How to use a Fleet instance as a proxy to manage multiple clusters - Container Service for Kubernetes

When you manage or maintain multiple clusters, you may need to switch between the KubeConfig files of the clusters. The procedure is time-consuming and user errors may occur. Container Service for Kubernetes (ACK) One allows you to use the KubeConfig file of a Fleet instance to manage multiple clusters that are associated with the Fleet instance. For example, you can deploy a Deployment across multiple clusters, or view the status or logs of the pods that run in different clusters. This topic describes how to use a Fleet instance as a proxy to manage multiple clusters. You can choose to use the CLI or Kubernetes API to manage multiple clusters based on this topic.

Prerequisites

The kubeconfig file of the Fleet instance is obtained in the Distributed Cloud Container Platform for Kubernetes (ACK One) console and a kubectl client is connected to the Fleet instance.
The Fleet management feature is enabled. For more information, see Enable multi-cluster management.
Two clusters (the service provider cluster and service consumer cluster) are associated with the Fleet instance. For more information, see Associate clusters with a Fleet instance.
The AMC command-line tool is installed. For more information, see Use AMC.

Background information

ACK One allows you to use a Fleet instance as a proxy to manage multiple clusters. The resources that are created by the Fleet instance take effect only in the clusters that are associated with the Fleet instance.

Use the CLI to deploy an application across multiple clusters

Run the following command to query the clusters that are associated with the Fleet instance:

kubectl get managedclusters

Expected output:

NAME                     HUB ACCEPTED   MANAGED CLUSTER URLS   JOINED   AVAILABLE   AGE
managedcluster-c5***z9   true                                  True     True        12d
managedcluster-c1***e5   true                                  True     True        12d

Create a file named app.yaml with the following content:

View the app.yaml file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo
  namespace: demo
  labels:
    app: demo
spec:
  minReadySeconds: 5
  revisionHistoryLimit: 5
  progressDeadlineSeconds: 60
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  selector:
    matchLabels:
      app: demo
  template:
    metadata:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "9797"
      labels:
        app: demo
    spec:
      containers:
      - name: demo
        image: registry.cn-hangzhou.aliyuncs.com/acs/rollouts-demo:red
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        readinessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
        resources:
          limits:
            cpu: 2000m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 64Mi
---
apiVersion: v1
kind: Service
metadata:
  name: demo-svc
  namespace: demo
spec:
  selector:
    app: demo
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo
  namespace: demo
  labels:
    app: demo
spec:
  rules:
    - host: app.demo.example.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: demo-svc
              port:
                number: 80

Run the following command to deploy an application named demo on the Fleet instance.
You must specify the cluster in which you want to deploy the application. In this example, the cluster managedcluster-c1***e5 that is associated with the Fleet instance is specified.
```
kubectl amc apply -f app.yaml -m managedcluster-c1***e5
```
Expected output:
```
Run on ManagedCluster managedcluster-c1***e5
deployment.apps/demo created
service/demo-svc created
ingress.networking.k8s.io/demo created
```

Query the status of the application.

Run the following command to query the status of the Deployment:

kubectl amc get deployment -n demo -m managedcluster-c1***e5

Expected output:

Run on ManagedCluster managedcluster-c1xxxe5
NAME   READY   UP-TO-DATE   AVAILABLE   AGE
demo   1/1     1            1           2m48s

Run the following command to query the status of the pod:

kubectl amc get pod -n demo -m managedcluster-c1***e5

Expected output:

Run on ManagedCluster managedcluster-c1***e5
NAME                   READY   STATUS    RESTARTS   AGE
demo-fdf4b6b7d-vthqj   1/1     Running   0          6m55s

Run the following command to print the log of the pod:

kubectl amc logs demo-fdf4b6b7d-vthqj -n demo -m managedcluster-c1***e5

Expected output:

Run on ManagedCluster managedcluster-c1***e5
2021-12-16 24:00:00 Started server on :8080

Run the following command to query the status of the Service:

kubectl amc get service -n demo -m managedcluster-c1***e5

Expected output:

Run on ManagedCluster managedcluster-c1***e5
NAME       TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
demo-svc   ClusterIP   172.16.17.29   <none>        80/TCP    3m55s

Run the following command to query the status of the Ingress:

kubectl amc get ingress -n demo -m managedcluster-c1***e5

Expected output:

Run on ManagedCluster managedcluster-c1***e5
NAME   CLASS    HOSTS                  ADDRESS        PORTS   AG
demo   <none>   app.demo.example.com   123.56.XX.XX   80      4m10s

Use the Kubernetes API to manage multiple clusters

Call the Kubernetes API to query the clusters that are associated with your Fleet instance.
1. Run the following commands to view the KubeConfig of the Fleet instance, obtain the values of the ca, key, and apiserver fields in the KubeConfig, and specify the authentication information that is required when you call the Kubernetes API:
```
cat  $KUBECONFIG |grep client-certificate-data | awk -F ' ' '{print $2}' |base64 -d > client-cert.pem
cat  $KUBECONFIG |grep client-key-data | awk -F ' ' '{print $2}' |base64 -d > client-key.pem
APISERVER=`cat  $KUBECONFIG |grep server | awk -F ' ' '{print $2}'`
```
2. Call the Kubernetes API of the Fleet instance to query the clusters that are associated with the Fleet instance.
```
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/apis/cluster.open-cluster-management.io/v1/managedclusters
```
  Note
  The URL of the Kubernetes API is /apis/cluster.open-cluster-management.io/v1/managedclusters.
Use the proxy feature provided by the Kubernetes API of the Fleet instance to query resources in a cluster that is associated with the Fleet instance.
```
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/apis/cluster.core.oam.dev/v1alpha1/clustergateways/<The name of the cluster that you want to query>/proxy/api/v1/namespaces/demo/pods
```
Note
The URL of the proxy feature that is provided by the Kubernetes API is /apis/cluster.core.oam.dev/v1alpha1/clustergateways/<The name of the cluster>/proxy/<The Kubernetes API URL of the resources in the cluster>.