您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

安全的 DevOps for AKS

Kubernetes 服务
监视
管道
策略
GitHub

解决方案构想 Solution Idea

若要查看有关详细信息、实现细节、定价指南或代码示例的信息,请向我们提供 GitHub 反馈If you'd like to see us expand this article with more information, implementation details, pricing guidance, or code examples, let us know with GitHub Feedback!

DevOps 和 Kubernetes 的结合更好。DevOps and Kubernetes are better together. 将 secure DevOps 与 Azure 上的 Kubernetes 一起实现,可以实现速度和安全性之间的平衡,并在规模上更快速地交付代码。Implementing secure DevOps together with Kubernetes on Azure, you can achieve the balance between speed and security and deliver code faster at scale. 使用具有动态策略控制的 CI/CD 围绕开发过程,并使用持续监视加快反馈循环,使 guardrails。Put guardrails around the development processes using CI/CD with dynamic policy controls and accelerate feedback loop with constant monitoring. 通过 Azure 策略确保关键策略的实施,可使用 Azure Pipelines 快速交付。Use Azure Pipelines to deliver fast while ensuring enforcement of critical policies with Azure Policy. Azure 为你的生成和发布管道提供实时可观察性,并可以轻松地应用合规性审核和重新登录。Azure provides you real-time observability for your build and release pipelines, and the ability to apply compliance audit and reconfigurations easily.

体系结构Architecture

体系结构关系图 下载此体系结构的SVGArchitecture diagram Download an SVG of this architecture.

开发人员可在同一 Kubernetes 群集中快速循环访问、测试和调试应用程序的不同部分Developers rapidly iterate, test, and debug different parts of an application together in the same Kubernetes cluster

代码会合并到 GitHub 存储库中,之后 Azure Pipelines 将自动生成和测试Code is merged into a GitHub repository, after which automated builds and tests are run by Azure Pipelines

代码会合并到 GitHub 存储库中,之后 Azure Pipelines 将自动生成和测试Code is merged into a GitHub repository, after which automated builds and tests are run by Azure Pipelines

发布管道在每次代码更改时自动执行预定义的部署策略Release pipeline automatically executes pre-defined deployment strategy with each code change

应用遥测、容器运行状况监视和实时日志分析是使用 Azure MonitorApp telemetry, container health monitoring, and real-time log analytics are obtained using Azure Monitor

数据流Data Flow

  1. 开发人员可在同一 Kubernetes 群集中快速循环访问、测试和调试应用程序的不同部分。Developers rapidly iterate, test, and debug different parts of an application together in the same Kubernetes cluster.
  2. 代码会合并到 GitHub 存储库,之后 Azure Pipelines 会运行自动生成和测试。Code is merged into a GitHub repository, after which automated builds and tests are run by Azure Pipelines.
  3. 在每次更改代码时,Release 管道会自动执行预定义的部署策略。Release pipeline automatically executes pre-defined deployment strategy with each code change.
  4. Kubernetes 群集是使用 Helm 图等工具进行设置的,这些工具定义应用资源和配置所需的状态。Kubernetes clusters are provisioned using tools like Helm charts that define the desired state of app resources and configurations.
  5. 容器映像已推送到 Azure 容器注册表。Container image is pushed to Azure Container Registry.
  6. 群集操作员在 Azure 策略中定义策略,以管理 AKS 群集的部署。Cluster operators define policies in Azure Policy to govern deployments to the AKS cluster.
  7. Azure 策略在 AKS 控制平面级别审核来自管道的请求。Azure Policy audits requests from the pipeline at the AKS control plane level.
  8. 应用遥测、容器运行状况监视和实时日志分析是使用 Azure Monitor 获取的。App telemetry, container health monitoring, and real-time log analytics are obtained using Azure Monitor.
  9. 用于解决问题并送入下一个冲刺(sprint)计划的见解。Insights used to address issues and fed into next sprint plans.

生成并部署到 Azure Kubernetes 服务Build and deploy to Azure Kubernetes Service

组件Components

后续步骤Next steps