Getting started with application distribution - Container Service for Kubernetes

Distributed Cloud Container Platform for Kubernetes (ACK One) Fleet provides the application distribution feature. You can use this feature to distribute applications from a Fleet instance to multiple clusters that are associated with the Fleet instance. This simplifies application distribution without the need to rely on Git repositories. This topic describes how to create an application on a Fleet instance and distribute the application to multiple clusters based on a PropagationPolicy.

Prerequisites

The Fleet management feature is enabled. For more information, see Enable multi-cluster management.
Multiple clusters are associated with the Fleet instance. For more information, see Manage associated clusters.
The kubeconfig file of the Fleet instance is obtained in the Distributed Cloud Container Platform for Kubernetes (ACK One) console and a kubectl client is connected to the Fleet instance.
The AliyunAdcpFullAccess policy is attached to a Resource Access Management (RAM) user. For more information, see Grant permissions to RAM users.
The AMC command-line tool is installed. For more information, see Use AMC command line.

(Optional) Step 1: Create a namespace on a Fleet instance

If the namespace of the application that you want to distribute does not exist on the Fleet instance, create a namespace on the Fleet instance. If the namespace exists, skip this step.

Use the kubeconfig file of the Fleet instance to connect to the Fleet instance and run the following command to create a sample namespace named demo:

kubectl create namespace demo

Step 2: Create an application on the Fleet instance

The application supports resources such as ConfigMaps, Deployments, and Services. This topic describes how to distribute an NGINX Deployment.

Create a file named web-demo.yaml and add the following content to the file:

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: demo
  name: web-demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web-demo
  template:
    metadata:
      labels:
        app: web-demo
    spec:
      containers:
      - name: nginx
        image: registry-cn-hangzhou.ack.aliyuncs.com/acs/web-demo:0.5.0
        ports:
        - containerPort: 80

Run the following command to deploy the application:
```
kubectl apply -f web-demo.yaml
```

Step 3: Create a PropagationPolicy for the Fleet instance to distribute applications to multiple clusters

You can define a PropagationPolicy to select the applications that you want to distribute and the corresponding clusters. After you create a PropagationPolicy, the matched applications are distributed to the clusters.

In this example, a Deployment named weighted-deployment is distributed to Cluster1 and Cluster2 in a duplicated manner. Each cluster has three replicas.

Run the following command to obtain the ID of the sub-cluster managed by the Fleet instance:

kubectl get mcl

Expected output:

NAME                                HUB ACCEPTED   MANAGED CLUSTER URLS   JOINED   AVAILABLE   AGE
cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx   true                                  True     True        3d23h
cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx   true                                  True     True        5d21h

Create a file named propagationpolicy.yaml and add the following content to the file:

Note

ClusterPropagationPolicy allows you to distribute cluster-wide resources. PropagationPolicy allows you to distribute namespace-wide resources.

apiVersion: policy.one.alibabacloud.com/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: web-demo
spec:
  resourceSelectors:
  - apiVersion: v1
    kind: Namespace
    name: demo
  placement:
    clusterAffinity:
      clusterNames:
      - ${cluster1-id} # The ID of your cluster.
      - ${cluster2-id} # The ID of your cluster.
    replicaScheduling:
      replicaSchedulingType: Duplicated
---
apiVersion: policy.one.alibabacloud.com/v1alpha1
kind: PropagationPolicy
metadata:
  name: web-demo
  namespace: demo
spec:
  preserveResourcesOnDeletion: true # Set this parameter to true. When you delete resources from the Fleet instance, the resources in the sub-cluster are retained. If you want to delete resources from the sub-cluster at the same time, set this parameter to false. 
  resourceSelectors:
  - apiVersion: apps/v1
    kind: Deployment
    name: web-demo
    namespace: demo
  placement:
    clusterAffinity:
      clusterNames:
      - ${cluster1-id} # The ID of your cluster.
      - ${cluster2-id} # The ID of your cluster.
    replicaScheduling:
      replicaSchedulingType: Duplicated

The following table describes the parameters. For more information, see PropagationPolicy.

Parameter	Description	Example
resourceSelectors	Select one or more Kubernetes resources that you want to distribute.	`apiVersion`: Required. The apiVersion of the resource that you want to distribute. `kind`: Required. The type of the resource that you want to distribute. `Name`: The name of the resource that you want to distribute. `namespace`: The namespace of the resource that you want to distribute. Note A `PropagationPolicy` allows you to select resources only in the namespace in which the policy resides. `labelSelector`: Select resources by using labels.
placement	`clusterAffinity`: The cluster that you want to distribute resources.	The IDs of the clusters to which you want to distribute resources. For more information about other options, see PropagationPolicy. Note Enter the cluster ID instead of the cluster name.
placement	`replicaScheduling`: The scheduling policy for resources that create pods. Examples: Deployment, StatefulSet, and Job.	The value of the `replicaSchedulingType` parameter is Duplicated, which specifies that each resource is replicated to the cluster. The number of replicas in each cluster is configured by using the `spec.Replicas` parameter. For more information, see PropagationPolicy.

Run the following command to create a PropagationPolicy:
```
kubectl apply -f propagationpolicy.yaml
```

(Optional) Step 4: Create a OverridePolicy on the Fleet instance

You can configure a OverridePolicy to meet the deployment requirements of different clusters and resources. After you create a OverridePolicy, resources are modified before they are deployed to the selected cluster.

In this example, the number of replicas is changed to 1 and the registry of the image is changed to the registry of Alibaba Cloud.

Create a file named overridepolicy.yaml and add the following content to the file:

apiVersion: policy.one.alibabacloud.com/v1alpha1
kind: OverridePolicy
metadata:
  name: example
  namespace: demo
spec:
  resourceSelectors:
    - apiVersion: apps/v1
      kind: Deployment
      name: web-demo
  overrideRules:
    - targetCluster:
        clusterNames:
          - ${cluster2-id}
      overriders:
        plaintext:
          - operator: replace
            path: /spec/replicas
            value: 1
        imageOverrider:
          - component: Registry
            operator: add
            value: {{Registry}}

The following table describes the parameters. For more information, see OverridePolicy.

Parameter	Description	Example
resourceSelector	Select the resource that you want to override.	`apiVersion`: Required. The apiVersion of the resource that you want to override. `kind`: Required. The type of the resource that you want to override. `name`: The name of the resource that you want to override. `namespace`: The namespace that you want to override. Note A `PropagationPolicy` allows you to select resources only in the namespace in which the policy resides. `labelSelector`: Select resources by using labels.
overrideRules	Override an application template by using a set of override rules.	`plaintext`: You can override templates by using JSONPatch. `imageOverrider`: You can use one of the following methods to override images: `Registry`, `Repository`, and `Version`.

Run the following command to create a OverridePolicy:
```
kubectl apply -f overridepolicy.yaml
```

Step 5: View the status of applications in multiple clusters

You can run the following AMC command to check the status of applications in multiple clusters. You can also check the running status of the application in the associated cluster to confirm that the application on the Fleet instance is distributed.

Run the following command to query the status of the application:

kubectl amc get deploy -ndemo -M

Expected output:

NAME       CLUSTER          READY   UP-TO-DATE   AVAILABLE   AGE    ADOPTION
web-demo   cxxxxxxxxxxxxx   3/3     3            3           3d4h   Y
web-demo   cxxxxxxxxxxxxx   3/3     3            3           3d4h   Y

The command output indicates that the application is distributed to the specified cluster.

Step 6: Update and override the application

Use the following content to modify the web-demo.yaml file. In this example, the number of replicas is increased. You can override or update application resources based on your business requirements.

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: demo
  name: web-demo
spec:
  replicas: 4
  selector:
    matchLabels:
      app: web-demo
  template:
    metadata:
      labels:
        app: web-demo
    spec:
      containers:
      - name: nginx
        image: registry-cn-hangzhou.ack.aliyuncs.com/acs/web-demo:0.5.0
        ports:
        - containerPort: 80

Run the following command to update the web-demo.yaml file:
```
kubectl apply -f web-demo.yaml
```

Run the following command to query the status of the application:

kubectl amc get deploy -ndemo -M

Expected output:

NAME       CLUSTER          READY   UP-TO-DATE   AVAILABLE   AGE    ADOPTION
web-demo   cxxxxxxxxxxxxx   4/4     4            4           3d4h   Y
web-demo   cxxxxxxxxxxxxx   4/4     4            4           3d4h   Y

Step 7: Delete application resources

To prevent accidental deletion of resources in namespaces, Fleet distributes resources but does not delete the resources. To prevent accidental deletion of other resources, the application resources of the sub-cluster are not deleted by default when the application resources of the Fleet instance are deleted or the PropagationPolicy is deleted. To delete the application resources of a sub-cluster, perform the following steps:

Change the value of the preserveResourcesOnDeletion field in ClusterPropagationPolicy to false, which specifies that the application resources of the sub-cluster are deleted when the application resources of the Fleet instance are deleted.

apiVersion: policy.one.alibabacloud.com/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: web-demo
spec:
  preserveResourcesOnDeletion: false
  resourceSelectors:
  - apiVersion: apps/v1
    kind: Deployment
    name: web-demo
  - apiVersion: v1
    kind: Namespace
    name: demo
  placement:
    clusterAffinity:
      clusterNames:
      - ${cluster1-id} # The ID of your cluster.
      - ${cluster2-id} # The ID of your cluster.
    replicaScheduling:
      replicaSchedulingType: Duplicated

Run the following command to update the PropagationPolicy:
```
kubectl apply -f propagationpolicy.yaml
```
Run the following command to delete application resources:
```
kubectl delete -f web-demo.yaml
```

Run the following command to view application resources:

kubectl amc get deploy -ndemo -M

Expected output:

cluster(cxxxxxxxxxxxxx): deployments.apps "web-demo" not found
cluster(cxxxxxxxxxxxxx): deployments.apps "web-demo" not found

References

For more information about how to monitor applications that are distributed across multiple clusters, see Monitoring management.
For more information about how to implement zone-disaster recovery, see Use MSE multi-cluster gateways to implement zone-disaster recovery in ACK One.
For more information about the parameters of the PropagationPolicy and OverridePolicy, see PropagationPolicy and OverridePolicy.