AKS Engine provides tooling to quickly bootstrap Kubernetes clusters on Azure. By leveraging ARM (Azure Resource Manager), AKS Engine helps you create, destroy and maintain clusters provisioned with basic IaaS resources in Azure. AKS Engine is limited in its support for ongoing operational needs such as scaling, in-place upgrading, and extension management. The Cluster API Provider for Azure a.k.a. CAPZ provides more complete operational capabilities. AKS Engine remains the tool for managing Kubernetes clusters on Azure Stack Hub as CAPZ does not yet work there.
AKS engine和aks都是azure中管理部署kubernetes集群的,其中AKS engine是社区开源版的,aks是产品级别的。两者都是免费的,只需要支付集群中节点费用即可。相对于aks,aks engine支持的功能更多,技术上也更超前。
前置条件
部署集群
wget https://github.com/Azure/aks-engine/releases/download/v0.55.4/aks-engine-v0.55.4-linux-amd64.tar.gz
tar -xvf aks-engine-v0.55.4-linux-amd64.tar.gz
cd aks-engine-v0.55.4-linux-amd64
akse.json
{
"apiVersion": "vlabs",
"location": "chinanorth2",
"properties": {
"orchestratorProfile": {
"orchestratorType": "Kubernetes",
"orchestratorRelease": "1.17",
"orchestratorVersion": "1.17.11",
"kubernetesConfig": {
"loadBalancerSku": "Standard",
"excludeMasterFromStandardLB": true,
"kubeProxyMode" : "ipvs",
"networkPlugin": "flannel",
"networkPolicy": "",
"useManagedIdentity": true,
"userAssignedID": "/subscriptions/xxxx-xxxxx-xxxxx-xxxx/resourceGroups/xxxx-xxxxx-xxxxx-xxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxx-xxxxx-xxxxx-xxxx",
"privateCluster": {
"enabled": true,
"jumpboxProfile": {
"name": "reh-corebe-jumpbox",
"vmSize": "Standard_B2ms",
"osDiskSizeGB": 30,
"username": "vmadmin",
"publickey": "ssh-rsa "
}
},
"addons": [
{
"name": "cluster-autoscaler",
"enabled": true,
"pools": [
{
"name": "pool1",
"config": {
"min-nodes": "4",
"max-nodes": "500"
}
},
{
"name": "pool2",
"config": {
"min-nodes": "3",
"max-nodes": "3"
}
}
],
"config": {
"scan-interval": "1m"
}
},
{
"name": "heapster",
"enabled": true
},
{
"name": "dns-autoscaler",
"enabled": false
},
{
"name": "container-monitoring",
"enabled": true,
"config": {
"logAnalyticsWorkspaceResourceId" : "/subscriptions/xxxx-xxxxx-xxxxx-xxxx/resourceGroups/xxxx-xxxxx-xxxxx-xxxx/providers/Microsoft.OperationalInsights/workspaces/xxxx-xxxxx-xxxxx-xxxx"
}
},
{
"name": "tiller",
"enabled": true,
"containers": [
{
"name": "tiller",
"image": "gcr.azk8s.cn/kubernetes-helm/tiller:v2.13.0",
"cpuRequests": "50m",
"memoryRequests": "150Mi",
"cpuLimits": "50m",
"memoryLimits": "150Mi"
}
],
"config": {
"max-history": "0"
}
},
{
"name": "blobfuse-flexvolume",
"enabled": true
},
{
"name": "keyvault-flexvolume",
"enabled": true
},
{
"name": "kubernetes-dashboard",
"enabled": true
},
{
"name": "aci-connector",
"enabled": false
},
{
"name": "smb-flexvolume",
"enabled": false
},
{
"name": "rescheduler",
"enabled": false
},
{
"name": "nvidia-device-plugin",
"enabled": false
}
]
}
},
"masterProfile": {
"count": 3,
"dnsPrefix": "master",
"vmSize": "Standard_B12ms",
"vnetSubnetId": "/subscriptions/xxxx-xxxxx-xxxxx-xxxx/resourceGroups/xxxx-xxxxx-xxxxx-xxxx/providers/Microsoft.Network/virtualNetworks/xxxx-xxxxx-xxxxx-xxxx/subnets/xxxx-xxxxx-xxxxx-xxxx",
"firstConsecutiveStaticIP": "xxx.xxx.xxx.xxx",
"distro": "aks-ubuntu-18.04",
"customVMTags": {
"Name": "k8s-master",
"ProjectID": "ICTO-27027",
"ApplicationID": "AKSE",
"ApplicationVersion": "v0.50.0",
"CostCenterID": "8120020",
"Role": "Shareservice",
"SupportContact": ""
}
},
"agentPoolProfiles": [
{
"name": "pool1",
"count": 4,
"vmSize": "Standard_B12ms",
"vnetSubnetId": "/subscriptions/xxxx-xxxxx-xxxxx-xxxx/resourceGroups/xxxx-xxxxx-xxxxx-xxxx/providers/Microsoft.Network/virtualNetworks/xxxx-xxxxx-xxxxx-xxxx/subnets/xxxx-xxxxx-xxxxx-xxxx",
"distro": "aks-ubuntu-18.04",
"availabilityProfile": "VirtualMachineScaleSets",
"storageProfile": "ManagedDisks",
"OSDiskSizeGB": 200,
"customVMTags": {
"Name": "k8s-vmss",
"ProjectID": "ICTO-27027",
"ApplicationID": "AKSE",
"ApplicationVersion": "v0.50.0",
"CostCenterID": "8120020",
"Role": "Shareservice",
"SupportContact": ""
}
},
{
"name": "pool2",
"count": 3,
"vmSize": "Standard_B12ms",
"vnetSubnetId": "/subscriptions/xxxx-xxxxx-xxxxx-xxxx/resourceGroups/xxxx-xxxxx-xxxxx-xxxx/providers/Microsoft.Network/virtualNetworks/xxxx-xxxxx-xxxxx-xxxx/subnets/xxxx-xxxxx-xxxxx-xxxx",
"distro": "aks-ubuntu-18.04",
"availabilityProfile": "VirtualMachineScaleSets",
"storageProfile": "ManagedDisks",
"OSDiskSizeGB": 200,
"customVMTags": {
"Name": "k8s-vmss",
"ProjectID": "ICTO-27027",
"ApplicationID": "AKSE",
"ApplicationVersion": "v0.50.0",
"CostCenterID": "8120020",
"Role": "Shareservice",
"SupportContact": ""
}
}
],
"linuxProfile": {
"adminUsername": "vmadmin",
"ssh": {
"publicKeys": [
{
"keyData": "ssh-rsa "
}
]
}
},
"aadProfile": {
"serverAppID": "xxxx-xxxxx-xxxxx-xxxx",
"clientAppID": "xxxx-xxxxx-xxxxx-xxxx",
"tenantID": "xxxx-xxxxx-xxxxx-xxxx",
"adminGroupID": "xxxx-xxxxx-xxxxx-xxxx"
},
"certificateProfile": {}
}
}
aks-engine generate akse.json
_output目录下会生成相关文件,建议备份这个目录下的文件,后面集群维护会使用相关配置文件或者证书。
aks-engine deploy --resource-group "xxxx-xxxx-xxxx-xxxx \
--azure-env "AzureChinaCloud" \
--location "${region}" \
--subscription-id "${subscription_id}" \
--client-id "${client_id}" \
--client-secret "${client_secret}" \
--api-model "_output/xxxx-xxxx-xxxx-xxxx/apimodel.json" \
-o "deploy" \
--debug -f
登录跳本机,安装kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.11/bin/linux/amd64/kubectl
确认安装,第一次登录集群需要通过aad认证
sudo kubectl get nodes
To sign in, use a web browser to open the page https://microsoft.com/deviceloginchina and enter the code CRXP2BB5U to authenticate.
NAME STATUS ROLES AGE VERSION
k8s-master-81692357-0 Ready master 7m2s v1.17.11
k8s-master-81692357-1 Ready master 7m2s v1.17.11
k8s-master-81692357-2 Ready master 6m7s v1.17.11
k8s-prdconapl-81692357-vmss000000 Ready agent 7m2s v1.17.11
k8s-prdconapl-81692357-vmss000001 Ready agent 7m2s v1.17.11
k8s-prdconapl-81692357-vmss000002 Ready agent 7m2s v1.17.11
k8s-prdconeny-81692357-vmss000000 Ready agent 7m2s v1.17.11