ACK One: Building a Hybrid Cloud Zone-Disaster Recovery System

By Jing Cai

For businesses currently running in Internet Data Center (IDC) Kubernetes clusters and looking to provide high-availability redundant capabilities for on-premises businesses through cloud computing, Alibaba Cloud's Distributed Cloud Container Platform ACK One [1] can be used to centrally manage traffic, applications, and clusters. This platform enables the routing of business traffic across multiple clusters and ensures automatic smooth disaster recovery. This article primarily focuses on using ACK One to quickly build a hybrid cloud disaster recovery system.

Generally, building a hybrid cloud disaster recovery system requires five steps:

Use ACK One registered clusters to manage Kubernetes clusters deployed on IDC or third-party clouds
Interconnect the on-premises network with the Virtual Private Cloud (VPC)
Create an ACK One Fleet and associate clusters with the Fleet
Use the ACK One GitOps to distribute the application to multiple clusters (optional)
Use the ACK One multi-cluster gateways to manage multi-cluster traffic

ACK One

The ACK One is an enterprise-level cloud-native platform provided by Alibaba Cloud for scenarios such as hybrid cloud, multiple clusters, distributed computing, and disaster recovery. ACK One enables connection and management of Kubernetes clusters in any region and on any infrastructure while providing consistent management and community-compatible APIs for computing, network, storage, security, monitoring, logs, jobs, applications, and traffic.

The ACK One registered clusters[2] help connect on-premises Kubernetes clusters to the cloud, facilitating the quick setup of hybrid cloud clusters. This allows local data center Kubernetes clusters or those from other cloud vendors to be linked to the Alibaba Cloud Container Service management platform. It plays a crucial role in hybrid cloud scenarios.

ACK One Fleet [3] serves as a centralized portal for managing multi-clusters, providing developers with capabilities such as multi-cluster GitOps application distribution, traffic management, and centralized O&M. It is built on mature open-source community projects Argo CD[4] and Open Cluster Management[5], ensuring product openness and reducing a considerable amount of O&M work, allowing you to focus on application development.

ACK One multi-cluster gateways [6] are cloud-native gateways that manage Layer 7 north-south traffic in multi-cloud and multi-cluster environments. These gateways utilize Ingress APIs to define traffic routing rules, supporting various capabilities across multiple clusters such as HTTP routing, traffic splitting, health-based automatic smooth disaster recovery, traffic mirroring, and traffic load balancing based on the number of replicas.

ACK One GitOps [8] manages ArgoCD in the Fleet instance and integrates capabilities such as multiple clusters in ACK One and Alibaba Cloud RAM SSO to implement a simple and secure multi-cluster GitOps continuous delivery.

Architecture of Hybrid Cloud Zone-Disaster Recovery System

The preceding figure shows the active zone-redundancy disaster recovery system for applications in hybrid cloud scenarios based on ACK One registered clusters, multi-cluster Fleets (GitOps optional), and multi-cluster gateways.

• All Alibaba Cloud resources are in one VPC (VPC 1 in the figure). You can create ACK clusters in AZ1 and registered clusters in AZ2.

• You can register Kubernetes clusters deployed on IDC or third-party clouds to Alibaba Cloud by using the registered clusters, and you can use an Express Connect circuit to connect the IDC and VPC network and ensure the interconnection between the cloud and on-premises networks.

• You can associate ACK clusters and registered clusters with the ACK One Fleet instance in the same VPC (VPC 1) and distribute the application to ACK clusters and registered clusters through ACK One GitOps.

• In ACK One Fleet, you can create MSE gateways through MseIngressConfig and add clusters to the gateways. Then, you can create an Ingress in Fleet to configure traffic routing rules to manage the north-south traffic, including the implementation of zone-disaster recovery.

• This article is aimed at the highly available solution of multi-cluster deployment of applications and business traffic, which does not involve databases and middleware. For more information, see Alibaba Cloud database and middleware documentation, such as Overview of data synchronization: https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/overview-of-data-synchronization

Building a Hybrid Cloud Zone-Disaster Recovery System

First, you need to plan the hybrid cloud network: the ACK One Fleet, ACK clusters, and registered clusters need to be on the same VPC, while ACK clusters and registered clusters need to be in different AZs. For more information about Fleet management network planning, see Network design for Fleet management[9].

Then, you can build a hybrid cloud zone-disaster recovery system according to the following steps:

Use registered clusters to manage Kubernetes clusters deployed on IDC or third-party clouds
Interconnect the on-premises network with the VPC
Create a Fleet and associate it with clusters
Use GitOps to distribute the application to multiple clusters (optional)
Use multi-cluster gateways to manage multi-cluster traffic

1. Use Registered Clusters to Manage Kubernetes Clusters Deployed on IDC or Third-party Clouds

In this step, you need to register your Kubernetes clusters deployed on IDC or third-party clouds to Alibaba Cloud. You need to create a registered cluster in ACK/ACK One and import proxy configuration YAML through the cluster provided in the cluster connection information to connect your on-premises Kubernetes clusters to the registered cluster. For more information, see Use registered clusters to centrally manage external Kubernetes clusters[10].

If your on-premises clusters also need to migrate workloads to the cloud, see Build a hybrid cloud cluster and add ECS instances to the cluster (ECS) [11] and Scale out elastic container instances (ECI) [12]. To cope with a large number of emergencies, you can configure high availability for the ECI. For more information, see Create ECIs across zones [13].

After Kubernetes clusters deployed on IDC or third-party cloudsare connected, the status of the registered cluster changes to Running.

2. Interconnect the On-premises Network with the VPC

To build a hybrid cloud zone-disaster recovery system, you need to use multi-cluster gateways to centrally manage the traffic of the cloud and on-premises application pods. Therefore, you need to connect the IDC network to the VPC where the multi-cluster gateways are located (the same ACK One Fleet and the same VPC by default). For more information about how to connect the IDC network to the VPC network, see Network connection overview [14]. We recommend that you use the Express Connect circuit to connect the cloud and on-premises networks. For more information, see Overview of hybrid networks [15]. The main process steps are described as follows:

Connect the on-premises network to Alibaba Cloud by using a physical connection over an Express Connect circuit. For more information about the connections over Express Connect provided by Alibaba Cloud, see Physical connection [16].
Create an Express Connect circuit to connect edge devices in the data center to a virtual border router (VBR) that functions as a gateway in the cloud.
Attach the VBR and VPC to one Cloud Enterprise Network (CEN) instance.
Configure BGP on the VBR and in the data center.
Test the network connectivity between the cloud network and on-premises network.
Configure routes that point to the private CIDR blocks used by the cloud services to communicate with the on-premises network.

3. Create a Fleet and Associate It with Clusters

Create a Fleet in the ACK One console [17] and associate the registered cluster with the newly created ACK cluster, as shown in the following figure:

4. Use GitOps to Distribute the Application to Multiple Clusters (Optional)

This step is mainly to deploy your applications in your ACK clusters and the on-premises clusters. You can use GitOps to manage your multi-cluster applications. For more information, see Use GitOps to distribute a web-demo application to multiple clusters [18].

After the application is distributed, you can view the status of your applications and resources in the GitOps console. Make sure that the applications in the two clusters are in the same namespace (the multi-cluster gateways need to have the same service name and the same namespace). The following is the status of web-demo in ACK clusters:

5. Use Multi-cluster Gateways to Manage Multi-cluster Traffic

Finally, use the multi-cluster gateways to manage multi-cluster traffic and implement application zone-disaster recovery according to the following steps. For more information, see Zone-disaster recovery based on multi-cluster gateway [19].

Enable the multi-cluster gateway capability in the ACK One Fleet.
Create a gateway by creating a MseIngressConfig in the Fleet, and add ACK clusters and registered clusters to the gateway.
Create a routing rule (Ingress) in the Fleet to implement the zone-disaster recovery. The following shows the Ingress corresponding to the zone-disaster recovery (the namespace is the same as that of the distributed application):


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-demo
  namespace: web-demo
spec:
  ingressClassName: mse
  rules:
  - host: example.com
    http:
      paths:
      - path: /svc1
        pathType: Exact
        backend:
          service:
            name: service1
            port: 
              number: 80

Summary

ACK One provides complete multi-cluster management capability, allowing for one-stop application management from cluster access to application distribution and traffic management. In hybrid cloud scenarios, registered clusters also support on-demand scheduling of cloud computing power in a serverless manner (such as ECI) to cope quickly with large-scale service bursts without the need for O&M nodes, focusing on applications themselves. GitOps facilitates the easy management of cloud and on-premises cluster applications and the construction of automated CI/CD pipelines, facilitating application upgrades and O&M. Multi-cluster gateways offer powerful traffic management capability, allowing for centralized management of north-south traffic from multiple clusters, reducing the cost of separately managing multiple clusters, decreasing architectural complexity, and enhancing traffic management efficiency.

References

Community

ACK One: Building a Hybrid Cloud Zone-Disaster Recovery System

ACK One

Architecture of Hybrid Cloud Zone-Disaster Recovery System

Building a Hybrid Cloud Zone-Disaster Recovery System

1. Use Registered Clusters to Manage Kubernetes Clusters Deployed on IDC or Third-party Clouds

2. Interconnect the On-premises Network with the VPC

3. Create a Fleet and Associate It with Clusters

4. Use GitOps to Distribute the Application to Multiple Clusters (Optional)

5. Use Multi-cluster Gateways to Manage Multi-cluster Traffic

Summary

References

Read previous post:

Read next post:

Alibaba Container Service

You may also like

Comments

Alibaba Container Service

Related Products

Container Service for Kubernetes

ACK One

Cloud-Native Applications Management Solution

Hybrid Cloud Solution