All Products
Search
Document Center

Container Service for Kubernetes:PropagationPolicy and OverridePolicy

Last Updated:Oct 10, 2024

Distributed Cloud Container Platform for Kubernetes (ACK One) Fleet instances propagate applications based on the PropagationPolicy and OverridePolicy. The PropagationPolicy is used to define which resources need to be propagated to which clusters. The OverridePolicy is used to define which configurations to be overridden when resources are propagated to different clusters. This topic describes how to configure the PropagationPolicy and OverridePolicy.

PropagationPolicy

You can define the PropagationPolicy and ClusterPropagationPolicy to propagate multi-cluster applications. The PropagationPolicy and ClusterPropagationPolicy are designed based on the open source project Karmada and are compatible with the ClusterPropagationPolicy and PropagationPolicy APIs of Karmada.

  • ClusterPropagationPolicy: This policy allows you to propagate cluster-wide resources, including PersistentVolume, StorageClass, Namespace, and CustomResourceDefinition. This policy also allows you to propagate resources in any namespace other than the system reserved namespaces. For more information about the role-based access control (RBAC) permissions required for propagating resources, see RBAC permissions on Fleet instances.

  • PropagationPolicy: This policy allows you to propagate namespace-wide resources. Only resources in the namespace specified by the policy are propagated.

In the following section, the PropagationPolicy that propagates applications based on static weights is used as an example to describe how to configure a propagation policy.

apiVersion: one.alibabacloud.com/v1alpha1
kind: PropagationPolicy
metadata:
  name: example
  namespace: demo
spec:
  resourceSelectors:
  - apiVersion: apps/v1
    kind: Deployment
    name: demo-deploy
  - apiVersion: v1
    kind: ConfigMap
    name: demo-cm
  - apiVersion: apps/v1
    kind: Deployment
    labelSelector:
      matchExpressions:
      - key: app
        operator: In
        values:
        - xxxx
  prune: false
  conflictResolution: abort
  placement:
    clusterAffinity:
      clusterIds:
      -cxxxxx # The ID of your cluster. 
      -cxxxxx # The ID of your cluster. 
    replicaScheduling:
      replicaSchedulingType: Divided
      replicaDivisionPreference: Weighted
      weightPreference:
        staticWeightList:
        - targetCluster:
            clusterIds:
            - cxxxxx
          weight: 2
        - targetCluster:
            clusterIds:
            - cxxxxxx
          weight: 1

Parameters

Parameter

Required

Description

Example

apiVersion

Yes

The API version information.

The value is fixed to one.alibabacloud.com/v1alpha1.

kind

Yes

The type of the policy. Valid values: PropagationPolicy and ClusterPropagationPolicy.

  • ClusterPropagationPolicy: This policy allows you to propagate cluster-wide applications and applications in any namespace other than the system reserved namespaces.

  • PropagationPolicy: This policy allows you to propagate applications only in the namespace specified by the policy.

PropagationPolicy

namespace

No

If you set the kind parameter to PropagationPolicy, you must specify an existing namespace.

demo

name

No

The name of the propagation policy.

policy-xxxx

resourceSelectors

No

Select one or more Kubernetes resources that you want to propagate. For more information, see resourceSelector.

resourceSelectors:
-apiVersion: apps/v1
 kind: Deployment
 name: nginx
-apiVersion: v1
 kind: ConfigMap
 name: cm

placement

Yes

  • clusterAffinity: specifies the clusters to which applications are propagated. For more information, see clusterAffinity.

  • replicaScheduling: specifies the scheduling policy for resources that create pods, such as Deployments and StatefulSets. For more information, see replicaScheduling.

placement:
    clusterAffinity:
      clusterIds:
      - ${cluster1-id}
      - ${cluster2-id}
  replicaScheduling:
    replicaSchedulingType: Divided
replicaDivisionPreference: Weighted
weightPreference:
staticWeightList:
- targetCluster:
    clusterIds:
    - ${cluster1-id}
  weight: 2
- targetCluster:
    clusterIds:
    - ${cluster2-id}
  weight: 1

prune

Yes

Specifies whether to delete the resources after the Policy object is deleted. Default value: false.

false

conflictResolution

Yes

The policy used to handle resource propagation conflicts. Valid values: Overwrite and Abort.

  • Overwrite: If a resource with the same name already exists in the cluster, the resource is overwritten.

  • Abort: If a resource with the same name already exists in the cluster, the propagation of the resource is stopped.

Abort

resourceSelector

Parameter

Required

Description

Example

apiVersion

Yes

The version of the resource propagation API.

v1

kind

Yes

The type of resource to propagate.

Deployment

namespace

No

The namespace of the propagated resource.

Note

If you use the PropagationPolicy, set the parameter to the namespace specified by the policy. Otherwise, this parameter does not take effect.

demo

name

No

The name of the propagated resource.

Any name

labelSelector

No

Select the resources to be propagated by using a label selector.

  • matchLabels: Specify key-value pairs.

  • matchExpressions: Specify an array. Each element consists of the key, operator, and values parameters.

labelSelector:
  matchLabels:
    region: A
    az: zone0
  matchExpressions:
  - key: app
    operator: In
    values:
    - nginx

clusterAffinity

Parameter

Required

Description

Example

clusterIds

No

The IDs of the clusters to which you want to propagate resources.

clusterIds:
- cxxxx
- cxxxx

excludeClusters

No

The IDs of the clusters that you want to exclude.

excludeClusters:
- cxxxx
- cxxxx

labelSelector

No

Select clusters by using a label selector.

labelSelector:
  matchLabels:
    region: A
    az: zone0
  matchExpressions:
  - key: app
    operator: In
    values:
    - nginx

replicaScheduling

Parameter

Required

Description

Example

replicaSchedulingType

No

The pod scheduling policy. Valid values: Duplicated or Divided.

  • Duplicated: replicates pods to each cluster.

  • Divided: schedules pods based on the weight of each cluster. The total number of pods in all associated clusters is equal to the number of pods specified in spec of the application on the Fleet instance.

Duplicated

replicaDivisionPreference

No

The policy for dividing pods. If you set the value to weighted, pods are scheduled based on weights.

weighted

weightPreference

No

staticWeightList is an array. Each element consists of the clusterAffinity and weight parameters.

  • clusterAffinity: specifies the clusters to which applications are propagated. For more information, see clusterAffinity.

  • weight: specifies the weight of the selected cluster. A larger value indicates that a larger number of pods are scheduled to the cluster.

The following example shows that the weight of cluster1 is 2 and the weight of cluster2 is 1. If the total number of pods is three, two pods are scheduled to cluster1 and one pod is scheduled to cluster2.

weightPreference:
  staticWeightList:
  - targetCluster:
  clusterIds:
  - ${cluster1-id}
  weight: 2
  - targetCluster:
  clusterIds:
  - ${cluster2-id}
  weight: 1

OverridePolicy

During application propagation, some clusters may require different configurations. The OverridePolicy can be used to override resources that are propagated to different clusters. You can define the ClusterOverridePolicy and OverridePolicy. The ClusterOverridePolicy and OverridePolicy are designed based on the open source project Karmada and are compatible with the ClusterOverridePolicy

and OverridePolicy APIs of Karmada.

  • ClusterOverridePolicy: This policy allows you to override cluster-side resources, including PersistentVolume, StorageClass, Namespace, and CustomResourceDefinition. You can also override resources in any namespace other than the system reserved namespaces.

  • OverridePolicy: This policy allows you to override namespace-wide resources. You can override only resources in the namespace specified by the policy.

In the following section, the OverridePolicy is used as an example to describe how to configure an override policy.

apiVersion: one.alibabacloud.com/v1alpha1
kind: OverridePolicy
metadata:
  name: demo
  namespace: demo
spec:
  resourceSelectors:
    - apiVersion: apps/v1
      kind: Deployment
      name: example
  overrideRules:
    - targetCluster:
        clusterIds:
          -cxxxxx # The ID of your cluster. 
      overriders:
        plaintext:
          - operator: replace
            path: /spec/replicas
            value: 1
        imageOverrider:
          - component: Registry
            operator: add
            value: registry.cn-hangzhou.aliyuncs.com/xxxx

Parameters

Parameter

Required

Description

Example

apiVersion

Yes

The API version information.

The value is fixed to one.alibabacloud.com/v1alpha1.

kind

Yes

The type of the override policy. Valid values: ClusterOverridePolicy and OverridePolicy.

  • ClusterOverridePolicy: This policy allows you to override cluster-wide resources and resources in any namespace other than the system reserved namespaces.

  • OverridePolicy: This policy allows you to override only resources in the namespace specified by the policy.

OverridePolicy

namespace

No

If you set the kind parameter to OverridePolicy, you must specify an existing namespace.

demo

name

Yes

The name of the override policy.

Any name

resourceSelectors

Yes

The resourceSelector array. For more information, see resourceSelector.

resourceSelectors:
-apiVersion: apps/v1
  kind: Deployment
  name: nginx
-apiVersion: v1
  kind: ConfigMap
  name: cm

overrideRules

Yes

The ruleWithCluster array. For more information, see ruleWithCluster.

overrideRules:
    - targetCluster:
        clusterNames:
          - ${cluster1-id}
      overriders:
        imageOverrider:
          - component: Registry
            operator: add
            value: registry.cn-hangzhou.aliyuncs.com

resourceSelector

Parameter

Required

Description

Example

apiVersion

Yes

Set to the apiVersion of the resource propagation API.

v1

kind

Yes

The type of resource to propagate.

Deployment

namespace

No

The namespace of the propagated resource.

Note

If you use the OverridePolicy, set the parameter to the namespace specified by the policy. Otherwise, this parameter does not take effect.

demo

name

No

The name of the propagated resource.

Any name

labelSelector

No

Select the resources that you want to propagate by using a label selector.

labelSelector:
  matchLabels:
    region: A
    az: zone0
  matchExpressions:
  - key: app
    operator: In
    values:
    - nginx

clusterAffinity

Parameter

Required

Description

Example

clusterIds

No

The IDs of the clusters to which you want to propagate resources.

clusterIds:
- cxxxx
- cxxxx

excludeClusters

No

The IDs of the clusters that you want to exclude.

excludeClusters:
- cxxxx
- cxxxx

labelSelector

No

Select clusters by using a label selector.

labelSelector:
  matchLabels:
    region: A
    az: zone0
  matchExpressions:
  - key: app
    operator: In
    values:
    - nginx

ruleWithCluster

Parameter

Required

Description

Example

targetCluster

Yes

Select clusters based on the clusterAffinity parameter. For more information, see resourceSelector.

  clusterAffinity:
      clusterIds:
      -cxxxxx # The ID of your cluster. 
      -cxxxxx # The ID of your cluster.

overriders

Yes

The overriders array, which contains override rules. Valid values: image and plaintext. For more information, see overriders.

  • plaintext: You can override resources by using the path, value, and operator parameters of JSONPatch.

  • imageOverrider: You can override images.

overriders:
  imageOverrider:
    - component: Registry
      operator: add
      value: registry.cn-hangzhou.aliyuncs.com

overriders

Parameter

Required

Description

Example

imageOverrider

No

The method used to override images.

  • predicate: Optional. The path of the image that you want to override, such as /spec/template/spec/containers/0/image. If you leave this parameter empty, all images are overridden.

  • component: Use one of the following methods to override images: Registry, Repository, and Tag. Images are specified in the [registry/]repository[:tag] format.

  • operator: You can set this parameter to remove, add, or replace.

  • value: If the operator parameter is set to replace or add, the value is new.

imageOverrider:
  - component: Registry
    operator: add
    value: registry.cn-hangzhou.aliyuncs.com

plaintext

No

Override resources by using JSONPatch.

  • path: the path of the field to be overridden.

  • value: the value of the field. If the operator parameter is set to remove, leave this parameter empty.

  • operator: You can set this parameter to remove, add, or replace.

plaintext:
  - operator: replace
    path: /spec/replicas
    value: 1

References

For more information about how to create an application on a Fleet instance and how to propagate the application to multiple clusters by configuring the PropagationPolicy or OverridePolicy, see Get started with application distribution.