使用 Active Directory 同盟服務將 Kubernetes 部署至 Azure Stack HubDeploy Kubernetes to Azure Stack Hub using Active Directory Federated Services

注意

僅使用 Kubernetes Azure Stack Marketplace 項目來將叢集部署為概念證明。Only use the Kubernetes Azure Stack Marketplace item to deploy clusters as a proof-of-concept. 如需 Azure Stack 上支援的 Kubernetes 叢集,請使用 AKS 引擎For supported Kubernetes clusters on Azure Stack, use the AKS engine.

您可以遵循本文中的步驟部署及設定 Kubernetes 的資源。You can follow the steps in this article to deploy and set up the resources for Kubernetes. 當 Active Directory 同盟服務 (AD FS) 是您的身分識別管理服務時,請使用下列步驟。Use these steps when Active Directory Federated Services (AD FS) is your identity management service.

必要條件Prerequisites

若要開始使用,請確定您具有適當權限,並且已備妥 Azure Stack Hub。To get started, make sure you have the right permissions and that your Azure Stack Hub is ready.

  1. 產生在 Azure Stack Hub 上用來登入 Linux VM 的 SSH 公開和私密金鑰組。Generate an SSH public and private key pair to sign in to the Linux VM on Azure Stack Hub. 您在建立叢集時需要用到公開金鑰。You need the public key when creating the cluster.

    如需產生金鑰的指示,請參閱 SSH 金鑰產生For instructions on generating a key, see SSH Key Generation.

  2. 確認您在 Azure Stack Hub 租用戶入口網站中具有有效的訂用帳戶,且您有足夠的公用 IP 位址可用來新增應用程式。Check that you have a valid subscription in your Azure Stack Hub tenant portal, and that you have enough public IP addresses available to add new applications.

    叢集無法部署至 Azure Stack Hub 的 系統管理員 訂用帳戶。The cluster cannot be deployed to an Azure Stack Hub Administrator subscription. 您必須使用「使用者」訂用帳戶。You must use a User subscription.

  3. 如果您的市集中沒有 Kubernetes 叢集,請連絡您的 Azure Stack Hub 系統管理員。If you do not have Kubernetes Cluster in your marketplace, talk to your Azure Stack Hub administrator.

建立服務主體Create a service principal

使用 AD FS 作為您的身分識別解決方案時,需要與您的 Azure Stack Hub 系統管理員一起設定服務主體。You need to work with your Azure Stack Hub administrator to set up your service principal when using AD FS as your identity solution. 服務主體可讓您的應用程式存取 Azure Stack Hub 資源。The service principal gives your application access to Azure Stack Hub resources.

  1. Azure Stack Hub 系統管理員會為您提供服務主體的資訊。Your Azure Stack Hub administrator provides you with the information for the service principal. 服務主體資訊應該看起來如下:The service principal information should look like:

      ApplicationIdentifier : S-1-5-21-1512385356-3796245103-1243299919-1356
      ClientId              : 3c87e710-9f91-420b-b009-31fa9e430145
      ClientSecret          : <your client secret>
      Thumbprint            : <often this value is empty>
      ApplicationName       : Azurestack-MyApp-c30febe7-1311-4fd8-9077-3d869db28342
      PSComputerName        : 192.168.200.224
      RunspaceId            : a78c76bb-8cae-4db4-a45a-c1420613e01b
    
  2. 將您的新服務主體指派為訂用帳戶的參與者角色。Assign your new service principal a role as a contributor to your subscription. 如需指示,請參閱指派角色For instructions, see Assign a role.

部署 KubernetesDeploy Kubernetes

  1. 開啟 Azure Stack Hub 入口網站 https://portal.local.azurestack.externalOpen the Azure Stack Hub portal https://portal.local.azurestack.external.

  2. 選取 [+ 建立資源] > [計算] > [Kubernetes 叢集]。Select + Create a resource > Compute > Kubernetes Cluster. 選取 [建立]。Select Create.

    顯示您建立 Kubernetes 叢集之頁面的螢幕擷取畫面。

1.基本概念1. Basics

  1. 在 [建立 Kubernetes 叢集] 中選取 [基本資料]。Select Basics in Create Kubernetes Cluster.

    螢幕擷取畫面,其中顯示您新增 Kubernetes 叢集相關基本資訊的位置。

  2. 選取 訂用帳戶 識別碼。Select your Subscription ID.

  3. 輸入新資源群組的名稱,或選取現有的資源群組。Enter the name of a new resource group or select an existing resource group. 資源名稱必須是小寫的英數字元。The resource name needs to be alphanumeric and lowercase.

  4. 選取資源群組的 [位置]。Select the Location of the resource group. 這是您選擇用來安裝 Azure Stack Hub 的區域。This is the region you choose for your Azure Stack Hub installation.

2.Kubernetes 叢集設定2. Kubernetes Cluster Settings

  1. 在 [建立 Kubernetes 叢集] 中選取 [Kubernetes 叢集設定]。Select Kubernetes Cluster Settings in Create Kubernetes Cluster.

    顯示您設定 Kubernetes 叢集設定步驟的螢幕擷取畫面。

  2. 輸入 Linux VM 系統管理員使用者名稱Enter the Linux VM admin username. 這是屬於 Kubernetes 叢集和 DVM 的 Linux 虛擬機器的使用者名稱。User name for the Linux Virtual Machines that are part of the Kubernetes cluster and DVM.

  3. 輸入用來對建立為 Kubernetes 叢集和 DVM 一部分的所有 Linux 機器進行授權的 SSH 公開金鑰Enter the SSH Public Key used for authorization to all Linux machines created as part of the Kubernetes cluster and DVM.

  4. 輸入在區域中具有唯一性的 主要設定檔 DNS 前置詞Enter the Master Profile DNS Prefix that is unique to the region. 這必須是區域中唯一的名稱,例如 k8s-12345This must be a region-unique name, such as k8s-12345. 根據最佳做法,請試著選擇與資源群組名稱相同的名稱。Try to chose it same as the resource group name as best practice.

    注意

    對於每個叢集,都應使用全新且唯一的主要設定檔 DNS 前置詞。For each cluster, use a new and unique master profile DNS prefix.

  5. 選取 [Kubernetes 主要集區設定檔計數]。Select the Kubernetes master pool profile count. 此計數包含主要集區中的節點數目。The count contains the number of nodes in the master pool. 可能的值介於 1 到 7 之間。There can be from 1 to 7. 此值應該是奇數。This value should be an odd number.

  6. 選取 [Kubernetes 主要 VM 的 VM 大小]。Select The VMSize of the Kubernetes master VMs.

  7. 選取 [Kubernetes 節點集區設定檔計數]。Select the Kubernetes node pool profile count. 此計數包含叢集中的代理程式數目。The count contains the number of agents in the cluster.

  8. 選取 [Kubernetes 節點 VM 的 VM 大小]。Select the VMSize of the Kubernetes node VMs. 這會指定 Kubernetes 節點 VM 的 VM 大小。This specifies the VM Size of Kubernetes node VMs.

  9. 針對 Azure Stack Hub 安裝的 Azure Stack Hub 身分識別系統 選取 [ADFS]。Select ADFS for the Azure Stack Hub identity system for your Azure Stack Hub installation.

  10. 輸入 服務主體 ClientId。Kubernetes Azure 雲端提供者會使用此識別碼。Enter the Service principal clientId This is used by the Kubernetes Azure cloud provider. 當 Azure Stack Hub 系統管理員建立服務主體時,用戶端識別碼已識別為應用程式識別碼。The Client ID identified as the Application ID when your Azure Stack Hub administrator created the service principal.

  11. 輸入 服務主體用戶端密碼Enter the Service principal client secret. 這是您 Azure Stack Hub 系統管理員為 AD FS 服務主體提供的用戶端密碼。This is the client secret provided to you for your AD FS service principle from your Azure Stack Hub administrator.

  12. 輸入 Kubernetes 版本Enter the Kubernetes version. 這是 Kubernetes Azure 提供者的版本。This is the version for the Kubernetes Azure provider. Azure Stack Hub 會為每個 Azure Stack Hub 版本發行一個自訂 Kubernetes 組建。Azure Stack Hub releases a custom Kubernetes build for each Azure Stack Hub version.

3.摘要3. Summary

  1. 選取總結。Select Summary. 刀鋒視窗會顯示您 Kubernetes 叢集組態設定的驗證訊息。The blade displays a validation message for your Kubernetes Cluster configurations settings.

    部署解決方案範本

  2. 檢閱您的設定。Review your settings.

  3. 選取 [確定] 以部署叢集。Select OK to deploy your cluster.

提示

如果您有任何關於部署的問題,可以張貼您的問題,或查看是否有人已在 Azure Stack Hub 論壇中回答過此問題。If you have questions about your deployment, you can post your question or see if someone has already answered the question in the Azure Stack Hub Forum.

後續步驟Next steps

連線至您的叢集Connect to your cluster

啟用 Kubernetes 儀表板Enable the Kubernetes Dashboard