Enterprise Distributed Application Service (EDAS) integrates Container Service for Kubernetes (ACK) so that you can use Kubernetes to manage containerized applications on Alibaba Cloud. You can create Kubernetes clusters in the Container Service for Kubernetes (ACK) console. For hybrid cloud clusters such as Kubernetes clusters deployed on third-party clouds or self-managed Kubernetes clusters deployed in data centers, you can register the clusters in the Container Service for Kubernetes (ACK) console. Then, you can import the clusters to EDAS to deploy applications to them. EDAS provides high-availability management of containerized applications and improves O&M efficiency so that you can focus on developing and managing containerized applications.

Features of Kubernetes clusters in EDAS

EDAS allows you to import the dedicated Kubernetes clusters, managed Kubernetes clusters, and serverless Kubernetes clusters that you create in the Container Service for Kubernetes (ACK) console. For more information about the comparison among the three types of clusters, see What is Container Service for Kubernetes?

Dedicated Kubernetes clusters and managed Kubernetes clusters that are imported to EDAS correspond to ACK clusters in EDAS. Serverless Kubernetes clusters that are imported to EDAS correspond to serverless Kubernetes clusters in EDAS.

Before you import hybrid cloud clusters such as Kubernetes clusters deployed on third-party clouds or self-managed Kubernetes clusters deployed in data centers to EDAS, you must register the clusters in the Container Service for Kubernetes (ACK) console. Hybrid cloud clusters that are imported to EDAS correspond to ACK clusters in EDAS.

For more information about how to register a hybrid cloud cluster in the Container Service for Kubernetes (ACK) console, see Create a cluster registration proxy and register an on-premises cluster.

Kubernetes clusters that are managed in EDAS have the following advantages over self-managed Kubernetes clusters:
  • On top of cloud-native Kubernetes, EDAS provides the application hosting capability to implement open source microservice governance and lightweight O&M of Kubernetes applications from the application perspective.
    • From the application-centric perspective, EDAS manages Kubernetes-native workloads such as deployments and pods, and provides high-availability deployment of instances across zones.
    • EDAS provides phased release and canary release based on the traffic ratio and request parameters. EDAS monitors the entire change process and therefore makes your change records traceable.
    • EDAS integrates with mainstream DevOps systems to help enterprises implement continuous integration (CI) and continuous delivery (CD). This way, EDAS helps enterprises reduce costs and improve efficiency.
  • On top of open source microservice systems, you can migrate the microservice applications that you build based on the Spring Cloud and Dubbo frameworks commercially available in the past five years to EDAS without the need to modify code. EDAS supports the following microservice governance capabilities for all the application frameworks:
    • Lossless shutdown and stress testing during application release
    • Service authentication, throttling and degradation, and outlier instance removal during the application runtime
    • Service query and testing in application O&M
  • Alibaba Cloud packages its idea of supporting observability, canary release, and rollback for application production security into services, and therefore allows you to immediately implement production security.
    • Observability: End-to-end monitoring in multiple dimensions is implemented based on application overview, release change records, and automatic generation of release reports.
    • Canary release: Canary release is supported for applications based on the traffic ratio or request content policy configuration.
    • Rollback: One-click rollback is supported during the release process, and running applications can be rolled back to an earlier version.

Workflow for Kubernetes clusters

To deploy an application in an ACK cluster, you must create or register an ACK cluster in the Container Service for Kubernetes (ACK) console and import the cluster to the EDAS console. Then, you must use a deployment package or an image in the imported Container Service for Kubernetes (ACK) cluster to deploy the application.

Procedure for creating an application in a Kubernetes cluster
Note In EDAS, the procedure for managing ACK clusters is similar to that for managing hybrid cloud clusters. In this topic, the procedure for managing ACK clusters is used as an example.

Prerequisites

  • EDAS is activated for your Alibaba Cloud account. For more information, see Activate EDAS.
  • ACK is activated and role authorization is complete for your Alibaba Cloud account. For more information, see ACK default roles.
  • Required permissions including the logon permissions are granted by your Alibaba Cloud account to a RAM user that is used to manage Kubernetes clusters.

Create a Kubernetes cluster in the Container Service for Kubernetes (ACK) console

  • To use an ACK cluster in EDAS, create a managed Kubernetes cluster or a dedicated Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see the following topics:
  • To use a serverless Kubernetes cluster in EDAS, create a serverless Kubernetes cluster in the Container Service for Kubernetes (ACK) console. For more information, see Create an ASK cluster.

Import a Kubernetes cluster to the EDAS console

Notice We recommend that you get familiar with the operation limits imposed by EDAS before you import a Kubernetes cluster. For more information, see Constraints on importing a Kubernetes cluster.
  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Resource Management > Container Service Kubernetes Clusters.
  3. In the top navigation bar, select the region where the microservice namespace that you want to use is located. From the Microservice Namespace drop-down list, select the microservice namespace to which you want to import an ACK cluster. Then, click Synchronize Container Service Kubernetes Cluster.
  4. In the Actions column of the ACK cluster that you want to import, click Import.
  5. In the Import Kubernetes Cluster dialog box, select a microservice namespace from the Microservice Namespaces drop-down list, turn on Service Mesh as needed, and then click Import.
    Note
    • If you have not created a microservice namespace, the default microservice namespace is selected.
    • If you need to deploy a multi-language application, turn on Service Mesh.
    • After you turn on Service Mesh, two internal-facing Server Load Balancer (SLB) instances with the slb.s1.small specification are created by default for management. The ports of the two SLB instances, port 6443 and port 15011, are exposed. For more information, see the "Context" section of the Create an ASM instance topic.

      You are charged for the two SLB instances that are automatically created. For more information about the billing rules, see Subscription.

    If the value of the Cluster Status parameter is Running and the value of the Import Status parameter is Imported. for the ACK cluster, the ACK cluster is imported to EDAS.

Cancel the import and clean up a Kubernetes cluster in the EDAS console

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Resource Management > Container Service Kubernetes Clusters or Resource Management > Serverless Kubernetes Clusters.
  3. In the top navigation bar, select the region where the cluster is located. From the Microservice Namespace drop-down list, select the microservice namespace where the cluster is located. In the Actions column of the cluster, click Cancel Import. In the Note message, click OK.
    • If the value of the Cluster Status parameter is Running, you can import the cluster to EDAS again to create applications.
    • If the value of the Cluster Status parameter is Deleted, you can click Clear in the Actions column to remove the cluster from the cluster list in EDAS.
      Note For more information about operations and FAQ about cluster deletion, see Delete an ACK cluster.

View a Kubernetes cluster in the EDAS console

  1. Log on to the EDAS console.
  2. In the left-side navigation pane, choose Resource Management > Container Service Kubernetes Clusters or Resource Management > Serverless Kubernetes Clusters.
  3. Click the ID of the cluster that you want to view. The Cluster Details page appears.
    On the Cluster Details page, you can view the cluster details, Elastic Compute Service (ECS) instances, deployments, and applications.
    • Cluster Information: This section displays basic information about the cluster, including Cluster ID, csClusterId, Cluster Name, Microservice Namespace, Cluster Type, VPC ID, Network Type, Cluster Status, and Description.
      • In the Cluster Information section, click View Details in the upper-right corner to view the details of the cluster.
      • In the Cluster Information section, click Edit in the upper-right corner to modify the cluster description.
    • ECS Instance: This section displays the ECS instances in the cluster and the overview of ECS instances.
    • Deployments: This section displays the self-managed deployments on third-party platforms that you convert to and manage in EDAS.
    • Applications: This section displays the applications in the cluster. You can view the application name, JDK version, application runtime environment, total number of instances, number of running instances, and owner. You can click the name of an application to go to the Application Details page.

Constraints on importing a Kubernetes cluster

  • Constraints on configuring the security group of the Kubernetes cluster:
    • You must ensure that all the nodes in the Kubernetes cluster are in or can connect to the security group of the cluster. For more information, see Why do containers fail to communicate with each other?.
    • You must not delete the default rules that are set by ACK for the security group.
  • Constraints on configuring nodes in the Kubernetes cluster:
    • To ensure that the management component of EDAS properly runs in the cluster, you must reserve sufficient CPUs, memory, and pods that can be allocated.
    • You must not delete the KubernetesWorkerRole-* RAM role that ACK configures for a node.
  • Constraints on configuring an SLB instance for API Server of the Kubernetes cluster:
    • You must not block access requests from the 100.104.0.0/16 internal addresses.
    • You must not delete the built-in tags added to the SLB instance by ACK.
    • You must not reuse port 6443 on the SLB instance.
  • Constraints on managing Helm charts in the Kubernetes cluster:
    • You must not delete the ahas-sentinel-pilot, arms-eventer, arms-pilot, or arms-prom component installed by EDAS and all resources installed by these Helm charts.
    • You must not install open source oam-runtime, kubevela, keda, or flagger.
    • You must not delete or modify Kubernetes resources within the edas-oam-system namespace.
  • Constraint on managing ClusterRole:

    You must not use the ACK console, kubectl, or third-party tools to delete or modify edas-default-cluster-role.

  • Constraint on managing ClusterRoleBinding:

    You must not use the ACK console, kubectl, or third-party tools to delete or modify edas-default-cluster-role-binding, edas-oam-cluster-role-binding, or keda-hpa-controller-external-metrics.

  • Constraints on managing custom resource definitions (CRDs) and custom resources (CRs):
    • You must not directly manage the following CRDs or CRs:
      • alertproviders.flagger.app
      • applicationconfigurations.core.oam.dev
      • applications.oam-domain.alibabacloud.com
      • applicationscopes.core.oam.dev
      • autoscalings.edas.aliyun.oam.com
      • basecomponents.oam-domain.alibabacloud.com
      • canaries.flagger.app
      • componentschematics.core.oam.dev
      • crdreleases.clm.cloudnativeapp.io
      • dynamiclabels.extension.oam.dev
      • imagebuilders.edas.aliyun.oam.com
      • logcollectors.edas.aliyun.oam.com
      • meshtraits.edas.aliyun.oam.com
      • metrictemplates.flagger.app
      • mseruletraits.edas.aliyun.oam.com
      • packageversions.oam-domain.alibabacloud.com
      • rollouts.edas.aliyun.oam.com
      • scaledobjects.keda.k8s.io
      • scalingrules.oam-domain.alibabacloud.com
      • serviceregistrytraits.edas.aliyun.oam.com
      • servicetraits.edas.aliyun.oam.com
      • sources.clm.cloudnativeapp.io
      • traits.core.oam.dev
      • triggerauthentications.keda.k8s.io
      • workloadtypes.core.oam.dev
    • You must not modify the aliyunlogconfigs.log.alibabacloud.com resources created by EDAS. The resources have the edas-domain: edas-admin tag.

References