If your businesses are deployed in a Kubernetes cluster that runs in a data center or on a third-party public cloud and you want to use cloud computing to implement zone-disaster recovery for business high availability, you can use Distributed Cloud Container Platform for Kubernetes (ACK One) provided by Alibaba Cloud. ACK One allows you to centrally manage traffic, applications, and clusters, route traffic across clusters, and seamlessly perform traffic failovers. This topic describes how to use ACK One to quickly build a zone-disaster recovery system in a hybrid cloud environment.
Architecture of zone-disaster recovery in a hybrid cloud environment
The preceding figure shows a zone-disaster recovery system developed based on a registered cluster, Fleet instance (GitOps is optional), and multi-cluster gateway of ACK One in a hybrid cloud environment.
Resources on Alibaba Cloud are deployed in virtual private cloud (VPC) 1. A Container Service for Kubernetes (ACK) cluster is created in AZ1 and a registered cluster is created in AZ2.
Connect a Kubernetes cluster deployed in a data center or on a third-party public cloud to the registered cluster. Use an Express Connect circuit to connect the data center to the VPC for communication.
Associate the ACK cluster and registered cluster with the Fleet instances in VPC 1. Use ACK One GitOps to distribute an application to the ACK cluster and registered cluster.
On the Fleet instance, configure the MseIngressConfig to create a Microservices Engine (MSE) gateway and add clusters to the gateway. Then, create an Ingress and configure traffic routing rules on the Fleet instance to manage north-south traffic and implement zone-disaster recovery.
Procedure for building a zone-disaster recovery system in a hybrid cloud environment
Step 1: Design the network and create a Fleet instance
The Fleet instance, ACK cluster, and registered cluster must be deployed in the same VPC.
The ACK cluster and registered cluster must reside in different zones.
For more information about network design for Fleet management, see Network design for Fleet management.
Step 2: Use a registered cluster to manage Kubernetes clusters deployed in a data center or on a third-party public cloud
For more information about cluster management, see Use registered clusters to manage external Kubernetes clusters in a centralized manner. To use a registered cluster to manage external Kubernetes clusters, perform the following steps.
Create a registered cluster.
Configure a YAML file to connect your Kubernetes cluster to the registered cluster.
If you want to use elastic resources on the cloud through the registered cluster, refer to Build a hybrid cloud cluster and add ECS instances to the cluster and Schedule pods to elastic container instances that are deployed as virtual nodes.
To withstand unexpected traffic spikes, you can configure high availability settings for elastic container instances. For more information, see Create ECIs across zones.
Step 3: Connect an on-premises network to a VPC
For more information about how to connect an on-premises network to a VPC, see Network connectivity.
For more information about how to use an Express Connect circuit to connect an on-premises network to the cloud, see Overview of hybrid networks. Procedure:
Use an Express Connect circuit to connect the on-premises network to Alibaba Cloud.
For more information about the corresponding solution, see Physical Connection.
Create a connection over an Express Connect circuit to connect edge devices in the data center to a virtual border router (VBR) that functions as a gateway in the cloud.
Attach the VBR and VPC to a Cloud Enterprise Network (CEN) instance.
Configure BGP on the VBR and in the data center.
Test the network connectivity between the cloud network and on-premises network.
Configure routes that point to the private CIDR blocks used by the cloud services to communicate with the on-premises network. For more information about the operations, see the following topics:
Container Registry: Add routes that point to the private address if ACK component images
Managed Service for Prometheus: VPC endpoints and the corresponding CIDR blocks of Managed Service for Prometheus.
Object Storage Service (OSS): Internal endpoints of OSS buckets and VIP ranges.
Step 4: Connect the registered cluster and ACK cluster to the Fleet instance
For more information, see Manage associated clusters.
Step 5: Use GitOps to distribute an application to multiple clusters
For more information, see Use GitOps to distribute an application to multiple clusters.
Step 6: Use the multi-cluster gateway to implement zone-disaster recovery
For more information, see Use multi-cluster gateways to implement zone-disaster recovery. To do this, you need to perform the following steps.
Enable the multi-cluster gateway feature on the Fleet instance.
Configure the MseIngressConfig to create a gateway on the Fleet instance and add the ACK cluster and registered cluster to the gateway.
Create an Ingress on the Fleet instance to implement zone-disaster recovery.
References
For more information about ACK One, see ACK One overview.