Azure Container
- Azure Container Registry: IaaS, 受管理的Docker registry service,用於儲存與管理私有private的容器影像檔。
- 三種定價層SKUs:Basic、Standard、Premier
- https://azure.microsoft.com/zh-tw/services/container-registry/
- Azure Container Instance: PaaS, 用於部屬與執行Docker container,可讓您專注於應用程式的設計與建置,而不必費心管理執行應用程式的基礎結構。
- 單一容器、應用程式或自動化排程作業,最佳的解決方案
- 最快速最簡單的方式設定管理Container
- https://azure.microsoft.com/zh-tw/services/container-instances/
- Azure Kubernetes Service: PaaS, Containers Orchestrator 管理控制與資源調配大量Container,官方描述: 完全受控的 Azure Kubernetes Service (AKS) 可讓您輕鬆部署及管理容器化應用程式。其提供無伺服器 Kubernetes、整合的持續整合與持續傳遞 (CI/CD) 體驗,以及企業級的安全性與治理。在單一平台集結您的開發與營運團隊,好整以暇地快速建置、提供及調整應用程式。
- Kubernetes簡稱為K8s:8代表K到s中間的8個字
- 使用YAML檔案來部屬
- 適用多個容器、自動擴展、協同作業應用程式升級
Azure Kubernetes Service (AKS)
Question: access to AKS1 can be granted to the Azure AD users.
Ans: From Azure AD, create an OAuth 2.0 authorization endpoint
AKS-managed Azure Active Directory integration
Azure AD authentication overview
Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect documentation.
Kubernetes Documentation \Reference \Accessing the API \Authenticating
OpenID Connect Tokens
OpenID Connect is a flavor of OAuth2 supported by some OAuth2 providers, notably Azure Active Directory, Salesforce, and Google. The protocol's main extension of OAuth2 is an additional field returned with the access token called an ID Token. This token is a JSON Web Token (JWT) with well known fields, such as a user's email, signed by the server.
沒有留言:
張貼留言