All Products
Search
Document Center

Container Service for Kubernetes:Manage gateways

Last Updated:Nov 14, 2024

This topic describes how to enable and disable the multi-cluster gateway feature on a Distributed Cloud Container Platform for Kubernetes (ACK One) Fleet instance and how to connect associated clusters to a multi-cluster gateway.

Billing

You are charged for using multi-cluster gateways. For more information about the billing of multi-cluster gateways, see Billing overview.

Prerequisites

Enable the multi-cluster gateway feature

Use the console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Gateways.

  2. On the Multi-cluster Gateway page, click Enable Multi-cluster Gateway. In the message that appears, click OK.

Use the CLI

  1. Make sure that Alibaba Cloud CLI is up-to-date and run the following command to enable the multi-cluster gateway feature.

    Replace <YOUR_FLEET_CLUSTERID> with the ID of your Fleet instance.

    aliyun adcp UpdateHubClusterFeature --ClusterId <YOUR_FLEET_CLUSTERID> --GatewayEnabled true
  2. Run the following command to check whether the multi-cluster gateway feature is enabled:

    aliyun adcp DescribeHubClusterDetails --ClusterId <YOUR_FLEET_CLUSTERID> |grep -B4 -A1 EnabledMSE`

    Expected output: If the value of the Status parameter is True, the multi-cluster gateway feature is enabled.

    			{
    				"Message": "",
    				"Reason": "",
    				"Status": "True",
    				"Type": "EnabledMSE"
    			},

Create a multi-cluster gateway

Use the console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Gateways.

  2. In the upper-right corner of the Multi-cluster Gateway page, click Create Gateway.

  3. In the panel that appears, modify the YAML file that is used to create the multi-cluster gateway based on your business requirements and click Create.

Use the CLI

  1. Obtain and record the vSwitch ID of the ACK One Fleet instance.

    1. Run the following command to query the vSwitch ID:

    aliyun adcp DescribeHubClusterDetails --ClusterId <YOUR_FLEET_CLUSTERID>
    1. Record the vSwitch ID in the VSwitches field of the output.

  2. Create a file named mseingressconfig.yaml and add the following content to the file.

    Replace ${vsw-id1} with the vSwitch ID that you recorded. You can add an annotation to the gateway configuration file to specify the associated clusters that you want to add to the gateway.

    apiVersion: mse.alibabacloud.com/v1alpha1
    kind: MseIngressConfig
    metadata:
      name: ackone-gateway
      # Connect associated clusters to the MSE gateway. 
      #annotations:
      #  mse.alibabacloud.com/remote-clusters: ${cluster1},${cluster2}
    spec:
      common:
        instance:
          replicas: 3
          spec: 2c4g
        network:
          # You can configure both an Internet-facing Server load Balancer (SLB) instance and an internal-facing SLB instance. If no SLB instance is specified, an Internet-facing SLB instance is used by default. 
          #publicSLBSpec: slb.s2.small
          #privateSLBSpec: slb.s2.small
          vSwitches:
          - ${vsw-id1}
      ingress:
        local:
          ingressClass: mse
      name: mse-ingress
  3. Run the following command to create a gateway named mse-ingress on the ACK One Fleet instance:

    kubectl apply -f mseingressconfig.yaml
  4. Run the following command to check whether the gateway is created:

    kubectl get mseingressconfig ackone-gateway

    Expected output:

    NAME             STATUS      AGE
    ackone-gateway   Listening   3m15s

    The output indicates that the gateway is in the Listening state. This means that the cloud-native gateway is created and running. The gateway listens on Ingresses whose IngressClasses are mse.

    The status of a gateway created from an MseIngressConfig changes in the following order: Pending, Running, and Listening. State description:

    • Pending: The cloud-native gateway is being created. This process may take about 3 minutes.

    • Running: The cloud-native gateway is created and running.

    • Listening: The cloud-native gateway is running and listens on Ingresses.

    • Failed: The cloud-native gateway is invalid. You can check the message in the Status field to troubleshoot the issue.

Add or remove associated clusters

Use the console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Gateways.

  2. In the upper part of the Multi-cluster Gateway page, select the multi-cluster gateway that you want to manage from the Select a gateway drop-down list and click Modify in the upper-right corner.

  3. In the ModifyGateway panel, modify the MseIngresConfig.yaml file. Modify the cluster IDs in the annotations parameter and click Update.

    Sample code:

    annotations:
      mse.alibabacloud.com/remote-clusters: ${cluster1-id},${cluster2-id}
    • ${cluster1-id} and ${cluster2-id} are the IDs of the associated clusters. Separate multiple cluster IDs with commas (,). You can modify the cluster IDs to add or remove associated clusters.

    • If you do not add associated clusters to a multi-cluster gateway when you create the multi-cluster gateway, the MseIngresConfig.yaml file does not have the annotations parameter. To add specified associated clusters to the multi-cluster gateway, you must add the preceding code to the metadata object in the MseIngresConfig.yaml file and then modify the cluster IDs.

Use the CLI

  1. You can modify the corresponding annotation in the mseingressconfig object of the ACK One Fleet instance to add or remove associated clusters. Replace ${cluster1-id} and ${cluster2-id} with the IDs of the associated clusters. Separate multiple cluster IDs with commas (,).

    annotations:
      mse.alibabacloud.com/remote-clusters: ${cluster1-id},${cluster2-id}
  2. Run the following command to check whether the associated clusters are added to the multi-cluster gateway:

    kubectl get mseingressconfig ackone-gateway -ojsonpath="{.status.remoteClusters}"

    Expected output:

    [{"clusterId":"c7fb82****"},{"clusterId":"cd3007****"}]

    The output indicates the IDs of the associated clusters and that no failure message is returned. This means that the associated clusters are added to the multi-cluster gateway.

  3. Run the following command to query the associated clusters that are added to the multi-cluster gateway:

    kubectl get mseingressconfig ackone-gateway
  4. Run the following command to add more associated clusters or remove associated clusters.

    mse.alibabacloud.com/remote-clusters=${cluster1},${cluster2} indicates the associated clusters that you want to add to the multi-cluster gateway.

    kubectl annotate mseingressconfig ackone-gateway mse.alibabacloud.com/remote-clusters=${cluster1},${cluster2} --overwrite=true

Disable the multi-cluster gateway feature

Important
  • Deleting multi-cluster gateways can adversely affect your businesses. Proceed with caution.

  • If you no longer need multi-cluster gateways, you can delete the multi-cluster gateways and then disable the multi-cluster gateway feature to avoid wasting resources.

Use the console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Gateways.

  2. In the upper part of the Multi-cluster Gateway page, select the multi-cluster gateway that you want to manage from the Select a gateway drop-down list and click Delete in the upper-right corner.

  3. In the dialog box that appears, enter the name of the multi-cluster gateway that you want to delete and click Delete.

  4. Confirm that all multi-cluster gateways within the ACK One Fleet instance are deleted and click Disable in the upper-right corner of the page.

  5. In the message that appears, click OK.

Use the CLI

  1. Run the following command to delete a multi-cluster gateway:

    kubectl delete mseingressconfig ackone-gateway
  2. Run the following command to disable the multi-cluster gateway feature:

    aliyun adcp UpdateHubClusterFeature --ClusterId <YOUR_FLEET_CLUSTERID> --GatewayEnabled false