Community Blog Simplifying Kubernetes Multi-cluster Management with the Right Approach

Simplifying Kubernetes Multi-cluster Management with the Right Approach

This article describes how to use Alibaba Cloud ACK One to simplify the management of hybrid cloud cluster.

By Yu Zhuang

Kubernetes has become a fundamental technology in modern application architectures, and using it as a container orchestration system is becoming an inevitable choice for many enterprises.

As cloud computing becomes more widely accepted and enterprises continue to grow in scale and complexity, there is an increasing trend towards adopting multi-cloud and hybrid cloud solutions to achieve more flexible and robust architectures.

Evolution of Kubernetes Multi-cluster Requirements and O&M Challenges

The evolution of Kubernetes multi-cluster requirements and the challenges of operations and management arise from the deployment of clusters in public cloud Kubernetes clusters from different cloud providers, Kubernetes clusters in on-premises data centers, and open-source self-managed clusters. While these deployments help enterprises utilize resources in hybrid environments more effectively, they also bring significant challenges in O&M management. These challenges include dealing with different access consoles, permission management policies, log monitoring tools, and security tools.

If you are facing similar requirements and challenges, Alibaba Cloud ACK One registered clusters can simplify the management of Kubernetes clusters both on and off the cloud.

How to Use ACK One to Simplify the Building and Management of Hybrid Cloud Cluster

ACK One is a distributed cloud container platform developed by Alibaba Cloud to address scenarios such as hybrid clouds, multi-clusters, and distributed computing. It provides unified management for Kubernetes clusters deployed on Alibaba Cloud, at the edge, in customer data centers, and on other clouds.

With ACK One registered clusters, you can connect Kubernetes clusters from different providers and locations to the ACK console. This enables you to use a unified cluster control panel for unified application distribution, traffic management, operations and maintenance (O&M) management, and security management across clusters.

1. Core Features of ACK One Registered Clusters.

ACK One registered clusters can help enterprises meet the following requirements for centralized management of Kubernetes clusters:

  • Consistent O&M experience

Kubernetes clusters have the same O&M experience as ACK. After connecting other cloud Kubernetes clusters or on-premises IDC clusters to ACK One registered clusters, you can use the ACK console for managing permissions, logs, monitoring, events, alerts, cost analysis, security inspection, and security policies.

  • Microservice governance in Kubernetes clusters

Microservice Engine (MSE) and Alibaba Cloud Service Mesh (ASM) enable effective microservice governance within Kubernetes clusters..

  • Elasticity on the cloud

Kubernetes clusters in on-premises IDCs can elastically scale out Alibaba Cloud ECS node pools and Virtual Kubelet ECIs to handle resource shortages and bursts in business traffic.

  • Backup and disaster recovery

ACK One registered clusters provide an integrated solution for backup, recovery, and migration on the cloud. This supports cloud disaster recovery of data and applications, improving overall business continuity for enterprises.

  • Big data empowerment

Hybrid cloud distributed cache Fluid unifies cloud storage access, improving access efficiency by 10 times and reducing bandwidth usage by 90%.

Moreover, the ACK One team provides comprehensive after-sales support for the above capabilities.

2. The Architecture of Registered Clusters


2.1 Connection Link

To manage Kubernetes clusters in a centralized manner, you need to create an ACK One registered cluster for each Kubernetes cluster and install the ack-connector agent components in the Kubernetes cluster. The connector establishes a connection with the registered cluster. The operations you perform on the registered clusters through the ACK console, such as obtaining the cluster status and installing ACK components, are then forwarded to the API server of the Kubernetes cluster through the connector.

2.2 Security Assurance

To ensure the security of the connection between the Kubernetes clusters and the registered clusters, ACK One registered clusters have implemented a series of security measures:

1.  Provide two connection methods: Internet and intranet:

The internet connection is simple and effectively handles the control plane connection.

The intranet connection provides higher security, stability, and lower latency but has higher costs. You can choose the appropriate connection method based on your actual situation.

2.  TLS encrypted connection:

The connection between each connector and the registered cluster is encrypted by a separate TLS certificate.

3.  SLB access control:

  • The connection endpoint of the registered cluster is exposed through SLB. If you choose the internet connection, the connection endpoint is the internet IP address of the SLB instance.
  • In this case, you can configure the access control of the SLB instance to only allow the public network segment of the Kubernetes cluster to access the public connection endpoint of the registered cluster, ensuring security.

4.  RBAC controls the connector permissions:

The registered cluster uses the connector to connect to the API server of the Kubernetes cluster. With the Service Account of the connector, you can set RBAC permissions in the Kubernetes cluster to control the operations of the connector on the API server.

5.  The open-source connector ensures transparency. The open-source project address is: https://github.com/AliyunContainerService/alibabacloud-ack-connector

3. Unified Kubernetes O&M - Observability

ACK integrates Application Real-Time Monitoring Service (ARMS) and Simple Log Service (SLS) to provide a wide range of observability capabilities, including log service, event center, alert configuration, Prometheus monitoring, and APM Java application monitoring.

Through ACK One registered clusters, you can use ACK's product-based observability capabilities in non-ACK Kubernetes clusters. This saves you the O&M costs of monitoring external log systems. You can also monitor log systems in a unified manner to quickly detect and diagnose problems and further reduce O&M costs.

1.  View the Prometheus monitoring dashboard of the registered cluster through the ACK console. You can check the metrics applied by the Kubernetes cluster control panel and data panel.


2.  View the logs of the registered cluster in the ACK console: You can collect logs of the Kubernetes cluster to Log Service and query logs in a unified manner.


3.  View the event center of the registered cluster in the ACK console: You can record the status changes of the Kubernetes cluster, including the configuration of pods and component exceptions. And you can aggregate all events in the Kubernetes in real time and use storage, query, analysis, visualization, alerting, and other capabilities provided by the ACK console.


4.  View the cost analysis of the registered cluster in the ACK console: You can customize the cost of Kubernetes cluster nodes, split the cost based on application resource usage, analyze cluster costs, namespace costs, and application costs from multiple dimensions, and quickly locate the source of abnormal costs to help enterprises reduce costs and increase efficiency.



[1] Registered Cluster Overview: https://www.alibabacloud.com/help/en/doc-detail/155208.html
[2] Create a Registered Cluster and Install the connector to Connect to the Kubernetes Cluster: https://www.alibabacloud.com/help/en/doc-detail/121053.html
[3] Enable Log Service for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/150036.html
[4] Create a Kubernetes Event Center for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/155182.html
[5] Set Up Alerting for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/217918.html
[6] Enable ARMS for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/150035.html
[7] Enable Prometheus Service for a Registered Cluster: https://www.alibabacloud.com/help/en/doc-detail/155202.html
[8] Cluster Cost Insights: https://www.alibabacloud.com/help/en/doc-detail/345689.html

0 1 0
Share on

Alibaba Cloud Native

151 posts | 12 followers

You may also like


Alibaba Cloud Native

151 posts | 12 followers

Related Products