创建应用contoso-website

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: contoso-website
spec:selector: # Define the wrapping strategymatchLabels: # Match all pods with the defined labelsapp: contoso-website # Labels follow the `name: value` templatetemplate: # This is the template of the pod inside the deploymentmetadata:labels:app: contoso-websitespec:nodeSelector:kubernetes.io/os: linuxcontainers:- image: mcr.microsoft.com/mslearn/samples/contoso-websitename: contoso-websiteresources:requests:cpu: 100mmemory: 128Milimits:cpu: 250mmemory: 256Miports:- containerPort: 80name: http

应用yaml文件，查看结果

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f deployment.yaml
deployment.apps/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
contoso-website   0/1     1            0           17s
izhao_yiyi@Azure:~/contoso-website$ kubectl get po -w
NAME                             READY   STATUS              RESTARTS   AGE
contoso-website-97988f7c-7dgfz   0/1     ContainerCreating   0          25s
contoso-website-97988f7c-7dgfz   1/1     Running             0          35s
^Cizhao_yiyi@Azure:~/contoso-website$ kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
contoso-website   1/1     1            1           41s

在控制台同样可以看到

5. 为contoso-website暴露Service（ClusterIp）

#service.yaml
apiVersion: v1
kind: Service
metadata:name: contoso-website
spec:type: ClusterIPselector:app: contoso-websiteports:- port: 80 # SERVICE exposed portname: http # SERVICE port nameprotocol: TCP # The protocol the SERVICE will listen totargetPort: http # Port to forward to in the POD

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f service.yaml
service/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get svc
NAME              TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
contoso-website   ClusterIP   10.0.88.220   <none>        80/TCP    7s

6. 在 Cloud Shell 中，运行 az network dns zone list 命令以查询 Azure DNS 区域列表

izhao_yiyi@Azure:~/contoso-website$ az aks show \ -g $RESOURCE_GROUP \ -n $CLUSTER_NAME \ -o tsv \ --query addonProfiles.httpApplicationRouting.config.HTTPApplicationRoutingZoneName
The behavior of this command has been altered by the following extension: aks-preview
bdfb20a8625f417b9c17.eastasia.aksapp.io

7. 配置ingress的yaml并部署

#ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: contoso-websiteannotations:kubernetes.io/ingress.class: addon-http-application-routing
spec:rules:- host: contoso.bdfb20a8625f417b9c17.eastasia.aksapp.iohttp:paths:- backend: # How the ingress will handle the requestsservice:name: contoso-website # Which service the request will be forwarded toport:name: http # Which port in that servicepath: / # Which path is this rule referring topathType: Prefix # See more at 

• 在yaml文件的 metadata 部分中创建了一个 annotations 项，系统将调用该文件来使用此入口的 HTTP application routing 加载项。 将该项设置为 kubernetes.io/ingress.class，并将值设置为 addon-http-application-routing
• 在rule中指定了到host的后端service

izhao_yiyi@Azure:~/contoso-website$ kubectl apply -f ingress.yaml
ingress.networking.k8s.io/contoso-website created
izhao_yiyi@Azure:~/contoso-website$ kubectl get ingress
NAME              CLASS    HOSTS                                             ADDRESS          PORTS   AGE
contoso-website   <none>   contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io   20.187.250.168   80      9s
izhao_yiyi@Azure:~/contoso-website$ kubectl describe ingress contoso-website
Name:             contoso-website
Namespace:        default
Address:          20.187.250.168
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host                                             Path  Backends----                                             ----  --------contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io/   contoso-website:http (10.240.0.54:80)
Annotations:                                       kubernetes.io/ingress.class: addon-http-application-routing
Events:                                            <none>

可以看到挂到后端的service的情况。

从控制台看


访问Web：contoso.bdfb20a8625f417b9c17.eastasia.aksapp.io