A Service Mesh (ASM) gateway can be deployed in multiple clusters to improve service availability. You can deploy services in multiple clusters and then configure a unified ingress gateway for these clusters to manage the ingress traffic to these clusters. This topic describes how to configure a unified ingress gateway for multiple clusters.
Prerequisites
Applications are deployed in two clusters of an ASM instance. For more information, see Add a cluster to an ASM instance and Deploy an application in an ASM instance.
Sidecar proxy injection is enabled for the specified namespaces. For more information, see Enable automatic sidecar proxy injection.
Configuration description
When an ASM gateway is deployed in multiple clusters, gateway pods and corresponding services are created in the clusters and a Classic Load Balancer (CLB) instance is attached to each service. Therefore, an ASM gateway that serves multiple clusters has multiple IP addresses.
An ASM gateway allows the reuse of an existing CLB instance. However, we recommend that you do not reuse the same CLB instance for multiple services.
This topic describes how to configure a unified ingress gateway for multiple clusters in the following two scenarios:
Scenario 1: Identical gateway-related resource configurations for multiple clusters
Scenario 2: Different gateway-related resource configurations for multiple clusters: For example, configurations such as the CLB instance specifications and the number of gateway replicas vary.
Scenario 1: Identical gateway-related resource configurations for multiple clusters
If the gateway-related resources for multiple clusters are identical, you can create a multi-cluster gateway in the ASM console or change a single-cluster gateway to a multi-cluster gateway. ASM will create a gateway with identical configurations in all the clusters based on your gateway configurations.
Method 1: Create a multi-cluster gateway
You can create a multi-cluster gateway by setting the related configuration items in the ASM console or by using a YAML file.
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
Create a multi-cluster gateway.
Method 1: Create a multi-cluster gateway by setting the related configuration items in the ASM console
On the Ingress Gateway page, click Create.
On the Create page, select multiple clusters from the Cluster drop-down list, configure the related parameters, and then click Create.
For descriptions of other configuration items, see Create an ingress gateway.
Method 2: Create a multi-cluster gateway by using a YAML file
On the Ingress Gateway page, click Create from YAML.
On the Create page, configure the following fields in the YAML file and click Create.
apiVersion: istio.alibabacloud.com/v1beta1 kind: IstioGateway metadata: name: ingressgateway-multi-cluster namespace: istio-system spec: affinity: {} autoCreateGatewayYaml: false clusterIds: - c87e370627c3f4e62ac77a7********* - c877e9b78610a419e833f22********* compression: {} cpu: {} dnsPolicy: ClusterFirst externalTrafficPolicy: Local gatewayType: ingress hostNetwork: false kernel: parameters: {} memory: {} ports: - name: http-0 port: 80 protocol: HTTP targetPort: 80 - name: https-1 port: 443 protocol: HTTPS targetPort: 443 readinessProbe: {} replicaCount: 2 resources: limits: cpu: '2' memory: 4G requests: cpu: 200m memory: 256Mi runAsRoot: true sds: {} serviceAnnotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: slb.s1.small service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet serviceType: LoadBalancer
Method 2: Change a single-cluster gateway to a multi-cluster gateway
If you have created a single-cluster gateway, you can add the required clusters to the spec.clusterIds field in the gateway YAML file to change the single-cluster gateway to a multi-cluster gateway.
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the Ingress Gateway page, find the ingress gateway that you want to manage and click YAML in the Gateway edit area.
In the Edit dialog box, add the IDs of the desired clusters to the spec.clusterIds field, and then click OK.
Check whether the multi-cluster gateway is created
You can view the Service and Deployment resources of the gateway in the istio-system namespaces of two clusters on the data plane. If the two clusters have the same configuration resources, the multi-cluster gateway is successfully created.
Scenario 2: Different gateway-related resource configurations for multiple clusters
Your gateway is deployed in two clusters and the two clusters require different gateway configurations. For example, one cluster needs to use an automatically created CLB instance, and the other cluster needs to reuse an existing CLB instance; one cluster requires 3 gateway replicas, and the other requires 5 gateway replicas. To customize the configuration of the multi-cluster gateway, you need to modify the corresponding YAML file. The following example describes how to configure different types of CLB instances in a multi-cluster gateway. The gateway of one cluster uses an automatically created CLB instance, and the gateway of the other cluster reuses an existing CLB instance.
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the Ingress Gateway page, click Create from YAML.
On the Create page, configure the following fields in the YAML file and click Create.
apiVersion: istio.alibabacloud.com/v1beta1 kind: IstioGateway metadata: name: ingressgateway2 namespace: istio-system spec: autoCreateGatewayYaml: false clusterIds: - c0ed16dbd6c5e429faca464********** - c7d5fba8f3c974353b56522********** compression: {} cpu: {} dnsPolicy: ClusterFirst externalTrafficPolicy: Local gatewayType: ingress hostNetwork: false kernel: parameters: {} memory: {} overrides: c0ed16dbd6c5e429faca464***********: serviceAnnotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: slb.s1.small service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet c7d5fba8f3c974353b56522**********: serviceAnnotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: lb-bp1lv01rlga******** ports: - name: http-0 port: 80 protocol: HTTP targetPort: 80 - name: https-2 port: 443 protocol: HTTPS targetPort: 443 readinessProbe: {} replicaCount: 1 resources: limits: cpu: '2' memory: 4G requests: cpu: 200m memory: 256Mi rollingMaxSurge: 25% rollingMaxUnavailable: 25% runAsRoot: true sds: {} serviceType: LoadBalancerThe overrides field is a structure of the Map type. The key is the ID of a cluster. Its value is the same as the spec configuration field of the gateway. You can configure parameters such as the CLB instance-related parameters, the number of gateway replicas, and gateway resource specifications. In the overrides field, you can configure parameters for each cluster individually. This configuration has a higher priority than the outermost gateway configuration. For more information about the descriptions of the fields, see CRD fields for an ASM gateway.
Check whether the multi-cluster gateway is created.
You can view the Service resources of the gateway in the istio-system namespaces of the two clusters. If the external IP address of a Service in one cluster is the IP address of an automatically created CLB instance and that in the other cluster is the IP address of a specified CLB instance, the multi-cluster gateway is successfully created.