Pelayar ini tidak lagi disokong.
Naik taraf kepada Microsoft Edge untuk memanfaatkan ciri, kemas kini keselamatan dan sokongan teknikal yang terkini.
This guide assumes you're following the bring your own deployment strategy, where ALB Controller references the Application Gateway for Containers resources precreated in Azure. It's assumed that resource lifecycles are managed in Azure, independent from what is defined within Kubernetes.
Ensure you have first deployed ALB Controller into your Kubernetes cluster. You may follow the Quickstart: Deploy Application Gateway for Containers ALB Controller guide if you haven't already deployed the ALB Controller.
Execute the following command to create the Application Gateway for Containers resource.
RESOURCE_GROUP='<your resource group name>'
AGFC_NAME='alb-test' # Name of the Application Gateway for Containers resource to be created
az network alb create -g $RESOURCE_GROUP -n $AGFC_NAME
Execute the following command to create the Application Gateway for Containers frontend resource.
FRONTEND_NAME='test-frontend'
az network alb frontend create -g $RESOURCE_GROUP -n $FRONTEND_NAME --alb-name $AGFC_NAME
To create an association resource, you first need to reference a subnet for Application Gateway for Containers to establish connectivity to. Ensure the subnet for an Application Gateway for Containers association is at least a class C or larger (/24 or smaller CIDR prefix). For this step, you may either reuse an existing subnet and enable subnet delegation on it or create a new VNET, subnet, and enable subnet delegation.
To reference an existing subnet, execute the following command to set the variables for reference to the subnet in later steps.
VNET_NAME='<name of the virtual network to use>'
VNET_RESOURCE_GROUP='<the resource group of your VNET>'
ALB_SUBNET_NAME='subnet-alb' # subnet name can be any non-reserved subnet name (i.e. GatewaySubnet, AzureFirewallSubnet, AzureBastionSubnet would all be invalid)
Enable subnet delegation for the Application Gateway for Containers service. The delegation for Application Gateway for Containers is identified by the Microsoft.ServiceNetworking/trafficControllers resource type.
az network vnet subnet update \
--resource-group $VNET_RESOURCE_GROUP \
--name $ALB_SUBNET_NAME \
--vnet-name $VNET_NAME \
--delegations 'Microsoft.ServiceNetworking/trafficControllers'
ALB_SUBNET_ID=$(az network vnet subnet list --resource-group $VNET_RESOURCE_GROUP --vnet-name $VNET_NAME --query "[?name=='$ALB_SUBNET_NAME'].id" --output tsv)
echo $ALB_SUBNET_ID
ALB Controller needs the ability to provision new Application Gateway for Containers resources and join the subnet intended for the Application Gateway for Containers association resource.
In this example, we delegate the AppGW for Containers Configuration Manager role to the resource group and delegate the Network Contributor role to the subnet used by the Application Gateway for Containers association subnet, which contains the Microsoft.Network/virtualNetworks/subnets/join/action permission.
If desired, you can create and assign a custom role with the Microsoft.Network/virtualNetworks/subnets/join/action permission to eliminate other permissions contained in the Network Contributor role. Learn more about managing subnet permissions.
IDENTITY_RESOURCE_NAME='azure-alb-identity'
resourceGroupId=$(az group show --name $RESOURCE_GROUP --query id -otsv)
principalId=$(az identity show -g $RESOURCE_GROUP -n $IDENTITY_RESOURCE_NAME --query principalId -otsv)
# Delegate AppGw for Containers Configuration Manager role to RG containing Application Gateway for Containers resource
az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --scope $resourceGroupId --role "fbc52c3f-28ad-4303-a892-8a056630b8f1"
# Delegate Network Contributor permission for join to association subnet
az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --scope $ALB_SUBNET_ID --role "4d97b98b-1d4f-4787-a291-c67834d212e7"
Execute the following command to create the association resource and connect it to the referenced subnet. It can take 5-6 minutes for the Application Gateway for Containers association to be created.
ASSOCIATION_NAME='association-test'
az network alb association create -g $RESOURCE_GROUP -n $ASSOCIATION_NAME --alb-name $AGFC_NAME --subnet $ALB_SUBNET_ID
Congratulations, you have installed ALB Controller on your cluster and deployed the Application Gateway for Containers resources in Azure!
Try out a few of the how-to guides to deploy a sample application, demonstrating some of Application Gateway for Container's load balancing concepts.
Latihan
Modul
Guided Project - Deploy applications to Azure Kubernetes Service - Training
Welcome to this interactive skills validation experience. Completing this module helps prepare you for the Deploy and manage containers with Azure Kubernetes Service assessment.
Pensijilan
Microsoft Certified: Azure Administrator Associate - Certifications
Demonstrate key skills to configure, manage, secure, and administer key professional functions in Microsoft Azure.