Azure Container Instance (ACI)
Azure 容器實例(ACI)提供了在 Azure 中運行容器的最簡捷方式,它不需要用戶配置任何虛擬機或其它高級服務。ACI 適用於快速突髮式增長和資源調整的業務,但功能相對比較簡單。對於需要完整容器集群編排功能的場景建議使用 ACS 或 AKS。
ACI 的優勢包括
- 不需要用戶配置和管理虛擬機就可以提供虛擬機級別的安全隔離
- 啟動快速
- 支持自定義大小
- 支持綁定公網IP和持久化存儲
- 支持Linux 和 Windows 容器
- 支持容器組將多個容器運行在一起(類似於 Kubernetes Pod),它們共享相同的生命周期、網路協議棧、IP地址以及存儲
- 可以通過aci-connector-k8s將 ACI 作為 Kubernetes 集群的一個無限 Node 使用
注意:目前 ACI 僅在 westus、eastus 和 westeurope 等區域開放。
入門示例
# 創建資源組naz group create --name myResourceGroup --location eastusnn# 創建容器(對應 docker run)naz container create --name mycontainer --image microsoft/aci-helloworld --resource-group myResourceGroup --ip-address publicnn# 查詢容器(對應 docker ps或 docker inspect)naz container show --name mycontainer --resource-group myResourceGroup [-o table/json]nn# 查詢容器日誌naz container logs --name mycontainer --resource-group myResourceGroupnn# 刪除容器naz container delete --name mycontainer --resource-group myResourceGroupn
容器組
支持容器組將多個容器運行在一起(類似於 Kubernetes Pod),它們共享相同的生命周期、網路協議棧、IP地址以及持久化存儲。容器組常以 sidecar 模式運行一組功能管理的容器,如應用程序和監控容器、應用程序和日誌容器等。
目前,容器組僅支持以模板的方式來運行。模板格式為
{n "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",n "contentVersion": "1.0.0.0",n "parameters": {n },n "variables": {n "container1name": "aci-tutorial-app",n "container1image": "microsoft/aci-helloworld:latest",n "container2name": "aci-tutorial-sidecar", n "container2image": "microsoft/aci-tutorial-sidecar"n },n "resources": [n {n "name": "myContainerGroup",n "type": "Microsoft.ContainerInstance/containerGroups",n "apiVersion": "2017-08-01-preview",n "location": "[resourceGroup().location]",n "properties": {n "containers": [n {n "name": "[variables(container1name)]",n "properties": {n "image": "[variables(container1image)]",n "resources": {n "requests": {n "cpu": 1,n "memoryInGb": 1.5n }n },n "ports": [n {n "port": 80n }n ]n }n },n {n "name": "[variables(container2name)]",n "properties": {n "image": "[variables(container2image)]",n "resources": {n "requests": {n "cpu": 1,n "memoryInGb": 1.5n }n }n }n }n ],n "osType": "Linux",n "ipAddress": {n "type": "Public",n "ports": [n {n "protocol": "tcp",n "port": "80"n }n ]n }n }n }n ],n "outputs": {n "containerIPv4Address": {n "type": "string",n "value": "[reference(resourceId(Microsoft.ContainerInstance/containerGroups/, myContainerGroup)).ipAddress.ip]"n }n }n }n
而部署容器組也需要使用 az group deployment
命令
az group deployment create --name myContainerGroup --resource-group myResourceGroup --template-file azuredeploy.jsonn
部署成功後就可以通過 az container
命令來查看或操作容器了(使用 --container-name
指定操作的是哪個容器)。
私有鏡像
私有鏡像可以存儲在 Azure 容器註冊表(ACR)中。
# Create ACRnaz acr create --resource-group myResourceGroup --name <acrName> --sku Basic --admin-enabled truenn# Loginnaz acr login --name <acrName>nn# Tag the image.naz acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output tablendocker tag azure-vote-front <acrLoginServer>/azure-vote-front:redis-v1nn# push imagendocker push <acrLoginServer>/azure-vote-front:redis-v1nn# List images.naz acr repository list --name <acrName> --output tablen
使用私有鏡像創建容器時,需要通過 --registry-password
選項給每個容器設置密碼(比 docker login 麻煩一些):
# Query password.naz acr credential show --name <acrName> --query "passwords[0].value"n# Create container.naz container create --name aci-tutorial-app --image <acrLoginServer>/aci-tutorial-app:v1 --cpu 1 --memory 1 --registry-password <acrPassword> --ip-address public --ports 80 -g myResourceGroupn
或者在部署模板(比如上述容器組示例)中設置
"imageRegistryCredentials": [n {n "server": "[parameters(imageRegistryLoginServer)]",n "username": "[parameters(imageRegistryUsername)]",n "password": "[parameters(imageRegistryPassword)]"n }n]n
持久化存儲
必須先創建 Azure 文件共享,才能將其用於 Azure 容器實例。
# Create the storage accountnaz storage account create -n mycontainerstorage -g myResourceGroup --sku Standard_LRSnn# Export the connection string as an environment variable, this is used when creating the Azure file sharenAZURE_STORAGE_CONNECTION_STRING=$(az storage account show-connection-string -n mycontainerstorage -g myResourceGroup -o tsv)nn# Create the sharenaz storage share create -n myacisharenn# Get storage account key.nSTORAGE_ACCOUNT="mycontainerstorage"nSTORAGE_KEY=$(az storage account keys list --resource-group myResourceGroup --account-name mycontainerstorage --query "[0].value" -o tsv)n
持久化存儲也是需要通過模板來引用,創建下面的模板文件
{n "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",n "contentVersion": "1.0.0.0",n "parameters": {n "storageaccountname": {n "type": "string"n },n "storageaccountkey": {n "type": "securestring"n }n },n "resources":[{n "name": "hellofiles",n "type": "Microsoft.ContainerInstance/containerGroups",n "apiVersion": "2017-08-01-preview",n "location": "[resourceGroup().location]",n "properties": {n "containers": [{n "name": "hellofiles",n "properties": {n "image": "seanmckenna/aci-hellofiles",n "resources": {n "requests": {n "cpu": 1,n "memoryInGb": 1.5n }n },n "ports": [{n "port": 80n }],n "volumeMounts": [{n "name": "myvolume",n "mountPath": "/aci/logs/"n }]n }n }],n "osType": "Linux",n "ipAddress": {n "type": "Public",n "ports": [{n "protocol": "tcp",n "port": "80"n }]n },n "volumes": [{n "name": "myvolume",n "azureFile": {n "shareName": "myacishare",n "storageAccountName": "[parameters(storageaccountname)]",n "storageAccountKey": "[parameters(storageaccountkey)]"n }n }]n }n }]n}n
最後部署容器
# deploy container groupnaz group deployment create --name hellofilesdeployment --template-file hellofiles.json --resource-group myResourceGroup --parameters storageaccountname=$STORAGE_ACCOUN storageaccountkey=$STORAGE_KEYnn# list containernaz container list -g myResourceGroup -o tablen
Kubernetes集成
aci-connector-k8s 可以將 ACI 作為 Kubernetes 集群的一個無限 Node 使用。
下載 aci-connector-k8s 源碼後,可以運行 examples/generateManifest.py
命令自動生成一個部署 aci-connector 的配置(不包含RBAC配置)。
python3 generateManifest.py -g myResourceGroup -s <my-subscription-id> -l westusn
而在開啟RBAC的系統中,需要配置相應的許可權,比如使用下面的部署文件
apiVersion: extensions/v1beta1nkind: Deploymentnmetadata:n name: aci-connectorn namespace: defaultnspec:n replicas: 1n template:n metadata:n labels:n app: aci-connectorn spec:n serviceAccount: aci-connectorn containers:n - name: aci-connectorn image: microsoft/aci-connector-k8s:latestn imagePullPolicy: Alwaysn env:n - name: AZURE_CLIENT_IDn value: <your-client-id>n - name: AZURE_CLIENT_KEYn value: <your-client-key>n - name: AZURE_TENANT_IDn value: <your-tenant-id>n - name: AZURE_SUBSCRIPTION_IDn value: <your-subsription-id>n - name: ACI_RESOURCE_GROUPn value: <your-resource-group>n---napiVersion: v1nkind: ServiceAccountnmetadata:n name: aci-connectorn---napiVersion: v1nkind: Listnitems:n- apiVersion: rbac.authorization.k8s.io/v1n kind: ClusterRolen metadata:n name: "aci-connector"n rules:n - apiGroups: [""]n resources: ["namespaces"]n verbs: ["get", "list", "watch"]n - apiGroups: [""]n resources: ["pods", "pods/status"]n verbs: ["get","list","watch","create","patch","update","delete"]n - apiGroups: [""]n resources: ["nodes", "nodes/status"]n verbs: ["get","list","watch","create","patch","update","delete"]n- apiVersion: rbac.authorization.k8s.io/v1n kind: ClusterRoleBindingn metadata:n name: "aci-connector"n roleRef:n apiGroup: rbac.authorization.k8s.ion kind: ClusterRolen name: "aci-connector"n subjects:n - apiGroup: ""n kind: ServiceAccountn name: "aci-connector"n namespace: "default"n
這樣,Deployment部署後,很快就可以發現它自動創建了一個 aci-connector 的 Node
# kubectl get node aci-connectornNAME STATUS ROLES AGE VERSIONnaci-connector Ready <none> 1m v1.6.6n
這樣,Pod可以通過指定 nodeName 或者容忍 taint azure.com/aci=NoSchedule
調度到ACI上面:
apiVersion: v1nkind: Podnmetadata:n name: nginxn labels:n run: nginxnspec:n containers:n - image: nginxn imagePullPolicy: Alwaysn name: nginxn dnsPolicy: ClusterFirstn nodeName: aci-connectorn# kubectl get pods -l run=nginx -o widenNAME READY STATUS RESTARTS AGE IP NODEnnginx 1/1 Running 0 28s x.x.x.x aci-connectornn# az container list -g myResourceGroup -o tablenName ResourceGroup ProvisioningState Image IP:ports CPU/Memory OsType Locationn------ --------------- ------------------- ------- ---------------- --------------- -------- ----------nnginx myResourceGroup Succeeded nginx x.x.x.x:80 1.0 core/1.5 gb Linux westusn
參考文檔
- Azure Container Instances Documentation
- Azure Container Instances Connector for Kubernetes (experimental)
推薦閱讀:
※世紀互聯運營的國內版Windows Azure相比國內雲廠商到底有何競爭優勢?
※如何評價谷歌為擴大全球雲服務計劃鋪設三條海底光纜?
※Windows Phone死後,UWP還有未來嗎?
TAG:Kubernetes | Azure | Docker |