- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
-
UCS Clusters
- Overview
- Huawei Cloud Clusters
-
On-Premises Clusters
- Overview
- Service Planning for On-Premises Cluster Installation
- Registering an On-Premises Cluster
- Installing an On-Premises Cluster
- Managing an On-Premises Cluster
- Attached Clusters
- Multi-Cloud Clusters
- Single-Cluster Management
- Fleets
-
Cluster Federation
- Overview
- Enabling Cluster Federation
- Using kubectl to Connect to a Federation
- Upgrading a Federation
-
Workloads
- Workload Creation
-
Container Settings
- Setting Basic Container Information
- Setting Container Specifications
- Setting Container Lifecycle Parameters
- Setting Health Check for a Container
- Setting Environment Variables
- Configuring a Workload Upgrade Policy
- Configuring a Scheduling Policy (Affinity/Anti-affinity)
- Configuring Scheduling and Differentiation
- Managing a Workload
- ConfigMaps and Secrets
- Services and Ingresses
- MCI
- MCS
- DNS Policies
- Storage
- Namespaces
- Multi-Cluster Workload Scaling
- Adding Labels and Taints to a Cluster
- RBAC Authorization for Cluster Federations
- Image Repositories
- Permissions
-
Policy Center
- Overview
- Basic Concepts
- Enabling Policy Center
- Creating and Managing Policy Instances
- Example: Using Policy Center for Kubernetes Resource Compliance Governance
-
Policy Definition Library
- Overview
- k8spspvolumetypes
- k8spspallowedusers
- k8spspselinuxv2
- k8spspseccomp
- k8spspreadonlyrootfilesystem
- k8spspprocmount
- k8spspprivilegedcontainer
- k8spsphostnetworkingports
- k8spsphostnamespace
- k8spsphostfilesystem
- k8spspfsgroup
- k8spspforbiddensysctls
- k8spspflexvolumes
- k8spspcapabilities
- k8spspapparmor
- k8spspallowprivilegeescalationcontainer
- k8srequiredprobes
- k8srequiredlabels
- k8srequiredannotations
- k8sreplicalimits
- noupdateserviceaccount
- k8simagedigests
- k8sexternalips
- k8sdisallowedtags
- k8sdisallowanonymous
- k8srequiredresources
- k8scontainerratios
- k8scontainerrequests
- k8scontainerlimits
- k8sblockwildcardingress
- k8sblocknodeport
- k8sblockloadbalancer
- k8sblockendpointeditdefaultrole
- k8spspautomountserviceaccounttokenpod
- k8sallowedrepos
- Configuration Management
- Traffic Distribution
- Observability
- Container Migration
- Pipeline
- Error Codes
-
UCS Clusters
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
-
API
- UCS Cluster
-
Fleet
- Adding a Cluster to a Fleet
- Removing a Cluster from a Fleet
- Registering a Fleet
- Deleting a Fleet
- Querying a Fleet
- Adding Clusters to a Fleet
- Updating Fleet Description
- Updating Permission Policies Associated with a Fleet
- Updating the Zone Associated with the Federation of a Fleet
- Obtaining the Fleet List
- Enabling Fleet Federation
- Disabling Cluster Federation
- Querying Federation Enabling Progress
- Creating a Federation Connection and Downloading kubeconfig
- Creating a Federation Connection
- Downloading Federation kubeconfig
- Permissions Management
- Using the Karmada API
- Appendix
-
FAQs
- About UCS
-
Billing
- How Is UCS Billed?
- What Status of a Cluster Will Incur UCS Charges?
- Why Am I Still Being Billed After I Purchase a Resource Package?
- How Do I Change the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly?
- What Types of Invoices Are There?
- Can I Unsubscribe from or Modify a Resource Package?
-
Permissions
- How Do I Configure Access Permissions for Each Function of the UCS Console?
- What Can I Do If an IAM User Cannot Obtain Cluster or Fleet Information After Logging In to UCS?
- How Do I Restore ucs_admin_trust I Deleted or Modified?
- What Can I Do If I Cannot Associate the Permission Policy with a Fleet or Cluster?
- How Do I Clear RBAC Resources After a Cluster Is Unregistered?
- Policy Center
-
Fleets
- What Can I Do If Cluster Federation Verification Fails to Be Enabled for a Fleet?
- What Can I Do If an Abnormal, Federated Cluster Fails to Be Removed from the Fleet?
- What Can I Do If an Nginx Ingress Is in the Unready State After Being Deployed?
- What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
- Huawei Cloud Clusters
- Attached Clusters
-
On-Premises Clusters
- What Can I Do If an On-Premises Cluster Fails to Be Connected?
- How Do I Manually Clear Nodes of an On-Premises Cluster?
- How Do I Downgrade a cgroup?
- What Can I Do If the VM SSH Connection Times Out?
- How Do I Expand the Disk Capacity of the CIA Add-on in an On-Premises Cluster?
- What Can I Do If the Cluster Console Is Unavailable After the Master Node Is Shut Down?
- What Can I Do If a Node Is Not Ready After Its Scale-Out?
- How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
- What Can I Do If an On-Premises Cluster Fails to Be Installed?
- Multi-Cloud Clusters
-
Cluster Federation
- What Can I Do If the Pre-upgrade Check of the Cluster Federation Fails?
- What Can I Do If a Cluster Fails to Be Added to a Federation?
- What Can I Do If Status Verification Fails When Clusters Are Added to a Federation?
- What Can I Do If an HPA Created on the Cluster Federation Management Plane Fails to Be Distributed to Member Clusters?
- What Can I Do If an MCI Object Fails to Be Created?
- What Can I Do If I Fail to Access a Service Through MCI?
- What Can I Do If an MCS Object Fails to Be Created?
- What Can I Do If an MCS or MCI Instance Fails to Be Deleted?
- Traffic Distribution
- Container Intelligent Analysis
- General Reference
Copied.
Creating an MCS Object
Constraints
- MCS is only available in clusters v1.21 or later.
- A Service, with both MCI and MCS configured, can only be delivered to the cluster where the Service is deployed, the cluster that accesses the Service, and the cluster where the corresponding workload is deployed in MCS.
Preparations
- Deploying Workloads and Services
Deploy available workloads (Deployments) and Services on the federation control plane. If no workload or Service is available, create one by referring to Deployments and ClusterIP.
- Configuring the Multi-Cluster Networking
Check and configure the network connectivity of both inter-cluster nodes and containers by referring to Configuring the Multi-Cluster Networking.
If the error message "policy doesn't allow 'get loadbalancer' to be performed." or "because no identity-based policy allows the xxx action." is displayed during MCS instance creation, the agency permissions do not take effect. Wait for a while and try again. If it is displayed in the Events window, ignore it.
Creating an MCS Object Using YAML on the Console
- Log in to the UCS console. In the navigation pane, choose Fleets.
- On the Fleets tab, click the name of the federation-enabled fleet to access the fleet console.
- In the navigation pane, choose Services and Ingresses. Then, click the MCS tab.
- Click Create from YAML in the upper right corner.
- Select YAML for Current Data and edit the configuration in the editing area. (Configure the parameters as needed.)
apiVersion: networking.karmada.io/v1alpha1 kind: MultiClusterService metadata: name: mcs-24132 # MCS object name namespace: default # Name of the namespace where the MCS object is located spec: types: - CrossCluster # Inter-cluster service discovery providerClusters: - name: cluster-25043 # The cluster that this Service will be deployed in consumerClusters: - name: cluster-29544 # The cluster that will access this Service
- Click OK.
Creating an MCS Object Using kubectl
- Use kubectl to connect to the federation. For details, see Using kubectl to Connect to a Federation.
- Create and edit the mcs.yaml file. For details about the parameters in this file, see Table 1.
vi mcs.yaml
In the example, the defined MCS object is associated with Service foo. This Service is deployed in cluster B and can be accessed from cluster A.
apiVersion: networking.karmada.io/v1alpha1 kind: MultiClusterService metadata: name: foo # MCS object name namespace: default # Name of the namespace where the MCS object is located spec: types: - CrossCluster # Inter-cluster service discovery providerClusters: # Cluster that the Service is delivered to - name: clusterB consumerClusters: # Cluster that accesses the Service - name: clusterA
Table 1 Key parameters Parameter
Mandatory
Type
Description
metadata.name
Yes
String
Name of the MCS object, which must be the same as that of the associated Service.
metadata.namespace
No
String
Name of the namespace where the MCS object is located, which must be the same as that of the namespace where the associated Service is located. If this parameter is left blank, default is used.
spec.types
Yes
String
Traffic direction. To enable service discovery across clusters, set this parameter to CrossCluster.
spec.providerClusters.name
No
String
Name of the cluster that the Service is delivered to. Set this parameter to the cluster where the Service is deployed. If this parameter is left blank, the Service is delivered to all clusters in the federation by default.
CAUTION:If a Service is deployed in cluster B but cluster A and cluster B are both configured as the delivery targets, the Service is delivered to both clusters. The original Service with the same name in cluster A will be overwritten.
spec.consumerClusters.name
No
String
Name of the cluster that accesses the Service. Set this parameter to the name of the cluster that is expected to access the Service across clusters through MCS. If this parameter is left blank, all clusters in the federation can access the Service by default.
- Create an MCS object.
kubectl apply -f mcs.yaml
- Check the status of the MCS object (named foo).
kubectl describe mcs foo
The status field in the YAML file records the MCS object status. If the following information is displayed, the endpoint slices are successfully delivered and synchronized, and cross-cluster service discovery is available:
status: conditions: - lastTransitionTime: "2023-11-20T02:30:49Z" message: EndpointSlices are propagated to target clusters. reason: EndpointSliceAppliedSuccess status: "True" type: EndpointSliceApplied
Run the following commands to operate the MCS object (named foo):- kubectl get mcs foo: obtains the MCS object.
- kubectl edit mcs foo: updates the MCS object.
- kubectl delete mcs foo: deletes the MCS object.
Cross-Cluster Access
After the MCS object is created, you can access the Service from the cluster specified by consumerClusters.name.
In the cluster specified by consumerClusters.name, create a pod, access the container, and run the curl http://Service name:Port number command to access the Service.
If the following information is displayed, the access is successful:
/ # curl http://Service name:Port number ... <h1>Welcome to foo!</h1> ...
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot