- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
-
UCS Clusters
- Overview
- Huawei Cloud Clusters
-
On-Premises Clusters
- Overview
- Service Planning for On-Premises Cluster Installation
- Registering an On-Premises Cluster
- Installing an On-Premises Cluster
- Managing an On-Premises Cluster
- Attached Clusters
- Multi-Cloud Clusters
- Single-Cluster Management
- Fleets
-
Cluster Federation
- Overview
- Enabling Cluster Federation
- Using kubectl to Connect to a Federation
- Upgrading a Federation
-
Workloads
- Workload Creation
-
Container Settings
- Setting Basic Container Information
- Setting Container Specifications
- Setting Container Lifecycle Parameters
- Setting Health Check for a Container
- Setting Environment Variables
- Configuring a Workload Upgrade Policy
- Configuring a Scheduling Policy (Affinity/Anti-affinity)
- Configuring Scheduling and Differentiation
- Managing a Workload
- ConfigMaps and Secrets
- Services and Ingresses
- MCI
- MCS
- DNS Policies
- Storage
- Namespaces
- Multi-Cluster Workload Scaling
- Adding Labels and Taints to a Cluster
- RBAC Authorization for Cluster Federations
- Image Repositories
- Permissions
-
Policy Center
- Overview
- Basic Concepts
- Enabling Policy Center
- Creating and Managing Policy Instances
- Example: Using Policy Center for Kubernetes Resource Compliance Governance
-
Policy Definition Library
- Overview
- k8spspvolumetypes
- k8spspallowedusers
- k8spspselinuxv2
- k8spspseccomp
- k8spspreadonlyrootfilesystem
- k8spspprocmount
- k8spspprivilegedcontainer
- k8spsphostnetworkingports
- k8spsphostnamespace
- k8spsphostfilesystem
- k8spspfsgroup
- k8spspforbiddensysctls
- k8spspflexvolumes
- k8spspcapabilities
- k8spspapparmor
- k8spspallowprivilegeescalationcontainer
- k8srequiredprobes
- k8srequiredlabels
- k8srequiredannotations
- k8sreplicalimits
- noupdateserviceaccount
- k8simagedigests
- k8sexternalips
- k8sdisallowedtags
- k8sdisallowanonymous
- k8srequiredresources
- k8scontainerratios
- k8scontainerrequests
- k8scontainerlimits
- k8sblockwildcardingress
- k8sblocknodeport
- k8sblockloadbalancer
- k8sblockendpointeditdefaultrole
- k8spspautomountserviceaccounttokenpod
- k8sallowedrepos
- Configuration Management
- Traffic Distribution
- Observability
- Container Migration
- Pipeline
- Error Codes
-
UCS Clusters
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
-
API
- UCS Cluster
-
Fleet
- Adding a Cluster to a Fleet
- Removing a Cluster from a Fleet
- Registering a Fleet
- Deleting a Fleet
- Querying a Fleet
- Adding Clusters to a Fleet
- Updating Fleet Description
- Updating Permission Policies Associated with a Fleet
- Updating the Zone Associated with the Federation of a Fleet
- Obtaining the Fleet List
- Enabling Fleet Federation
- Disabling Cluster Federation
- Querying Federation Enabling Progress
- Creating a Federation Connection and Downloading kubeconfig
- Creating a Federation Connection
- Downloading Federation kubeconfig
- Permissions Management
- Using the Karmada API
- Appendix
-
FAQs
- About UCS
-
Billing
- How Is UCS Billed?
- What Status of a Cluster Will Incur UCS Charges?
- Why Am I Still Being Billed After I Purchase a Resource Package?
- How Do I Change the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly?
- What Types of Invoices Are There?
- Can I Unsubscribe from or Modify a Resource Package?
-
Permissions
- How Do I Configure Access Permissions for Each Function of the UCS Console?
- What Can I Do If an IAM User Cannot Obtain Cluster or Fleet Information After Logging In to UCS?
- How Do I Restore ucs_admin_trust I Deleted or Modified?
- What Can I Do If I Cannot Associate the Permission Policy with a Fleet or Cluster?
- How Do I Clear RBAC Resources After a Cluster Is Unregistered?
- Policy Center
-
Fleets
- What Can I Do If Cluster Federation Verification Fails to Be Enabled for a Fleet?
- What Can I Do If an Abnormal, Federated Cluster Fails to Be Removed from the Fleet?
- What Can I Do If an Nginx Ingress Is in the Unready State After Being Deployed?
- What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
- Huawei Cloud Clusters
- Attached Clusters
-
On-Premises Clusters
- What Can I Do If an On-Premises Cluster Fails to Be Connected?
- How Do I Manually Clear Nodes of an On-Premises Cluster?
- How Do I Downgrade a cgroup?
- What Can I Do If the VM SSH Connection Times Out?
- How Do I Expand the Disk Capacity of the CIA Add-on in an On-Premises Cluster?
- What Can I Do If the Cluster Console Is Unavailable After the Master Node Is Shut Down?
- What Can I Do If a Node Is Not Ready After Its Scale-Out?
- How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
- What Can I Do If an On-Premises Cluster Fails to Be Installed?
- Multi-Cloud Clusters
-
Cluster Federation
- What Can I Do If the Pre-upgrade Check of the Cluster Federation Fails?
- What Can I Do If a Cluster Fails to Be Added to a Federation?
- What Can I Do If Status Verification Fails When Clusters Are Added to a Federation?
- What Can I Do If an HPA Created on the Cluster Federation Management Plane Fails to Be Distributed to Member Clusters?
- What Can I Do If an MCI Object Fails to Be Created?
- What Can I Do If I Fail to Access a Service Through MCI?
- What Can I Do If an MCS Object Fails to Be Created?
- What Can I Do If an MCS or MCI Instance Fails to Be Deleted?
- Traffic Distribution
- Container Intelligent Analysis
- General Reference
Copied.
Using Cluster Federation to Implement Multi-Active DR for Applications
Application Scenarios
To tackle single points of failure (SPOFs), UCS allows instances of an application to run on multiple clouds. When one of the clouds is down, cluster federation will migrate instances to other clouds and switch over traffic within seconds, significantly improving service reliability.
Figure 1 shows the multi-active DR solution in UCS. Under DNS policies, instances of an application are distributed to three Kubernetes clusters: two Huawei Cloud CCE clusters (deployed in different regions) and one third-party cloud cluster.
Prerequisites
- You have created a cluster. The following is an example of creating a CCE cluster (guide: Buying a CCE cluster in two regions (CN South-Guangzhou and CN East-Shanghai1). The Kubernetes version must be 1.19 or later, and each cluster must have at least one available node.
NOTE:
In your production environment, you can deploy clusters in different regions, AZs, or even clouds to implement multi-active DR.
- You have created a public zone in Huawei Cloud DNS. For details, see Routing Internet Traffic to a Website.
Setting Up the Basic Environment
- Register clusters to UCS and configure cluster access. For details, see Registering a Cluster.
For example, register clusters ccecluster01 and ccecluster02 to the fleet ucs-group of UCS and check whether the clusters are running normally.
- Enable cluster federation for the fleet and ensure that the clusters have been connected to a federation. For details, see Cluster Federation.
Figure 2 Clusters
- Creating Workloads
To show the traffic switchover effect, the container image versions of the two clusters in this section are different. (This difference does not exist in the actual production environment.)
- Cluster ccecluster01: If the example application uses the image nginx:gz, the message "ccecluster01 is in Guangzhou." will be returned.
- Cluster ccecluster02: If the example application uses the image nginx:sh, the message "ccecluster02 is in Shanghai." will be returned.
Before the operation, upload the images of the example applications to the SWR image repository in the region where the clusters are located. That is, upload the image nginx:gz to CN South-Guangzhou and the image nginx:sh to CN East-Shanghai1. Otherwise, the workloads will malfunction because it cannot pull the images.
NOTE:
In this example, example clusters and workloads are not limited in terms of cloud service providers, regions, and quantity.
- Log in to the UCS console. In the navigation pane, choose Fleets.
- Click the name of the fleet for which cluster federation has been enabled. The fleet console is displayed.
- In the navigation pane, choose Federation > Workloads. In the upper right corner, click Create from Image.
- Enter the basic information and configure container parameters. The image name can be user-defined. Click Next: Scheduling and Differentiation.
- Configure the cluster scheduling policy, complete differentiated cluster configuration, and click Create Workload.
- Scheduling: Select Cluster weight and set the weight of each cluster to 1.
- Differentiated Settings: Click
on the left of the cluster to enable differentiated settings. Set the image name of ccecluster01 to swr.cn-south-1.myhuaweicloud.com/kubernetes-test2/nginx:gz (address of the image nginx:gz in the SWR image repository) and that of ccecluster02 to swr.cn-east-3.myhuaweicloud.com/kubernetes-test2/nginx:sh.
Figure 3 Scheduling and differentiation - Create a LoadBalancer access.
- Log in to the Huawei Cloud UCS console. In the navigation pane, choose Fleets.
- Click the name of the fleet for which cluster federation has been enabled. The fleet console is displayed.
- In the navigation pane, choose Federation > Services and Ingresses. In the upper right corner, click Create Service.
- Configure the parameters and click OK.
- Service Type: Select LoadBalancer.
- Port: Select TCP for Protocol, and enter the service port and container port, for example, 8800 and 80.
- Cluster: Click
to add clusters ccecluster01 and ccecluster02 in sequence. Select a shared load balancer for LoadBalancer. The load balancer must be in the VPC of each cluster. If no load balancer is available in the list, click Create Load Balancer to create one on the ELB console. Retain default values for other parameters.
- Selector: Services are associated with workloads through selectors. In this example, a workload label is referenced to add a label.
Figure 4 Creating a Service
- Create a DNS policy.
- Log in to the Huawei Cloud UCS console. In the navigation pane, choose Fleets.
- Click the name of the fleet for which cluster federation has been enabled. The fleet console is displayed.
- In the navigation pane, choose Federation > DNS Policies. Then, add a root domain name.
- In the upper right corner, click Create DNS Policy. Then, configure the parameters.
- Target Service: Select the Service created in 4.
- Distribution Mode: Select Adaptive. Traffic will be automatically distributed based on the number of pods in each cluster. In this example, both ccecluster01 and ccecluster02 contain one pod, so each cluster receives 50% of the traffic.
Figure 5 Traffic ratio topology
Verifying Multi-Active DR
You have deployed applications in clusters ccecluster01 and ccecluster02 and allowed external access via LoadBalancer Services. After the DNS policy in 5 is created, the system automatically adds a resolution record for the selected root domain name and generates a unified external access path (domain name address) on UCS. This allows you to access the domain name address to verify traffic distribution.
- Obtain the domain name address.
- Log in to the UCS console. In the navigation pane, choose Fleets.
- Click the name of the fleet for which cluster federation has been enabled. The fleet console is displayed.
- In the navigation pane, choose Federation > DNS Policies. The value of Domain Name Address in the list is the domain name address.
- Run the following command on a host that has been connected to the public network to continuously access the domain name address and check the cluster application processing status.
- Generally, applications in both clusters receive traffic and each cluster processes 50% of the traffic.
while true;do wget -q -O- helloworld.default.mcp-xxx.svc.xxx.co:8800; done ccecluster01 is in Guangzhou. ccecluster02 is in Shanghai. ccecluster01 is in Guangzhou. ccecluster02 is in Shanghai. ccecluster01 is in Guangzhou. ccecluster02 is in Shanghai. ...
- When an application exception occurs on ccecluster01 (simulating an application exception by shutting down a cluster node), the system routes all traffic to ccecluster02, so that users are unaware of the exception.
while true;do wget -q -O- helloworld.default.mcp-xxx.svc.xxx.co:8800; done ccecluster02 is in Shanghai. ccecluster02 is in Shanghai. ccecluster02 is in Shanghai. ccecluster02 is in Shanghai. ccecluster02 is in Shanghai. ccecluster02 is in Shanghai. ...
Return to the UCS console. You can see that the cluster traffic ratio in the domain name list has changed. ccecluster02 takes over 100% traffic, which is consistent with the configured traffic ratio and what we have observed.
- Generally, applications in both clusters receive traffic and each cluster processes 50% of the traffic.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot