Use the DNS proxy feature to discover services in multiple clusters - Alibaba Cloud Service Mesh

When services cannot communicate with each other in a multi-cluster environment, you can use the DNS proxy feature to resolve cross-cluster service requests to implement multi-cluster service discovery. This can ensure smooth routing and fast access to services, enhance service scalability and flexibility, and reduce system complexity.

Prerequisites

Two Container Service for Kubernetes (ACK) clusters, m1c1 and m1c2 in this example, are added to an ASM instance. For more information, see Step 1 to Step 3 in Use an ASM serverless gateway to act as a single entry point for access to multiple clusters.
Automatic sidecar proxy injection is enabled for the default namespace. For more information, see Manage global namespaces.

Feature description

When you deploy an application in multiple clusters, its services deployed in different clusters cannot discover each other. To implement cross-cluster service calls, you must deploy the same service in both clusters so that the workload that sends a service request can discover services in the other cluster based on the response of a DNS request.

The following example shows how to deploy the services of an application in multiple clusters. In this example, all service mesh proxies in cluster 1 and cluster 2 are centrally managed by a Service Mesh control plane. The call relationship between services is that the sleep service calls the HTTPBin service. The sleep service is deployed only in cluster 1, and the HTTPBin service is deployed only in cluster 2. In this case, the sleep service cannot call the HTTPBin service because no HTTPBin service is deployed in cluster 1. The sleep service cannot automatically discover the HTTPBin service.

Service Mesh supports the DNS proxy feature. After the DNS proxy feature is enabled, when a service mesh proxy receives a DNS query from a service, the service mesh proxy transparently intercepts and resolves the DNS query. This enables service discovery across clusters.

Step 1: Deploy the sleep and HTTPBin services

Use the following content to deploy the sleep service in m1c2. For more information, see Deploy an application in an ASM instance.

Expand to view the YAML file of the sleep service

apiVersion: v1
kind: ServiceAccount
metadata:
  name: sleep
---
apiVersion: v1
kind: Service
metadata:
  name: sleep
  labels:
    app: sleep
    service: sleep
spec:
  ports:
  - port: 80
    name: http
  selector:
    app: sleep
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      terminationGracePeriodSeconds: 0
      serviceAccountName: sleep
      containers:
      - name: sleep
        image: curl:8.1.2
        command: ["/bin/sleep", "infinity"]
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: /etc/sleep/tls
          name: secret-volume
      volumes:
      - name: secret-volume
        secret:
          secretName: sleep-secret
          optional: true
---

Use the following content to deploy the HTTPBin service in m1c1. For more information, see Deploy an application in an ASM instance.

Expand to view the YAML file of the HTTPBin service

apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
    service: httpbin
spec:
  ports:
  - name: http
    port: 8000
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kennethreitz/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80

Step 2: Check whether service discovery takes effect in multiple clusters

Use kubectl to connect to m1c2 based on the information in the kubeconfig file, and then run the following command to send a request from the sleep container:

kubectl exec -it deploy/sleep -c sleep -- curl httpbin:8000

Expected output:

curl: (6) Could not resolve host: httpbin

The HTTPBin service is not deployed in m1c2, and therefore the DNS service in m1c2 cannot resolve the domain name of the HTTPBin service. As a result, the sleep service fails to send the request. This indicates that service discovery does not take effect in multiple clusters.

Step 3: Enable the DNS proxy feature and check whether service discovery takes effect in multiple clusters

Enable the DNS proxy feature for the ASM instance. For more information, see the "Enable DNS Proxy" section in Configure sidecar proxies.
In m1c2, redeploy a workload for the sleep service. For more information, see the "(Optional) Redeploy workloads" section in Configure sidecar proxies.
Use kubectl to connect to m1c2 based on the information in the kubeconfig file, and then run the following command to send a request from the sleep container:

kubectl exec -it deploy/sleep -c sleep -- curl httpbin:8000

Expected output:

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <title>httpbin.org</title>
...

The expected output indicates that the response of the request is an HTML page of the HTTPBin service, which indicates that service discovery takes effect in multiple clusters.