Azure Kubernetes Service (AKS)Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) 可讓您輕鬆地在 Azure 中部署受控 Kubernetes 叢集。Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS 可降低管理 Kubernetes 的複雜性和作業負荷,因為是由 Azure 負責大部分的工作。AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. 以主控的 Kubernetes 服務形式,Azure 會為您處理像是健康狀態監視和維護等重要工作。As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. Kubernetes 主機是由 Azure 管理。The Kubernetes masters are managed by Azure. 您只需要管理及維護代理程式節點。You only manage and maintain the agent nodes. 由於是受控 Kubernetes 服務,AKS 是免費的,您只需要針對叢集中的代理程式節點付費,而不用為主機付費。As a managed Kubernetes service, AKS is free - you only pay for the agent nodes within your clusters, not for the masters.

您可以使用 Azure CLI 或 Resource Manager 範本與 Terraform 等以範本為基礎的部署選項,在 Azure 入口網站中建立 AKS 叢集。You can create an AKS cluster in the Azure portal, with the Azure CLI, or template driven deployment options such as Resource Manager templates and Terraform. 部署 AKS 叢集時,系統會為您部署及設定 Kubernetes 主機與所有節點。When you deploy an AKS cluster, the Kubernetes master and all nodes are deployed and configured for you. 部署程序中也可以設定其他功能,例如進階網路功能、Azure Active Directory 整合及監視功能。Additional features such as advanced networking, Azure Active Directory integration, and monitoring can also be configured during the deployment process. AKS 中支援 Windows Server 容器。Windows Server containers are supported in AKS.

如需 Kubernetes 基本概念的詳細資訊,請參閱 AKS 的 Kubernetes 核心概念For more information on Kubernetes basics, see Kubernetes core concepts for AKS.

若要開始使用,請在 Azure 入口網站中使用 Azure CLI 來完成 AKS 快速入門。To get started, complete the AKS quickstart in the Azure portal or with the Azure CLI.


此服務支援 Azure Lighthouse,可讓服務提供者登入其本身的租用戶,以管理客戶所委派的訂用帳戶和資源群組。This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and resource groups that customers have delegated.

存取、安全性和監視Access, security, and monitoring

針對改善的安全性和管理,AKS 可讓您與 Azure Active Directory 整合,並使用 Kubernetes 角色型存取控制 (Kubernetes RBAC)。For improved security and management, AKS lets you integrate with Azure Active Directory and use Kubernetes role-based access control (Kubernetes RBAC). 您也可以監視叢集與資源的健康情況。You can also monitor the health of your cluster and resources.

身分識別和安全性管理Identity and security management

為限制對叢集資源的存取,AKS 支援 Kubernetes 角色型存取控制 (Kubernetes RBAC)To limit access to cluster resources, AKS supports Kubernetes role-based access control (Kubernetes RBAC). Kubernetes RBAC 可讓您控制 Kubernetes 資源與命名空間的存取,以及這些資源的權限。Kubernetes RBAC lets you control access to Kubernetes resources and namespaces, and permissions to those resources. 您也可以將 AKS 叢集設定成與 Azure Active Directory (AD) 整合。You can also configure an AKS cluster to integrate with Azure Active Directory (AD). 若與 Azure AD 整合,您可以根據現有的身分識別與群組成員資格來設定 Kubernetes 存取。With Azure AD integration, Kubernetes access can be configured based on existing identity and group membership. 可以為您現有的 Azure AD 使用者與群組提供 AKS 資源的存取權,且包含整合式登入體驗。Your existing Azure AD users and groups can be provided access to AKS resources and with an integrated sign-on experience.

如需身分識別的詳細資訊,請參閱 AKS 的存取和身分識別選項For more information on identity, see Access and identity options for AKS.

若要保護您的 AKS 叢集,請參閱整合 Azure Active Directory 與 AKSTo secure your AKS clusters, see Integrate Azure Active Directory with AKS.

整合的記錄和監視功能Integrated logging and monitoring

若要了解您的 AKS 叢集與已部署應用程式的執行情況,適用於容器健康情況的 Azure 監視器可從容器、節點與控制站收集記憶體與處理器計量。To understand how your AKS cluster and deployed applications are performing, Azure Monitor for container health collects memory and processor metrics from containers, nodes, and controllers. 您可以取得容器記錄,而且也可以檢閱 Kubernetes 主機記錄Container logs are available, and you can also review the Kubernetes master logs. 此監視資料會儲存在 Azure Log Analytics 工作區,而且可透過 Azure 入口網站、Azure CLI 或 REST 端點取得。This monitoring data is stored in an Azure Log Analytics workspace, and is available through the Azure portal, Azure CLI, or a REST endpoint.

如需詳細資訊,請參閱監視 Azure Kubernetes Service 的容器健康情況For more information, see Monitor Azure Kubernetes Service container health.

叢集和節點Clusters and nodes

AKS 節點是在 Azure 虛擬機器上執行的。AKS nodes run on Azure virtual machines. 您可以將儲存體連接到節點和 Pod、升級叢集節點,以及使用 GPU。You can connect storage to nodes and pods, upgrade cluster components, and use GPUs. AKS 支援的 Kubernetes 叢集可執行多個節點集區,以支援混合式作業系統和 Windows Server 容器。AKS supports Kubernetes clusters that run multiple node pools to support mixed operating systems and Windows Server containers. Linux 節點會執行自訂的 Ubuntu OS 映像,Windows Server 節點則會執行自訂的 Windows Server 2019 OS 映像。Linux nodes run a customized Ubuntu OS image, and Windows Server nodes run a customized Windows Server 2019 OS image.

調整叢集節點與 PodCluster node and pod scaling

視資源變更的需求,執行服務的叢集節點或 Pod 數目可以自動擴大或縮小。As demand for resources change, the number of cluster nodes or pods that run your services can automatically scale up or down. 您可以同時使用水平 Pod 自動調整程式或叢集自動調整程式。You can use both the horizontal pod autoscaler or the cluster autoscaler. 此調整方式讓 AKS 叢集視需要自動調整,並且只執行需要的資源。This approach to scaling lets the AKS cluster automatically adjust to demands and only run the resources needed.

如需詳細資訊,請參閱縮放 Azure Kubernetes Service (AKS) 叢集For more information, see Scale an Azure Kubernetes Service (AKS) cluster.

叢集節點升級Cluster node upgrades

Azure Kubernetes Service 提供多個 Kubernetes 版本。Azure Kubernetes Service offers multiple Kubernetes versions. 當 AKS 有新版本可用時,您可以使用 Azure 入口網站或 Azure CLI 來升級您的叢集。As new versions become available in AKS, your cluster can be upgraded using the Azure portal or Azure CLI. 在升級過程中,會將節點仔細地隔離並清空,將中斷執行中應用程式的情況降到最低。During the upgrade process, nodes are carefully cordoned and drained to minimize disruption to running applications.

若要深入了解生命週期的版本,請參閱 AKS 中支援的 Kubernetes 版本To learn more about lifecycle versions, see Supported Kubernetes versions in AKS. 如需如何升級的步驟,請參閱升級 Azure Kubernetes Service (AKS) 叢集For steps on how to upgrade, see Upgrade an Azure Kubernetes Service (AKS) cluster.

已啟用 GPU 的節點GPU-enabled nodes

AKS 支援建立已啟用 GPU 的節點集區。AKS supports the creation of GPU-enabled node pools. Azure 目前提供單一或多個已啟用 GPU 的虛擬機器。Azure currently provides single or multiple GPU-enabled VMs. 已啟用 GPU 的虛擬機器是專門針對計算密集型、圖形密集型及視覺效果的工作負載所設計。GPU-enabled VMs are designed for compute-intensive, graphics-intensive, and visualization workloads.

如需詳細資訊,請參閱在 AKS 上使用 GPUFor more information, see Using GPUs on AKS.

機密計算節點 (公開預覽)Confidential computing nodes (public preview)

AKS 支援建立 Intel SGX 型的機密計算節點集區 (DCSv2 VM)。AKS supports the creation of Intel SGX based confidential computing node pools (DCSv2 VMs). 機密計算節點可讓容器在硬體型的信任執行環境 (記憶體保護區) 中執行。Confidential computing nodes allow containers to run in a hardware-based trusted execution environment (enclaves). 透過證明而與程式碼完整性結合的容器之間的隔離,可以協助您實現深度防禦的容器安全性策略。Isolation between containers, combined with code integrity through attestation, can help with your defense-in-depth container security strategy. 機密計算節點同時支援機密容器 (現有的 Docker 應用程式) 和記憶體保護區感知容器。Confidential computing nodes supports both confidential containers (existing Docker apps) and enclave-aware containers.

如需詳細資訊,請參閱 AKS 上的機密計算節點For more information, see Confidential computing nodes on AKS.

存放磁碟區支援Storage volume support

若要支援應用程式工作負載,您可以掛接存放永續性資料的儲存體磁碟區。To support application workloads, you can mount storage volumes for persistent data. 可以使用靜態與動態磁碟區。Both static and dynamic volumes can be used. 您可以根據要共用儲存體的已連線 Pod 數目,來決定要使用 Azure 磁碟所提供適用於單一 Pod 存取的儲存體,或使用 Azure 檔案服務所提供適用於多個 Pod 並行存取的儲存體。Depending on how many connected pods are to share the storage, you can use storage backed by either Azure Disks for single pod access, or Azure Files for multiple concurrent pod access.

如需詳細資訊,請參閱 AKS 中的應用程式適用的儲存體選項For more information, see Storage options for applications in AKS.

開始以 Azure 磁碟Azure 檔案儲存體來使用動態永續性磁碟區。Get started with dynamic persistent volumes using Azure Disks or Azure Files.

虛擬網路與輸入Virtual networks and ingress

AKS 叢集可以部署到現有的虛擬網路中。An AKS cluster can be deployed into an existing virtual network. 在此設定中,叢集中的每個 Pod 都會獲指派虛擬網路中的 IP 位址,而且可以直接與叢集中的其他 Pod 以及虛擬網路中的其他節點通訊。In this configuration, every pod in the cluster is assigned an IP address in the virtual network, and can directly communicate with other pods in the cluster, and other nodes in the virtual network. Pod 也可以連線到對等互連虛擬網路中的其他服務,也可以透過 ExpressRoute 或站對站 (S2S) VPN 連線來連線到內部部署網路。Pods can also connect to other services in a peered virtual network, and to on-premises networks over ExpressRoute or site-to-site (S2S) VPN connections.

如需詳細資訊,請參閱 AKS 中的網路概念For more information, see the Network concepts for applications in AKS.

若要開始使用輸入流量,請參閱 HTTP 應用程式路由To get started with ingress traffic, see HTTP application routing.

使用 HTTP 應用程式路由的輸入Ingress with HTTP application routing

HTTP 應用程式路由附加元件可讓您輕鬆存取已部署到 AKS 叢集的應用程式。The HTTP application routing add-on makes it easy to access applications deployed to your AKS cluster. 啟用時,HTTP 應用程式路由解決方案會設定 AKS 叢集中的輸入控制器。When enabled, the HTTP application routing solution configures an ingress controller in your AKS cluster. 部署應用程式時,系統會自動設定可公開存取的 DNS 名稱。As applications are deployed, publicly accessible DNS names are auto configured. HTTP 應用程式路由會設定 DNS 區域,並將它與 AKS 叢集整合。The HTTP application routing configures a DNS zone and integrates it with the AKS cluster. 接著,您可以如往常一樣部署 Kubernetes 輸入資源。You can then deploy Kubernetes ingress resources as normal.

若要開始使用輸入流量,請參閱 HTTP 應用程式路由To get started with ingress traffic, see HTTP application routing.

開發工具整合Development tooling integration

Kubernetes 具有豐富的開發和管理工具生態系統,例如 Helm 和 Visual Studio Code 的 Kubernetes 擴充功能。Kubernetes has a rich ecosystem of development and management tools such as Helm and the Kubernetes extension for Visual Studio Code. 這些工具可與 AKS 完美搭配。These tools work seamlessly with AKS.

此外,Azure Dev Spaces 可為小組提供快速、疊代的 Kubernetes 開發經驗。Additionally, Azure Dev Spaces provides a rapid, iterative Kubernetes development experience for teams. 使用基本設定,您就可以直接在 AKS 中執行容器並進行偵錯。With minimal configuration, you can run and debug containers directly in AKS. 若要開始使用,請參閱 Azure Dev SpacesTo get started, see Azure Dev Spaces.

DevOps Starter 提供簡單的解決方案,讓您可以將現有的程式碼和 Git 存放庫帶入 Azure。DevOps Starter provides a simple solution for bringing existing code and Git repositories into Azure. DevOps Starter 會自動建立 ASK (Azure DevOps Services 中的發行管線,其中包含 CI 建置管線) 等 Azure 資源、設定 CD 發行管線,然後建立監視用的 Azure Application Insights 資源。DevOps Starter automatically creates Azure resources such as AKS, a release pipeline in Azure DevOps Services that includes a build pipeline for CI, sets up a release pipeline for CD, and then creates an Azure Application Insights resource for monitoring.

如需詳細資訊,請參閱 DevOps StarterFor more information, see DevOps Starter.

Docker 映像支援和私人容器登錄Docker image support and private container registry

AKS 支援 Docker 映像格式。AKS supports the Docker image format. 針對您 Docker 映像的私人儲存體,您可以將 AKS 與 Azure Container Registry (ACR) 整合。For private storage of your Docker images, you can integrate AKS with Azure Container Registry (ACR).

若要建立私人映像存放區,請參閱 Azure Container RegistryTo create a private image store, see Azure Container Registry.

Kubernetes 憑證Kubernetes certification

Azure Kubernetes Service (AKS) 已經由 CNCF 認證,符合 Kubernetes 相關規範。Azure Kubernetes Service (AKS) has been CNCF certified as Kubernetes conformant.

法規遵循Regulatory compliance

Azure Kubernetes Service (AKS) 符合 SOC、ISO、PCI DSS 和 HIPAA 的規範。Azure Kubernetes Service (AKS) is compliant with SOC, ISO, PCI DSS, and HIPAA. 如需詳細資訊,請參閱 Microsoft Azure 合規性的概觀For more information, see Overview of Microsoft Azure compliance.

後續步驟Next steps

深入了解使用 Azure CLI 部署及管理 AKS 的快速入門。Learn more about deploying and managing AKS with the Azure CLI quickstart.