是否可以将Azure API管理和Azure ACS(kubernetes)用作前端和后端? [英] Is it possible to use Azure API Management and Azure ACS (kubernetes) as frontend and backend?
问题描述
我想在Azure上创建一个简单的体系结构.我的高级设计与下面的图片非常相似(来源: https://www.import.io/post/using-amazon-lambda-and-api-gateway/)
I would like to create a simple architecture on Azure. My high level design is very similar to the picture below (source: https://www.import.io/post/using-amazon-lambda-and-api-gateway/)
我确实想通过Azure API管理访问内部服务.我在Microfos文档页面上看到的是,没有提及此简单安全的体系结构作为参考:
I do want to access the internal services via the Azure API Management. What I can see on Microfos documentation page is that this simple and secure architecture is not mentioned as a reference:
https://docs.microsoft .com/zh-CN/azure/container-service/container-service-kubernetes-walkthrough
我遇到以下问题:
- 如果至少有一个NIC使用同一网络,则无法将API管理分配给虚拟网络
- 即使使用对等虚拟网络,我也无法访问10.244.X.0/24网络(pods的网络),因为k8s虚拟网络仅拥有10.240.0.0/16.如何访问群集ip(10.0.0.0/16)和pod ip(10.244.0.0/16)?
推荐答案
好吧,您不需要额外的VNET,而只需额外的子网.该子网可以位于您现有的VNET中.子网的大小可以是最小的/29 Azure支持.
Well, you don't need an Extra VNET, but just an extra Subnet. That Subnet could lie within your existing VNET. The Size of Subnet can be the smallest /29 which Azure supports.
API管理对Extra Subnet的要求来自以下事实,即它是基于PAAS V1(经典)技术构建的.尽管我们可以部署到资源管理器VNET(V2层)中,但会带来后果. Azure中的经典部署模型没有与Resource Manager模型紧密结合,因此,如果您在V2中创建资源,则V1不会知道它,并且可能发生问题,例如API管理尝试使用已分配的IP到网卡(基于V2)上.
The Extra Subnet requirement for API Management comes from the fact, that it is built on PAAS V1 (Classic) technology. While we can deploy into a Resource Manager VNET (V2 layer), there are consequences to that. The Classic deployment model in Azure are not tightly coupled with Resource Manager model and so if you create a resource in V2 stuff, the V1 doesn't know about it and problems can happen such as API Management trying to use an IP that is already allocated to a NIC (built on V2).
要了解有关Azure中经典管理器和资源管理器模型的差异的更多信息,请参阅博客经典模型与ResourceManager模型之间的差异
To learn more about difference of Classic and Resource Manager models in Azure refer to blog difference between Classic and ResourceManager models
这篇关于是否可以将Azure API管理和Azure ACS(kubernetes)用作前端和后端?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
