使用 Active Directory 联合服务将 Kubernetes 部署到 Azure Stack 中心Deploy Kubernetes to Azure Stack Hub using Active Directory Federated Services

备注

仅使用 Kubernetes Azure Stack Marketplace 项将群集部署为概念证明。Only use the Kubernetes Azure Stack Marketplace item to deploy clusters as a proof-of-concept. 有关 Azure Stack 上支持的 Kubernetes 群集,请使用 AKS 引擎 For supported Kubernetes clusters on Azure Stack, use the AKS engine.

可以按照本文中的步骤部署和设置 Kubernetes 的资源。You can follow the steps in this article to deploy and set up the resources for Kubernetes. Active Directory 联合服务(AD FS)是标识管理服务时,请使用以下步骤。Use these steps when Active Directory Federated Services (AD FS) is your identity management service.

必备条件Prerequisites

若要开始,请确保具有适当的权限,并且 Azure Stack 中心已准备就绪。To get started, make sure you have the right permissions and that your Azure Stack Hub is ready.

  1. 生成 SSH 公钥和私钥对,用于登录到 Azure Stack 集线器上的 Linux VM。Generate an SSH public and private key pair to sign in to the Linux VM on Azure Stack Hub. 创建群集时需要公钥。You need the public key when creating the cluster.

    有关生成密钥的说明,请参阅SSH 密钥生成For instructions on generating a key, see SSH Key Generation.

  2. 请检查 Azure Stack 中心租户门户中是否有有效的订阅,以及是否有足够的公共 IP 地址可用于添加新的应用程序。Check that you have a valid subscription in your Azure Stack Hub tenant portal, and that you have enough public IP addresses available to add new applications.

    无法将群集部署到 Azure Stack 中心管理员订阅。The cluster cannot be deployed to an Azure Stack Hub Administrator subscription. 必须使用用户订阅。You must use a User subscription.

  3. 如果 marketplace 中没有 Kubernetes 群集,请向 Azure Stack 中心管理员咨询。If you do not have Kubernetes Cluster in your marketplace, talk to your Azure Stack Hub administrator.

创建服务主体Create a service principal

使用 AD FS 作为标识解决方案时,你需要与 Azure Stack 中心管理员合作来设置你的服务主体。You need to work with your Azure Stack Hub administrator to set up your service principal when using AD FS as your identity solution. 服务主体允许应用程序访问 Azure Stack 集线器资源。The service principal gives your application access to Azure Stack Hub resources.

  1. Azure Stack 中心管理员提供有关服务主体的信息。Your Azure Stack Hub administrator provides you with the information for the service principal. 服务主体信息应该如下所示:The service principal information should look like:

      ApplicationIdentifier : S-1-5-21-1512385356-3796245103-1243299919-1356
      ClientId              : 3c87e710-9f91-420b-b009-31fa9e430145
      ClientSecret          : <your client secret>
      Thumbprint            : <often this value is empty>
      ApplicationName       : Azurestack-MyApp-c30febe7-1311-4fd8-9077-3d869db28342
      PSComputerName        : 192.168.200.224
      RunspaceId            : a78c76bb-8cae-4db4-a45a-c1420613e01b
    
  2. 为你的订阅分配作为参与者的新服务主体角色。Assign your new service principal a role as a contributor to your subscription. 有关说明,请参阅分配角色For instructions, see Assign a role.

部署 KubernetesDeploy Kubernetes

  1. 打开Azure Stack 集线器门户Open the Azure Stack Hub portal.

  2. 选择 " + 创建资源" > 计算 > Kubernetes 群集"。Select + Create a resource > Compute > Kubernetes Cluster. 选择“创建”。Select Create.

    部署解决方案模板

1. 基础知识1. Basics

  1. 选择创建 Kubernetes 群集中的基础知识Select Basics in Create Kubernetes Cluster.

    部署解决方案模板

  2. 选择订阅ID。Select your Subscription ID.

  3. 输入新资源组的名称,或者选择现有资源组。Enter the name of a new resource group or select an existing resource group. 资源名称必须为字母数字,且必须小写。The resource name needs to be alphanumeric and lowercase.

  4. 选择资源组的位置Select the Location of the resource group. 这是你为 Azure Stack 集线器安装选择的区域。This is the region you choose for your Azure Stack Hub installation.

2. Kubernetes 群集设置2. Kubernetes Cluster Settings

  1. 选择 "创建 Kubernetes 群集中的Kubernetes 群集设置"。Select Kubernetes Cluster Settings in Create Kubernetes Cluster.

    部署解决方案模板

  2. 输入LINUX VM 管理员用户名Enter the Linux VM admin username. 构成 Kubernetes 群集和 DVM 的 Linux 虚拟机的用户名。User name for the Linux Virtual Machines that are part of the Kubernetes cluster and DVM.

  3. 输入用于授权到作为 Kubernetes 群集的一部分创建的所有 Linux 计算机的SSH 公钥和 DVM。Enter the SSH Public Key used for authorization to all Linux machines created as part of the Kubernetes cluster and DVM.

  4. 输入在区域中唯一的主配置文件 DNS 前缀Enter the Master Profile DNS Prefix that is unique to the region. 此名称必须是区域唯一名称,如 k8s-12345This must be a region-unique name, such as k8s-12345. 尝试选择与资源组名称相同的最佳实践。Try to chose it same as the resource group name as best practice.

    备注

    为每个群集使用新且唯一的主配置文件 DNS 前缀。For each cluster, use a new and unique master profile DNS prefix.

  5. 选择Kubernetes 主池配置文件计数Select the Kubernetes master pool profile count. 计数包含主池中的节点数。The count contains the number of nodes in the master pool. 可能有1到7之间。There can be from 1 to 7. 此值应为奇数。This value should be an odd number.

  6. 选择Kubernetes 主 vm 的 VMSizeSelect The VMSize of the Kubernetes master VMs.

  7. 选择Kubernetes 节点池配置文件计数Select the Kubernetes node pool profile count. 此计数包含群集中的代理数。The count contains the number of agents in the cluster.

  8. 选择Kubernetes 节点 vm 的 VMSizeSelect the VMSize of the Kubernetes node VMs. 这将指定 Kubernetes 节点 Vm 的 VM 大小。This specifies the VM Size of Kubernetes node VMs.

  9. 为 Azure Stack 中心安装选择Azure Stack 集线器标识系统ADFSSelect ADFS for the Azure Stack Hub identity system for your Azure Stack Hub installation.

  10. 输入服务主体 clientId这由 Kubernetes Azure 云提供程序使用。Enter the Service principal clientId This is used by the Kubernetes Azure cloud provider. Azure Stack 中心管理员创建服务主体时标识为应用程序 ID 的客户端 ID。The Client ID identified as the Application ID when your Azure Stack Hub administrator created the service principal.

  11. 输入服务主体客户端机密Enter the Service principal client secret. 这是你从 Azure Stack 中心管理员为你的 AD FS 服务主体提供的客户端密码。This is the client secret provided to you for your AD FS service principle from your Azure Stack Hub administrator.

  12. 输入Kubernetes 版本Enter the Kubernetes version. 这是 Kubernetes Azure 提供程序的版本。This is the version for the Kubernetes Azure provider. Azure Stack 中心为每个 Azure Stack 中心版本发布自定义 Kubernetes 生成。Azure Stack Hub releases a custom Kubernetes build for each Azure Stack Hub version.

3. 摘要3. Summary

  1. 选择 "摘要"。Select Summary. 边栏选项卡会显示 Kubernetes 群集配置设置的验证消息。The blade displays a validation message for your Kubernetes Cluster configurations settings.

    部署解决方案模板

  2. 查看设置。Review your settings.

  3. 选择 "确定" 以部署群集。Select OK to deploy your cluster.

提示

如果你对部署有任何疑问,则可以发布问题,或者查看是否有人在Azure Stack 中心论坛中回答了问题。If you have questions about your deployment, you can post your question or see if someone has already answered the question in the Azure Stack Hub Forum.

后续步骤Next steps

连接到群集Connect to your cluster

启用 Kubernetes 仪表板Enable the Kubernetes Dashboard