This topic describes how to enable and disable the multi-cluster gateway feature on a Distributed Cloud Container Platform for Kubernetes (ACK One) Fleet instance. This topic also describes how to connect associated clusters to a multi-cluster gateway.
Billing
Fees are charged when you use multi-cluster gateways. For more information about the billing of multi-cluster gateways, see Billing overview.
Prerequisites
Microservices Engine (MSE) cloud-native gateway authorization is completed.
The AliyunAdcpManagedMseRolePolicy policy is attached to the AliyunAdcpManagedMseRole Resource Access Management (RAM) role. The following code block shows the content of the AliyunAdcpManagedMseRolePolicy policy.
The Fleet management feature is enabled. The kubeconfig file of the Fleet instance is obtained in the ACK One console and a kubectl client is connected to the Fleet instance.
Associated clusters are added. The associated clusters and the ACK One Fleet instance are deployed in the same virtual private cloud (VPC).
The latest version of Alibaba Cloud CLI is installed and Alibaba Cloud CLI is configured.
Enable the multi-cluster gateway feature
Make sure that Alibaba Cloud CLI is up-to-date and run the following command to enable the multi-cluster gateway feature.
Replace
<your_fleet_clusterid>
with the ID of your Fleet instance.aliyun adcp UpdateHubClusterFeature --ClusterId <your_fleet_clusterid> --GatewayEnabled true
Run the following command to check whether the multi-cluster gateway feature is enabled:
aliyun adcp DescribeHubClusterDetails --ClusterId <your_fleet_clusterid> |grep -B4 -A1 EnabledMSE`
Expected output: If the
Status
parameter isTrue
, the multi-cluster gateway feature is enabled.{ "Message": "", "Reason": "", "Status": "True", "Type": "EnabledMSE" },
Create a multi-cluster gateway
Obtain and record the vSwitch ID of the ACK One Fleet instance.
Use Alibaba Cloud CLI
Run the following command to query the vSwitch ID:
aliyun adcp DescribeHubClusterDetails --ClusterId <your_fleet_clusterid>
Record the vSwitch ID in the
VSwitches
field of the output.
Use the console
Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Fleet Information.
On the Fleet Information page, click the Basic Information tab. Find vSwitch in the Associated Resources section, and copy the vSwitch ID.
Create a file named mseingressconfig.yaml and add the following content to the file.
Replace
${vsw-id1}
with the vSwitch ID that you recorded. You can add an annotation to the gateway configuration file to specify the associated clusters to be connected to the gateway.apiVersion: mse.alibabacloud.com/v1alpha1 kind: MseIngressConfig metadata: name: ackone-gateway # Connect associated clusters to the MSE gateway. #annotations: # mse.alibabacloud.com/remote-clusters: ${cluster1},${cluster2} spec: common: instance: replicas: 3 spec: 2c4g network: # You can configure both an Internet-facing Server load Balancer (SLB) instance and an internal-facing SLB instance. If no SLB instance is specified, an Internet-facing SLB instance is used by default. #publicSLBSpec: slb.s2.small #privateSLBSpec: slb.s2.small vSwitches: - ${vsw-id1} ingress: local: ingressClass: mse name: mse-ingress
Run the following command to create a gateway named mse-ingress on the ACK One Fleet instance:
kubectl apply -f mseingressconfig.yaml
Run the following command to verify that the gateway is created:
kubectl get mseingressconfig ackone-gateway
Expected output:
NAME STATUS AGE ackone-gateway Listening 3m15s
The output indicates that the gateway is in the Listening state. This means that the cloud-native gateway is created and running. The gateway listens on Ingresses whose IngressClasses are
mse
.A gateway created from an MseIngressConfig goes through the following states: Pending, Running, and Listening. State description:
Pending: The cloud-native gateway is being created. It requires about 3 minutes to create the gateway.
Running: The cloud-native gateway is created and running.
Listening: The cloud-native gateway is running and listens on Ingresses.
Failed: The cloud-native gateway is abnormal. You can check the message in the Status field to troubleshoot the issue.
Add or remove associated clusters
You can modify the corresponding annotation in the mseingressconfig of the ACK One Fleet instance to add or remove associated clusters. Replace
${cluster1}
and${cluster2}
with the IDs of the associated clusters. Separate multiple cluster IDs with commas (,).annotations: mse.alibabacloud.com/remote-clusters: ${cluster1},${cluster2}
Run the following command to check whether the associated clusters are connected to the multi-cluster gateway:
kubectl get mseingressconfig ackone-gateway -ojsonpath="{.status.remoteClusters}"
Expected output:
[{"clusterId":"c7fb82****"},{"clusterId":"cd3007****"}]
The output indicates the IDs of the associated clusters and no Failed information is returned. This means that the associated clusters are connected to the multi-cluster gateway.
Run the following command to query the associated clusters that are connected to the multi-cluster gateway:
kubectl get mseingressconfig ackone-gateway
Run the following command to add more associated clusters or remove associated clusters:
Modify the
mse.alibabacloud.com/remote-clusters=${cluster1},${cluster2}
setting to add or remove associated clusters.kubectl annotate mseingressconfig ackone-gateway mse.alibabacloud.com/remote-clusters=${cluster1},${cluster2} --overwrite=true
Disable the multi-cluster gateway feature
Deleting multi-cluster gateways can adversely affect your businesses. Proceed with caution.
When you no longer need multi-cluster gateways, you can delete the multi-cluster gateway and then disable the multi-cluster gateway feature to avoid incurring unexpected fees.
Run the following command to delete the multi-cluster gateway:
kubectl delete mseingressconfig ackone-gateway
Run the following command to disable the multi-cluster gateway feature:
aliyun adcp UpdateHubClusterFeature --ClusterId <your_fleet_clusterid> --GatewayEnabled false