您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速入门:将 Windows 容器部署到 Service FabricQuickstart: Deploy Windows containers to Service Fabric

Azure Service Fabric 是一款分布式系统平台,可用于部署和管理可缩放的可靠微服务和容器。Azure Service Fabric is a distributed systems platform for deploying and managing scalable and reliable microservices and containers.

在 Service Fabric 群集上运行 Windows 容器中的现有应用程序不需要对应用程序进行任何更改。Running an existing application in a Windows container on a Service Fabric cluster doesn't require any changes to your application. 本快速入门介绍如何在 Service Fabric 应用程序中部署预建的 Docker 容器映像。This quickstart shows you how to deploy a pre-built Docker container image in a Service Fabric application. 完成后,你会有一个正在运行的 Windows Server Core 2016 Server 和 IIS 容器。When you're finished, you'll have a running Windows Server Core 2016 Server and IIS container. 本快速入门介绍如何部署 Windows 容器。This quickstart describes deploying a Windows container. 阅读此快速入门以部署 Linux 容器。Read this quickstart to deploy a Linux container.

IIS 默认网页

此快速入门介绍如何:In this quickstart you learn how to:

  • 打包 Docker 映像容器Package a Docker image container
  • 配置通信Configure communication
  • 生成并打包 Service Fabric 应用程序Build and package the Service Fabric application
  • 将容器应用程序部署到 AzureDeploy the container application to Azure

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

先决条件Prerequisites

使用 Visual Studio 打包 Docker 映像容器Package a Docker image container with Visual Studio

Service Fabric SDK 和工具提供服务模板,用于将容器部署到 Service Fabric 群集。The Service Fabric SDK and tools provide a service template to help you deploy a container to a Service Fabric cluster.

以“管理员”身份启动 Visual Studio。Start Visual Studio as "Administrator". 选择“文件” > “新建” > “项目” 。Select File > New > Project.

选择“Service Fabric 应用程序”,将其命名为“MyFirstContainer”,并单击“创建” 。Select Service Fabric application, name it "MyFirstContainer", and click Create.

从“托管的容器和应用程序”模板中选择“容器”。 Select Container from the Hosted Containers and Applications templates.

在“映像名称”中 输入“mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016”(Windows Server Core Server 和 IIS 基础映像)。In Image Name, enter "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016", the Windows Server Core Server and IIS base image.

配置容器的“端口到主机”端口映射,使端口 80 上针对服务的传入请求映射到容器上的端口 80。Configure the container port-to-host port mapping so that incoming requests to the service on port 80 are mapped to port 80 on the container. 将“容器端口”设置为“80”并将“主机端口”设置为“80” 。Set Container Port to "80" and set Host Port to "80".

将服务命名为“MyContainerService”,然后单击“确定”。 Name your service "MyContainerService", and click OK.

新服务对话框

为容器映像指定 OS 版本Specify the OS build for your container image

使用特定 Windows Server 版本生成的容器可能无法在运行不同 Windows Server 版本的主机上运行。Containers built with a specific version of Windows Server may not run on a host running a different version of Windows Server. 例如,使用 Windows Server 版本 1709 生成的容器不会在运行 Windows Server 2016 的主机上运行。For example, containers built using Windows Server version 1709 don't run on hosts running Windows Server 2016. 若要了解更多信息,请参阅 Windows Server 容器 OS 与主机 OS 的兼容性To learn more, see Windows Server container OS and host OS compatibility.

使用 Service Fabric 运行时版本 6.1 及更新版本,可以为每个容器指定多个 OS 映像,并使用它应该部署到的 OS 的内部版本来标记每个 OS 映像。With version 6.1 of the Service Fabric runtime and newer, you can specify multiple OS images per container and tag each with the build version of the OS that it should be deployed to. 这有助于确保应用程序能够在运行不同版本 Windows 操作系统的主机上运行。This helps to make sure that your application will run across hosts running different versions of Windows OS. 若要了解详细信息,请参阅指定特定于 OS 内部版本的容器映像To learn more, see Specify OS build specific container images.

Microsoft 为不同版本的 Windows Server 上生成的 IIS 版本发布不同的映像。Microsoft publishes different images for versions of IIS built on different versions of Windows Server. 若要确保 Service Fabric 部署的容器与在部署应用程序的群集节点上运行的 Windows Server 版本兼容,请将以下行添加到 ApplicationManifest.xml 文件。To make sure that Service Fabric deploys a container compatible with the version of Windows Server running on the cluster nodes where it deploys your application, add the following lines to the ApplicationManifest.xml file. Windows Server 2016 的内部版本为 14393,Windows Server 版本 1709 的内部版本为 16299。The build version for Windows Server 2016 is 14393 and the build version for Windows Server version 1709 is 16299.

    <ContainerHostPolicies CodePackageRef="Code"> 
      <ImageOverrides> 
        ...
          <Image Name="mcr.microsoft.com/windows/servercore/iis:windowsservercore-1803" /> 
          <Image Name= "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016" Os="14393" /> 
          <Image Name="mcr.microsoft.com/windows/servercore/iis:windowsservercore-1709" Os="16299" /> 
      </ImageOverrides> 
    </ContainerHostPolicies> 

服务清单继续为 nanoserver (mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016) 只指定一个映像。The service manifest continues to specify only one image for the nanoserver, mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016.

另外,请在 ApplicationManifest.xml 文件中,将 PasswordEncrypted 更改为 falseAlso in the ApplicationManifest.xml file, change PasswordEncrypted to false. 对于位于 Docker 中心的公共容器映像,帐户和密码是空的,因此,我们禁用了加密,因为加密空密码会导致生成错误。The account and password are blank for the public container image that is on Docker Hub, so we turn off encryption because encrypting a blank password will generate a build error.

<RepositoryCredentials AccountName="" Password="" PasswordEncrypted="false" />

创建群集Create a cluster

以下示例脚本创建一个由五个节点组成的 Service Fabric 群集(使用 X.509 证书保护的群集)。The following sample script creates a five-node Service Fabric cluster secured with an X.509 certificate. 该命令将创建一个自签名证书,并将其上传到新的 Key Vault。The command creates a self-signed certificate and uploads it to a new key vault. 该证书也会复制到本地目录。The certificate is also copied to a local directory. 可在创建 Service Fabric 群集中详细了解如何使用此脚本创建群集。You can learn more about creating a cluster using this script in Create a Service Fabric cluster.

必要时,请使用 Azure PowerShell 指南中的说明安装 Azure PowerShell。If needed, install the Azure PowerShell using the instructions found in the Azure PowerShell guide.

在运行以下脚本之前,请在 PowerShell 中运行 Connect-AzAccount 来与 Azure 建立连接。Before you run the following script, in PowerShell run Connect-AzAccount to create a connection with Azure.

将以下脚本复制到剪贴板,并打开 Windows PowerShell ISECopy the following script to the clipboard and open Windows PowerShell ISE. 将内容粘贴到空的 Untitled1.ps1 窗口。Paste the contents into the empty Untitled1.ps1 window. 然后,为脚本中的变量提供值:subscriptionIdcertpwdcertfolderadminuseradminpwd 等等。Then provide values for the variables in the script: subscriptionId, certpwd, certfolder, adminuser, adminpwd, and so on. 运行该脚本之前,为 certfolder 指定的目录必须存在。The directory you specify for certfolder must exist before you run the script.

#Provide the subscription Id
$subscriptionId = 'yourSubscriptionId'

# Certificate variables.
$certpwd="Password#1234" | ConvertTo-SecureString -AsPlainText -Force
$certfolder="c:\mycertificates\"

# Variables for VM admin.
$adminuser="vmadmin"
$adminpwd="Password#1234" | ConvertTo-SecureString -AsPlainText -Force 

# Variables for common values
$clusterloc="SouthCentralUS"
$clustername = "mysfcluster"
$groupname="mysfclustergroup"       
$vmsku = "Standard_D2_v2"
$vaultname = "mykeyvault"
$subname="$clustername.$clusterloc.cloudapp.azure.com"

# Set the number of cluster nodes. Possible values: 1, 3-99
$clustersize=5 

# Set the context to the subscription Id where the cluster will be created
Select-AzSubscription -SubscriptionId $subscriptionId

# Create the Service Fabric cluster.
New-AzServiceFabricCluster -Name $clustername -ResourceGroupName $groupname -Location $clusterloc `
-ClusterSize $clustersize -VmUserName $adminuser -VmPassword $adminpwd -CertificateSubjectName $subname `
-CertificatePassword $certpwd -CertificateOutputFolder $certfolder `
-OS WindowsServer2016DatacenterwithContainers -VmSku $vmsku -KeyVaultName $vaultname

为变量提供值后,按 F5 运行该脚本。Once you've provided your values for the variables, press F5 to run the script.

运行脚本并创建群集后,在输出中查找 ClusterEndpointAfter the script runs and the cluster is created, find the ClusterEndpoint in the output. 例如:For example:

...
ClusterEndpoint : https://southcentralus.servicefabric.azure.com/runtime/clusters/b76e757d-0b97-4037-a184-9046a7c818c0

安装群集的证书Install the certificate for the cluster

现在,我们将在 CurrentUser\My 证书存储中安装 PFX。Now we'll install the PFX in CurrentUser\My certificate store. PFX 文件位于在上述 PowerShell 脚本中使用 certfolder 环境变量指定的目录中。The PFX file will be in the directory you specified using the certfolder environment variable in the PowerShell script above.

请切换到该目录并运行以下 PowerShell 命令(请替换为 certfolder 目录中 PFX 文件的名称,以及在 certpwd 变量中指定的密码)。Change to that directory, and then run the following PowerShell command, replacing the name of the PFX file that is in your certfolder directory, and the password that you specified in the certpwd variable. 在此示例中,当前目录设置为 PowerShell 脚本中 certfolder 变量指定的目录。In this example, the current directory is set to the directory specified by the certfolder variable in the PowerShell script. 从该位置运行 Import-PfxCertificate 命令:From there the Import-PfxCertificate command is run:

PS C:\mycertificates> Import-PfxCertificate -FilePath .\mysfclustergroup20190130193456.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString Password#1234 -AsPlainText -Force)

该命令返回指纹:The command returns the Thumbprint:

  ...
  PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
----------                                -------
0AC30A2FA770BEF566226CFCF75A6515D73FC686  CN=mysfcluster.SouthCentralUS.cloudapp.azure.com

请记下指纹,以便在后续步骤中使用。Remember the thumbprint value for the following step.

使用 Visual Studio 将应用程序部署到 AzureDeploy the application to Azure using Visual Studio

至此,应用程序已准备就绪,可以直接通过 Visual Studio 将它部署到群集了。Now that the application is ready, you can deploy it to a cluster directly from Visual Studio.

在解决方案资源管理器中右键单击“MyFirstContainer”,选择“发布”。 Right-click MyFirstContainer in the Solution Explorer and choose Publish. 此时,“发布”对话框显示。The Publish dialog appears.

运行上述 Import-PfxCertificate 命令时,请复制 PowerShell 窗口中 CN = 后面的内容,并将端口 19000 添加到其中。Copy the content following CN= in the PowerShell window when you ran the Import-PfxCertificate command above, and add port 19000 to it. 例如,mysfcluster.SouthCentralUS.cloudapp.azure.com:19000For example, mysfcluster.SouthCentralUS.cloudapp.azure.com:19000. 复制到“连接终结点” 字段。Copy it into the Connection Endpoint field. 请记下此值,因为在后面的步骤中需要用到。Remember this value because you'll need it in a future step.

单击“高级连接参数”,验证连接参数信息。 Click Advanced Connection Parameters and verify the connection parameter information. FindValueServerCertThumbprint 值必须与在前一步骤中运行 Import-PfxCertificate 时安装的证书的指纹匹配。FindValue and ServerCertThumbprint values must match the thumbprint of the certificate installed when you ran Import-PfxCertificate in the previous step.

发布对话框

单击“发布” 。Click Publish.

群集中的每个应用程序都必须具有唯一名称。Each application in the cluster must have a unique name. 如果存在名称冲突,请重命名 Visual Studio 项目并重新部署。If there's a name conflict, rename the Visual Studio project and deploy again.

打开浏览器,并导航到在前一步骤中输入“连接终结点”字段的地址 。Open a browser and navigate to the address that you put into the Connection Endpoint field in the previous step. 可以选择性地在 URL 的前面添加方案标识符 http://,并在后面追加端口 :80You can optionally prepend the scheme identifier, http://, and append the port, :80, to the URL. 例如,http://mysfcluster.SouthCentralUS.cloudapp.azure.com:80。For example, http://mysfcluster.SouthCentralUS.cloudapp.azure.com:80.

此时会看到 IIS 默认网页:IIS 默认网页You should see the IIS default web page: IIS default web page

清理Clean up

只要群集处于运行状态,就会产生费用。You continue to incur charges while the cluster is running. 请考虑删除群集Consider deleting your cluster.

后续步骤Next steps

在此快速入门中,读者学习了如何:In this quickstart, you learned how to:

  • 打包 Docker 映像容器Package a Docker image container
  • 配置通信Configure communication
  • 生成并打包 Service Fabric 应用程序Build and package the Service Fabric application
  • 将容器应用程序部署到 AzureDeploy the container application to Azure

若要详细了解如何在 Service Fabric 中使用 Windows 容器,请继续学习适用于 Windows 容器应用的教程。To learn more about working with Windows containers in Service Fabric, continue to the tutorial for Windows container apps.