By Jing Cai
For businesses currently running in Internet Data Center (IDC) Kubernetes clusters and looking to provide high-availability redundant capabilities for on-premises businesses through cloud computing, Alibaba Cloud's Distributed Cloud Container Platform ACK One [1] can be used to centrally manage traffic, applications, and clusters. This platform enables the routing of business traffic across multiple clusters and ensures automatic smooth disaster recovery. This article primarily focuses on using ACK One to quickly build a hybrid cloud disaster recovery system.
Generally, building a hybrid cloud disaster recovery system requires five steps:
The ACK One is an enterprise-level cloud-native platform provided by Alibaba Cloud for scenarios such as hybrid cloud, multiple clusters, distributed computing, and disaster recovery. ACK One enables connection and management of Kubernetes clusters in any region and on any infrastructure while providing consistent management and community-compatible APIs for computing, network, storage, security, monitoring, logs, jobs, applications, and traffic.
The ACK One registered clusters[2] help connect on-premises Kubernetes clusters to the cloud, facilitating the quick setup of hybrid cloud clusters. This allows local data center Kubernetes clusters or those from other cloud vendors to be linked to the Alibaba Cloud Container Service management platform. It plays a crucial role in hybrid cloud scenarios.
ACK One Fleet [3] serves as a centralized portal for managing multi-clusters, providing developers with capabilities such as multi-cluster GitOps application distribution, traffic management, and centralized O&M. It is built on mature open-source community projects Argo CD[4] and Open Cluster Management[5], ensuring product openness and reducing a considerable amount of O&M work, allowing you to focus on application development.
ACK One multi-cluster gateways [6] are cloud-native gateways that manage Layer 7 north-south traffic in multi-cloud and multi-cluster environments. These gateways utilize Ingress APIs to define traffic routing rules, supporting various capabilities across multiple clusters such as HTTP routing, traffic splitting, health-based automatic smooth disaster recovery, traffic mirroring, and traffic load balancing based on the number of replicas.
ACK One GitOps [8] manages ArgoCD in the Fleet instance and integrates capabilities such as multiple clusters in ACK One and Alibaba Cloud RAM SSO to implement a simple and secure multi-cluster GitOps continuous delivery.
The preceding figure shows the active zone-redundancy disaster recovery system for applications in hybrid cloud scenarios based on ACK One registered clusters, multi-cluster Fleets (GitOps optional), and multi-cluster gateways.
• All Alibaba Cloud resources are in one VPC (VPC 1 in the figure). You can create ACK clusters in AZ1 and registered clusters in AZ2.
• You can register Kubernetes clusters deployed on IDC or third-party clouds to Alibaba Cloud by using the registered clusters, and you can use an Express Connect circuit to connect the IDC and VPC network and ensure the interconnection between the cloud and on-premises networks.
• You can associate ACK clusters and registered clusters with the ACK One Fleet instance in the same VPC (VPC 1) and distribute the application to ACK clusters and registered clusters through ACK One GitOps.
• In ACK One Fleet, you can create MSE gateways through MseIngressConfig and add clusters to the gateways. Then, you can create an Ingress in Fleet to configure traffic routing rules to manage the north-south traffic, including the implementation of zone-disaster recovery.
• This article is aimed at the highly available solution of multi-cluster deployment of applications and business traffic, which does not involve databases and middleware. For more information, see Alibaba Cloud database and middleware documentation, such as Overview of data synchronization: https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/overview-of-data-synchronization
First, you need to plan the hybrid cloud network: the ACK One Fleet, ACK clusters, and registered clusters need to be on the same VPC, while ACK clusters and registered clusters need to be in different AZs. For more information about Fleet management network planning, see Network design for Fleet management[9].
Then, you can build a hybrid cloud zone-disaster recovery system according to the following steps:
In this step, you need to register your Kubernetes clusters deployed on IDC or third-party clouds to Alibaba Cloud. You need to create a registered cluster in ACK/ACK One and import proxy configuration YAML through the cluster provided in the cluster connection information to connect your on-premises Kubernetes clusters to the registered cluster. For more information, see Use registered clusters to centrally manage external Kubernetes clusters[10].
If your on-premises clusters also need to migrate workloads to the cloud, see Build a hybrid cloud cluster and add ECS instances to the cluster (ECS) [11] and Scale out elastic container instances (ECI) [12]. To cope with a large number of emergencies, you can configure high availability for the ECI. For more information, see Create ECIs across zones [13].
After Kubernetes clusters deployed on IDC or third-party cloudsare connected, the status of the registered cluster changes to Running.
To build a hybrid cloud zone-disaster recovery system, you need to use multi-cluster gateways to centrally manage the traffic of the cloud and on-premises application pods. Therefore, you need to connect the IDC network to the VPC where the multi-cluster gateways are located (the same ACK One Fleet and the same VPC by default). For more information about how to connect the IDC network to the VPC network, see Network connection overview [14]. We recommend that you use the Express Connect circuit to connect the cloud and on-premises networks. For more information, see Overview of hybrid networks [15]. The main process steps are described as follows:
Create a Fleet in the ACK One console [17] and associate the registered cluster with the newly created ACK cluster, as shown in the following figure:
This step is mainly to deploy your applications in your ACK clusters and the on-premises clusters. You can use GitOps to manage your multi-cluster applications. For more information, see Use GitOps to distribute a web-demo application to multiple clusters [18].
After the application is distributed, you can view the status of your applications and resources in the GitOps console. Make sure that the applications in the two clusters are in the same namespace (the multi-cluster gateways need to have the same service name and the same namespace). The following is the status of web-demo in ACK clusters:
Finally, use the multi-cluster gateways to manage multi-cluster traffic and implement application zone-disaster recovery according to the following steps. For more information, see Zone-disaster recovery based on multi-cluster gateway [19].
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-demo
namespace: web-demo
spec:
ingressClassName: mse
rules:
- host: example.com
http:
paths:
- path: /svc1
pathType: Exact
backend:
service:
name: service1
port:
number: 80
ACK One provides complete multi-cluster management capability, allowing for one-stop application management from cluster access to application distribution and traffic management. In hybrid cloud scenarios, registered clusters also support on-demand scheduling of cloud computing power in a serverless manner (such as ECI) to cope quickly with large-scale service bursts without the need for O&M nodes, focusing on applications themselves. GitOps facilitates the easy management of cloud and on-premises cluster applications and the construction of automated CI/CD pipelines, facilitating application upgrades and O&M. Multi-cluster gateways offer powerful traffic management capability, allowing for centralized management of north-south traffic from multiple clusters, reducing the cost of separately managing multiple clusters, decreasing architectural complexity, and enhancing traffic management efficiency.
[1] ACK One overview
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/product-overview/ack-one-overview
[2] ACK One registered clusters
https://www.alibabacloud.com/help/en/ack/overview-9
[3] ACK One Fleet
https://www.alibabacloud.com/help/en/ack/fleet-management-overview
[4] Argo CD
https://argoproj.github.io/cd/
[5] Open Cluster Management
https://open-cluster-management.io/
[6] ACK One multi-cluster gateways
https://www.alibabacloud.com/help/en/ack/multi-cluster-gateway-overview
[7] MSE Ingress
https://www.alibabacloud.com/help/en/mse/user-guide/overview-of-mse-ingress-gateways#task-2193958
[8] ACK One GitOps
https://www.alibabacloud.com/help/en/ack/gitops-overview?spm=a2c4g.11186623.0.0.1f6759e4A2m8gU
[9] Network design for Fleet management
https://www.alibabacloud.com/help/en/ack/fleet-management-network-planning
[10] Use registered clusters to centrally manage external Kubernetes clusters
https://www.alibabacloud.com/help/en/ack/use-registered-clusters-to-centrally-manage-external-kubernetes-clusters
[11] Build a hybrid cloud cluster and add ECS instances to the cluster (ECS)
https://www.alibabacloud.com/help/en/ack/build-a-hybrid-cloud-cluster-and-add-ecs-instances-to-the-cluster#task-2249354
[12] Scale out elastic container instances (ECI)
https://www.alibabacloud.com/help/en/ack/scale-out-elastic-container-instances#task-2489901
[13] Create ECIs across zones
https://www.alibabacloud.com/help/en/ack/serverless-kubernetes/user-guide/create-ecis-across-zones
[14] Network connection overview
https://www.alibabacloud.com/help/en/vpc/user-guide/network-connection-overview?spm=a2c4g.11186623.0.0.3a557755mYSyRf#section-fdz-nsk-w2b
[15] Overview of hybrid networks
https://www.alibabacloud.com/help/en/ack/overview-of-hybrid-networks?spm=a2c4g.11186623.0.0.64fb2fdaU19Ju1
[16] Physical connection
https://www.alibabacloud.com/help/en/express-connect/user-guide/physical-connection/
[17] ACK One console
https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fcs.console.aliyun.com%2Fone%3Fspm%3Da2c4g.11186623.0.0.234c3163R6h8Fu
[18] Use GitOps to distribute a web-demo application to multiple clusters
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/use-cases/zone-disaster-recovery-based-on-multi-cluster-gateway
[19] Zone-disaster recovery based on multi-cluster gateway
https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/use-cases/zone-disaster-recovery-based-on-multi-cluster-gateway
ACK One Argo Workflows: Implementing Dynamic Fan-out/Fan-in Task Orchestration
Disaster Recovery Architecture and Solution Based on Kubernetes Clusters
164 posts | 29 followers
FollowAlibaba Container Service - June 13, 2024
Alibaba Container Service - May 16, 2024
Alibaba Cloud Native - April 28, 2022
Alibaba Cloud Community - October 9, 2022
Alibaba Clouder - April 14, 2021
Alibaba Cloud Native - October 16, 2023
164 posts | 29 followers
FollowAlibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreProvides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreAccelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreHighly reliable and secure deployment solutions for enterprises to fully experience the unique benefits of the hybrid cloud
Learn MoreMore Posts by Alibaba Container Service