前提
用户能够通过多集群服务API在集群之间导出和导入服务。
注意:使用该特性需要满足成员集群的kubernetes版本在v1.21以上(包含v1.21)。
- 安装karmada
- 成员集群网络
确保至少有两个集群被添加到 Karmada,并且成员集群之间的容器网络可相互连接。这里已经使用了Submariner Globalnet模式打通了集群间网络。 - 安装 ServiceExport 和 ServiceImport CRD
创建 ClusterPropagationPolicy 来分发这两个 CRD 到成员集群。# propagate ServiceExport CRD apiVersion: policy.karmada.io/v1alpha1 kind: ClusterPropagationPolicy metadata: name: serviceexport-policy spec: resourceSelectors: - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition name: serviceexports.multicluster.x-k8s.io placement: clusterAffinity: clusterNames: - member1 - member2 - member3 --- # propagate ServiceImport CRD apiVersion: policy.karmada.io/v1alpha1 kind: ClusterPropagationPolicy metadata: name: serviceimport-policy spec: resourceSelectors: - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition name: serviceimports.multicluster.x-k8s.io placement: clusterAffinity: clusterNames: - member1 - member2 - member3
步骤
在member1集群上部署服务
apiVersion: apps/v1
kind: Deployment
metadata:
name: serve
spec:
replicas: 1
selector:
matchLabels:
app: serve
template:
metadata:
labels:
app: serve
spec:
containers:
- name: serve
image: jeremyot/serve:0a40de8
args:
- "--message='hello from cluster member1 (Node: {{env \"NODE_NAME\"}} Pod: {{env \"POD_NAME\"}} Address: {{addr}})'"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
---
apiVersion: v1
kind: Service
metadata:
name: serve
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: serve
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: mcs-workload
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: serve
- apiVersion: v1
kind: Service
name: serve
placement:
clusterAffinity:
clusterNames:
- member1
导出服务到 member2 集群
在karmada控制平面上创建一个 ServiceExport 对象,然后创建一个 PropagationPolicy ,将 ServiceExport 对象分发到 member1 集群。
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceExport
metadata:
name: serve
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: serve-export-policy
spec:
resourceSelectors:
- apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceExport
name: serve
placement:
clusterAffinity:
clusterNames:
- member1
在karmada控制平面上创建一个 ServiceImport 对象,然后创建一个 PropagationPlicy 来分发 ServiceImport 对象到 member2 集群。
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceImport
metadata:
name: serve
spec:
type: ClusterSetIP
ports:
- port: 80
protocol: TCP
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: serve-import-policy
spec:
resourceSelectors:
- apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceImport
name: serve
placement:
clusterAffinity:
clusterNames:
- member2vim svcimport.yaml
vim svcexport.yaml
ka get serviceimport
ka get serviceexport
ka get propagationpolicy
ka get svc
从 member2 集群获取服务
经过上述步骤,我们可以在 member2 集群上找到前缀为 derived- 的派生服务。然后,我们可以访问派生服务来访问member1集群上的服务。
member3上没有,因为没有导入到member3中。
使用服务derived-serve的 CLUSTER-IP 10.110.165.85持续访问该服务3s。
k --kubeconfig kubeconfig.member2 run -i --rm --restart=Never --image=jeremyot/request:0a40de8 request -- --duration=3s --address=10.110.165.85
注意
这里不能用上面的方法测试,会无法连接。因为我这个环境已经使用了external-webhook,所以需要使用globalingressips来替代CLUSTER-IP。
k get globalingressips.submariner.io
k --kubeconfig kubeconfig.member2 run -i --rm --restart=Never --image=jeremyot/request:0a40de8 request -- --duration=3s --address=242.0.255.252
实现了跨集群服务访问。