By Yu Zhuang
Kubernetes has become a fundamental technology in modern application architectures, and using it as a container orchestration system is becoming an inevitable choice for many enterprises.
As cloud computing becomes more widely accepted and enterprises continue to grow in scale and complexity, there is an increasing trend towards adopting multi-cloud and hybrid cloud solutions to achieve more flexible and robust architectures.
The evolution of Kubernetes multi-cluster requirements and the challenges of operations and management arise from the deployment of clusters in public cloud Kubernetes clusters from different cloud providers, Kubernetes clusters in on-premises data centers, and open-source self-managed clusters. While these deployments help enterprises utilize resources in hybrid environments more effectively, they also bring significant challenges in O&M management. These challenges include dealing with different access consoles, permission management policies, log monitoring tools, and security tools.
If you are facing similar requirements and challenges, Alibaba Cloud ACK One registered clusters can simplify the management of Kubernetes clusters both on and off the cloud.
ACK One is a distributed cloud container platform developed by Alibaba Cloud to address scenarios such as hybrid clouds, multi-clusters, and distributed computing. It provides unified management for Kubernetes clusters deployed on Alibaba Cloud, at the edge, in customer data centers, and on other clouds.
With ACK One registered clusters, you can connect Kubernetes clusters from different providers and locations to the ACK console. This enables you to use a unified cluster control panel for unified application distribution, traffic management, operations and maintenance (O&M) management, and security management across clusters.
ACK One registered clusters can help enterprises meet the following requirements for centralized management of Kubernetes clusters:
Kubernetes clusters have the same O&M experience as ACK. After connecting other cloud Kubernetes clusters or on-premises IDC clusters to ACK One registered clusters, you can use the ACK console for managing permissions, logs, monitoring, events, alerts, cost analysis, security inspection, and security policies.
Kubernetes clusters in on-premises IDCs can elastically scale out Alibaba Cloud ECS node pools and Virtual Kubelet ECIs to handle resource shortages and bursts in business traffic.
ACK One registered clusters provide an integrated solution for backup, recovery, and migration on the cloud. This supports cloud disaster recovery of data and applications, improving overall business continuity for enterprises.
Hybrid cloud distributed cache Fluid unifies cloud storage access, improving access efficiency by 10 times and reducing bandwidth usage by 90%.
Moreover, the ACK One team provides comprehensive after-sales support for the above capabilities.
To manage Kubernetes clusters in a centralized manner, you need to create an ACK One registered cluster for each Kubernetes cluster and install the ack-connector agent components in the Kubernetes cluster. The connector establishes a connection with the registered cluster. The operations you perform on the registered clusters through the ACK console, such as obtaining the cluster status and installing ACK components, are then forwarded to the API server of the Kubernetes cluster through the connector.
To ensure the security of the connection between the Kubernetes clusters and the registered clusters, ACK One registered clusters have implemented a series of security measures:
1. Provide two connection methods: Internet and intranet:
The internet connection is simple and effectively handles the control plane connection.
The intranet connection provides higher security, stability, and lower latency but has higher costs. You can choose the appropriate connection method based on your actual situation.
2. TLS encrypted connection:
The connection between each connector and the registered cluster is encrypted by a separate TLS certificate.
3. SLB access control:
4. RBAC controls the connector permissions:
The registered cluster uses the connector to connect to the API server of the Kubernetes cluster. With the Service Account of the connector, you can set RBAC permissions in the Kubernetes cluster to control the operations of the connector on the API server.
5. The open-source connector ensures transparency. The open-source project address is: https://github.com/AliyunContainerService/alibabacloud-ack-connector
ACK integrates Application Real-Time Monitoring Service (ARMS) and Simple Log Service (SLS) to provide a wide range of observability capabilities, including log service, event center, alert configuration, Prometheus monitoring, and APM Java application monitoring.
Through ACK One registered clusters, you can use ACK's product-based observability capabilities in non-ACK Kubernetes clusters. This saves you the O&M costs of monitoring external log systems. You can also monitor log systems in a unified manner to quickly detect and diagnose problems and further reduce O&M costs.
1. View the Prometheus monitoring dashboard of the registered cluster through the ACK console. You can check the metrics applied by the Kubernetes cluster control panel and data panel.
2. View the logs of the registered cluster in the ACK console: You can collect logs of the Kubernetes cluster to Log Service and query logs in a unified manner.
3. View the event center of the registered cluster in the ACK console: You can record the status changes of the Kubernetes cluster, including the configuration of pods and component exceptions. And you can aggregate all events in the Kubernetes in real time and use storage, query, analysis, visualization, alerting, and other capabilities provided by the ACK console.
4. View the cost analysis of the registered cluster in the ACK console: You can customize the cost of Kubernetes cluster nodes, split the cost based on application resource usage, analyze cluster costs, namespace costs, and application costs from multiple dimensions, and quickly locate the source of abnormal costs to help enterprises reduce costs and increase efficiency.
 Registered Cluster Overview: https://www.alibabacloud.com/help/en/doc-detail/155208.html
 Create a Registered Cluster and Install the connector to Connect to the Kubernetes Cluster: https://www.alibabacloud.com/help/en/doc-detail/121053.html
 Enable Log Service for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/150036.html
 Create a Kubernetes Event Center for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/155182.html
 Set Up Alerting for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/217918.html
 Enable ARMS for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/150035.html
 Enable Prometheus Service for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/155202.html
 Cluster Cost Insights: https://www.alibabacloud.com/help/en/doc-detail/345689.html
Alibaba Cloud Native - October 18, 2023
Alibaba Cloud Community - October 20, 2023
Alibaba Cloud Native - October 18, 2023
Alibaba Cloud Native Community - June 21, 2022
Hironobu Ohara - February 3, 2023
Alibaba Cloud Native Community - March 20, 2023
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.Learn More
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.Learn More
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.Learn More
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resourcesLearn More
More Posts by Alibaba Cloud Native