AKS (Azure) - Azure Kubernetes Service
Tổng quan
Azure Kubernetes Service là managed Kubernetes service trên Microsoft Azure.
Cluster Creation
# Create AKS cluster
az aks create \
--resource-group myResourceGroup \
--name myAKSCluster \
--node-count 3 \
--enable-addons monitoring \
--generate-ssh-keys \
--enable-cluster-autoscaler \
--min-count 1 \
--max-count 5
Creating AKS Cluster with Java (Azure SDK for Java)
Bạn có thể tạo và quản lý các cluster AKS bằng Java sử dụng Azure SDK for Java.
import com.azure.resourcemanager.AzureResourceManager;
import com.azure.resourcemanager.containerservice.models.ContainerServiceVMSizeTypes;
import com.azure.resourcemanager.containerservice.models.KubernetesCluster;
import com.azure.core.credential.TokenCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
public class AksClusterCreator {
private static final String RESOURCE_GROUP_NAME = "myJavaResourceGroup";
private static final String AKS_CLUSTER_NAME = "myJavaAKSCluster";
private static final String REGION = "eastus";
public static void main(String[] args) {
TokenCredential credential = new DefaultAzureCredentialBuilder().build();
AzureResourceManager azure = AzureResourceManager.authenticate(credential, com.azure.core.management.AzureEnvironment.AZURE).withDefaultSubscription();
System.out.println("Creating AKS cluster: " + AKS_CLUSTER_NAME + " in resource group: " + RESOURCE_GROUP_NAME);
KubernetesCluster kubernetesCluster = azure.kubernetesClusters().define(AKS_CLUSTER_NAME)
.withRegion(REGION)
.withExistingResourceGroup(RESOURCE_GROUP_NAME)
.withDefaultVersion()
.withSystemAssignedManagedServiceIdentity()
.defineAgentPool("agentpool")
.withVirtualMachineSize(ContainerServiceVMSizeTypes.STANDARD_DS2_V2)
.withAgentPoolMode(com.azure.resourcemanager.containerservice.models.AgentPoolMode.SYSTEM)
.withNodeCount(1)
.attach()
.withDnsPrefix(AKS_CLUSTER_NAME + "dns")
.create();
System.out.println("AKS cluster created: " + kubernetesCluster.name());
}
}
Node Pools
# Add spot node pool
az aks nodepool add \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name spotnodepool \
--priority Spot \
--spot-max-price -1 \
--node-count 2
Networking
# Azure CNI configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: azure-cni-config
data:
azure-cni.json: |
{
"cniVersion": "0.3.0",
"name": "azure",
"plugins": [
{
"type": "azure-vnet",
"vnetCIDR": "10.0.0.0/8",
"subnetCIDR": "10.240.0.0/16"
}
]
}
Storage
# Azure Disk storage class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-disk-premium
provisioner: kubernetes.io/azure-disk
parameters:
skuName: Premium_LRS
location: eastus
storageAccount: mystorageaccount
Security
# Enable Azure AD integration
az aks update \
--resource-group myResourceGroup \
--name myAKSCluster \
--enable-aad \
--aad-admin-group-object-ids 12345678-1234-1234-1234-123456789012
Monitoring
# Enable Container Insights
az aks enable-addons \
--resource-group myResourceGroup \
--name myAKSCluster \
--addons monitoring
Best Practices
- Use managed identity
- Enable Azure Policy
- Implement network policies
- Use Azure Key Vault CSI driver
- Regular security scanning
Nội dung đã được mở rộng với detailed AKS configurations, cùng các ví dụ Java.