Taicheng's Profile

Multi Cluster Ingress

Problem

You have an application that runs on multiple Kubernetes clusters that are located in different regions, and you want to be able to route user traffic automatically to the cluster that is nearest to the user’s location, using a single HTTP(S) load balancer.

Solution

Use Multi-Cluster Ingress for Anthos to run your application across as many Kubernetes clusters as you’d like, and route traffic to the nearest cluster, based on the origin of the request.

Prerequisites

Ensure that the following APIs are enabled:

  • Kubernetes Engine API
  • GKE Hub
  • Anthos
  • Multi-Cluster Ingress API

First, we will create two regional clusters in two regions (us-east1 and us-west1).

  1. Sign in to Google Cloud Console.
  2. In the main menu, navigate to Compute and click Kubernetes Engine.
  3. Click the Create button at the top of the screen.
  4. Click Configure next to the Standard option.
  5. In the Cluster Basics section:
    1. In Name, set your cluster name to cluster-1.
    2. In Location Type, select Regional.
    3. In Region, select us-east1.
    4. Leave the remaining settings at their defaults.
  6. Click Create at the bottom of the screen.You will be navigated back to the Clusters screen, where you will see your cluster spinning up. This process can take more than a minute to complete.
  7. We will repeat this process and create another regional cluster in a different region than the one we just created.
  8. Click the Create button at the top of the screen.
  9. Click Configure next to the Standard option.
  10. In the Cluster Basics section:
    1. In Name, set your cluster name to cluster-2.
    2. In Location Type, select Regional.
    3. In Region, select us-west1.
    4. Leave the remaining settings at their defaults.
  11. Click Create at the bottom of the screen. You will be navigated back to the Clusters screen, where you will see your cluster spinning up. This process can take more than a minute to complete.Now we will register the clusters to the same environment.
  12. In the main menu, navigate to Anthos and click Clusters in the submenu.
  13. Click Register Existing Cluster.You will now see that both the clusters you created are ready to be registered as shown below
  1. Next to cluster-1, click REGISTER.
  2. You’ll be asked for a service account to register to the environment; choose Workload Identity as shown below
  1. Click Submit.
  2. Repeat steps 13-15 for the second cluster, cluster-2.Now, we will set up Ingress for Anthos.
  3. Next, click Features in the Anthos screen.
  4. Click Enable next to Ingress and then click Enable Ingress.
  5. In the Config Membership drop-down menu, select the first cluster you spun up (cluster-1) and click Install. After a minute or so, refresh the screen, and you should see the Ingress Enabled screen.
  6. Open the cloud shell by clicking this button in the top-right corner of your screen.
  7. Type the following into your cloud shell to make a directory that will hold the .yaml files we will need for the remainder of this tutorial:
mkdir multicluster-ingress-demo \
    && cd multicluster-ingress-demo
  1. Before we can work with our clusters via kubectl in the cloud shell, we need to configure our cluster access by generating a kubeconfig entry. You can do this by running the following command for both of your clusters in the cloud shell:
gcloud container clusters \
    get-credentials cluster-1 --region us-east1
gcloud container clusters \
     get-credentials cluster-2 --region us-west1
  1. Ensure that you received a confirmation for each cluster:
  1. Now we can work with the clusters from the cloud shell command line. Let’s create the namespace for our application to run. You can do this by typing nano namespace.yaml in the cloud shell.

Paste this into the .yaml file:

apiVersion: v1
kind: Namespace
metadata:
  name: zoneprinter
  1. Save the file. Before we proceed, let’s set the shell variable for our project ID. Enter the following in the cloud shell:
PROJECT=$(gcloud info --format='value(config.project)')
  1. Now let’s apply namespace.yaml to both of our clusters, cluster-1 and cluster-2. You can do this by running the following:
kubectl config use-context \
    gke_$(echo $PROJECT)_us-east1_cluster-1
kubectl apply -f namespace.yaml
kubectl config use-context \
    gke_$(echo $PROJECT)_us-west1_cluster-2
kubectl apply -f namespace.yaml

We will now deploy a sample app, which shows the location of the data center you are reaching to both clusters, from an image called zone-printer.

  1. Create a new .yaml file by typing nano app.yaml in the gcloud terminal, and paste the following into the yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: zone-ingress
  namespace: zoneprinter
  labels:
    app: zoneprinter
spec:
  selector:
    matchLabels:
      app: zoneprinter
  template:
    metadata:
      labels:
        app: zoneprinter
    spec:
      containers:
      - name: frontend
        image: gcr.io/google-samples/zone-printer:0.2
        ports:
        - containerPort: 8080
  1. Save the file. Apply app.yaml to both of your clusters, cluster-1 and cluster-2. You can do this by running the following in the cloud shell:
kubectl config use-context \
gke_$(echo $PROJECT)_us-east1_cluster-1
kubectl apply -f app.yaml
kubectl config use-context \
gke_$(echo $PROJECT)_us-west1_cluster-2
kubectl apply -f app.yaml

Now that the app is running in both clusters in the same namespace, let’s wrap up by creating the MultiClusterService and MultiClusterObject.

  1. First, create the MultiClusterService. Create a new .yaml file by typing nano mcs.yaml in the cloud shell, and paste the following into the YAML:
apiVersion: networking.gke.io/v1
kind: MultiClusterService
metadata:
  name: zone-mcs
  namespace: zoneprinter
spec:
  template:
    spec:
      selector:
        app: zoneprinter
      ports:
      - name: web
        protocol: TCP
        port: 8080
        targetPort: 8080
  1. Save the file and apply this file to cluster-1:
kubectl config use-context \
          gke_$(echo $PROJECT)_us-east1_cluster-1
kubectl apply -f mcs.yaml
  1. Create the MultiClusterIngress. Create a new .yaml file by typing nano mci.yaml in the cloud shell, and paste the following into the YAML:
apiVersion: networking.gke.io/v1
kind: MultiClusterIngress
metadata:
  name: zone-ingress
  namespace: zoneprinter
spec:
  template:
    spec:
      backend:
        serviceName: zone-mcs
        servicePort: 8080
  1. Save the file and apply this file to cluster-1:
kubectl apply -f mci.yaml
  1. Finally, pull the virtual IP (VIP) to access our application from the MultiCluster Ingress. Run this command in your cloud shell:
kubectl describe mci zone-ingress -n zoneprinter
  1. Once you get the VIP, open a new tab, paste the VIP to the URL bar, and press Enter.

In summary and in order: we created two GKE clusters in us-east1 and us-west1 and then registered the clusters to an environment and enabled the Ingress for Anthos feature. We then created the proper namespace and deployed the zone-printer application to both clusters, used cluster-1 as our config cluster, and deployed a multi-cluster service and Multi-Cluster Ingress to that cluster. The request now routes through an L7 HTTP load balancer to the nearest cluster running the application from the location of the request. Multi-Cluster Ingress, using Ingress for Anthos, will allow you to route requests to your Kubernetes clusters running anywhere in the world.

Taicheng