Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Kubernetes Multi-Cluster Management: Empower Your Kubernetes Clusters

Kubernetes Multi-Cluster Management: Empower Your Kubernetes Clusters

This article introduces how Alibaba Cloud Container Service for Kubernetes (ACK) offers registered clusters to empower Kubernetes clusters.

By Yu Zhuang

Development and Challenges of Kubernetes Multi-clusters

With business growth, enterprises deploy and maintain multiple Kubernetes clusters to meet requirements for proximity deployment, isolation, capacity, and disaster recovery. For various reasons, these clusters may come from different service providers, such as different public cloud providers or private cluster providers. Although Kubernetes clusters are consistent with open-source standards, the O&M and security capabilities around clusters vary widely. Therefore, these Kubernetes clusters provided by different service providers or deployed in different locations bring great challenges to enterprises in regularly maintaining workflows, affecting the ease of use, stability, and security of Kubernetes clusters.

  1. Different observability tools, such as monitoring, events, logs, and alerts, increase daily learning and O&M workloads, raising the risk of oversights and errors.
  2. Different security capabilities, such as high-risk container alerts, policy management, and configuration inspection, lead to inconsistent security thresholds and higher risks.
  3. Different user authentication, permission management, and expiration mechanisms make configurations complex and prone to security vulnerabilities.
  4. Different cluster consoles provide inconsistent user experiences and increase daily usage costs.

For enterprises with self-managed Kubernetes clusters, another challenge is the lack of IaaS resource elasticity in IDC, such as long server procurement time and tight GPU server supplies, which cannot meet rapid business growth demands and make it difficult to balance resource costs with fluctuating business demand.

To address these challenges, the ACK team introduced registered clusters in 2019. Over the years, registered clusters have been widely used across various industries and customers to empower Kubernetes clusters comprehensively. It provides a one-stop console experience, O&M capabilities, and cloud scalability, helping you efficiently manage Kubernetes clusters provided by different service providers or deployed in different locations.

ACK One Registered Clusters Empower Kubernetes Clusters Outside Alibaba Cloud for Centralized Multi-Cluster Management

Distributed Cloud Container Platform for Kubernetes (ACK One) registered clusters are a type of cluster offered by Alibaba Cloud Container Service for Kubernetes (ACK). You can connect Kubernetes clusters provided by different service providers or deployed in different locations to the ACK console through registered clusters of ACK One. This provides ACK-like management capabilities and enables comprehensive empowerment of your Kubernetes clusters in DevOps, microservices governance, observability, security, disaster recovery, and cluster resource elasticity.

1

Architecture

1. Register Kubernetes Clusters Outside Alibaba Cloud to Registered Clusters

After creating an ACK One registered cluster, install the Agent Connector component in the Kubernetes cluster, and then the Agent Connector will establish a connection with the registered cluster. Subsequent operations by the user through the ACK console on the registered cluster will be forwarded via the Agent Connector to the API Server of the Kubernetes cluster, such as fetching cluster status and installing ACK components.

2. Use ACK Components to Extend Capabilities

Once Kubernetes clusters outside Alibaba Cloud are connected to registered clusters, various capabilities can be expanded. You can install specific ACK components based on your needs to enable cloud elasticity, O&M, and security capabilities.

3. Security Assurance

a) Both public internet and Express Connect circuits are supported, as well as Transport Layer Security (TLS) encryption.

b) Clusters can be connected in either normal mode or restricted mode:

• Normal Mode: All features in the ACK console are available, including workload management, O&M, and security.

• Restricted Mode: All role-based access control (RBAC) permissions of the Agent Connector are converged. In this mode, some features in the ACK console are unavailable, but you can enable the cloud elasticity capability of the cluster.

c) The Agent Connector for registered clusters is open sourced to ensure transparency. The address of the open-source project is:

https://github.com/AliyunContainerService/alibabacloud-ack-connector

Core Features

1. ACK-like O&M Experience

The O&M and management of Kubernetes clusters are centralized and provide an ACK-like O&M experience. It integrates Alibaba Cloud Application Real-Time Monitoring Service (ARMS), Simple Log Service (SLS), and the Security Center. After Kubernetes clusters outside Alibaba Cloud are connected to ACK One registered clusters, they can be centrally managed through the ACK console, including permissions, logs, monitoring, events, alerts, cost analysis, security inspection, and security policies.

2

2. Cloud Scaling: Elastic Expansion of Worker Resources in Self-Managed Kubernetes Clusters in IDC

When Kubernetes cluster resources in local data centers are insufficient, the scheduler provided by ACK can be used to expand Elastic Compute Service (ECS) node pools or Elastic Container Instances (ECIs) according to priority. Additionally, it supports reverse scaling and prioritizes scaling cloud resources to handle traffic fluctuations, thereby saving resource costs.

3

3. Data Backup and Disaster Recovery

ACK One allows you to back up, restore, and migrate data to the cloud. This ensures service continuity.

4

Summary

Using ACK One registered clusters, you can easily achieve centralized management of Alibaba Cloud ACK clusters and non-ACK clusters (clusters provided by third-party clouds and self-managed Kubernetes in IDC). It has been widely used in numerous enterprises across industries such as the Internet, telecommunication equipment, autonomous driving, biopharmaceuticals, intelligent manufacturing, gene technology, logistics, and automotive. Welcome to have a try!

Reference

[1] Overview of Registered Clusters:
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/user-guide/overview-9

[2] Auto Scaling of Registered Clusters:
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/user-guide/auto-scaling-1

[3] Observability of Registered Clusters:
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/user-guide/observability-of-external-clusters

[4] Backup Center Overview:
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/user-guide/backup-center-overview

Cloud Computing Developers Container Service Kubernetes cloud native ACK Observability Cluster Management ACK One
0 1 0
Share on

Read previous post:

OpenYurt v1.5 Officially Released, Optimizing Multi-region Workload Lifecycle Management

Read next post:

Interpreting Data Acceleration in the Era of Large Models: Balancing Performance, Stability, and Consistency

Alibaba Container Service

160 posts | 29 followers

You may also like

Comments

Alibaba Container Service

160 posts | 29 followers

Related Products

More Posts by Alibaba Container Service

See All