/ /

Arquitectura multi-clúster

Docs Home

/ /

Arquitecturas de Referencia

Arquitectura multi-clúster

Docs Home

Gestión

Controladores para el Operador de Kubernetes

Arquitecturas de Referencia

Arquitectura multi-clúster

Istio Service Mesh

Si bien es posible implementar Multi-Cluster Ops Manager, Multi-Cluster Sharded Cluster y configuraciones de Multi-Cluster set de réplicas sin una malla de servicios, el enfoque recomendado (presentado aquí) es aprovechar una malla de servicios para gestionar las redes en varios clústeres de Kubernetes. Para aprender más, consulta Cómo establece la conectividad el Operador de Kubernetes.

Esta página te guía a través del proceso de implementación y validación de un Istio service mesh en múltiples clústeres de Kubernetes. Istio es solo una de las muchas opciones para implementar un malla de servicios y no es compatible con MongoDB.

Nota

Istio no está soportado por MongoDB

MongoDB no es compatible con Istio y es solo una de las muchas herramientas que puedes usar para implementar un mallado de servicios en todos tus clústeres de Kubernetes.

Requisitos previos

Antes de empezar, realiza las siguientes tareas:

Instale kubectl.
Establece las variables de entorno K8S_CLUSTER_*_CONTEXT_NAME como se explica en la Guía de clústeres GKE.

Código fuente

Se puede encontrar todo el código fuente incluido en el repositorio de MongoDB Kubernetes operador.

Procedimiento

Clona el repositorio del operador de Kubernetes.

Ejecuta el siguiente comando para clonar el repositorio.

git clone https://github.com/mongodb/mongodb-kubernetes.git
cd mongodb-kubernetes
git checkout 1.1.0
cd public/architectures

Instala la malla de servicio Istio.

Instale Istio service mesh para permitir la resolución DNS entre clústeres y la conectividad de red entre clústeres de Kubernetes.

1 CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2 CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3 CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4 ISTIO_VERSION="1.20.2" \
5 ./install_istio_separate_network.sh

opcional. Verificar la conectividad del clúster.

Los siguientes scripts opcionales verifican si el service mesh está configurado correctamente para la resolución de DNS entre clústeres y la conectividad.

Crea un namespace de Kubernetes para la prueba de conectividad.

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3 
4 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6 
7 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

Ejecute este script en el clúster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver0
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver0
11     template:
12       metadata:
13         labels:
14           app: echoserver0
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver0
20             ports:
21               - containerPort: 8080
22 EOF

Ejecute este script en el clúster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver1
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver1
11     template:
12       metadata:
13         labels:
14           app: echoserver1
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver1
20             ports:
21               - containerPort: 8080
22 EOF

Ejecute este script en el clúster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2   apiVersion: apps/v1
3   kind: StatefulSet
4   metadata:
5     name: echoserver2
6   spec:
7     replicas: 1
8     selector:
9       matchLabels:
10         app: echoserver2
11     template:
12       metadata:
13         labels:
14           app: echoserver2
15       spec:
16         containers:
17           - image: k8s.gcr.io/echoserver:1.10
18             imagePullPolicy: Always
19             name: echoserver2
20             ports:
21               - containerPort: 8080
22 EOF

Ejecuta este script para esperar la creación de StatefulSets:

1 kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2 kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3 kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

Crea un servicio de Pods en el clúster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver0-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver0-0"
13 EOF

Crea un servicio de Pods en el clúster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver1-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver1-0"
13 EOF

Crea un servicio de Pods en el clúster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver2-0
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     statefulset.kubernetes.io/pod-name: "echoserver2-0"
13 EOF

Crear un servicio round robin en el clúster 0:

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver0
13 EOF

Crear un servicio round robin en el clúster 1:

1 kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver1
13 EOF

Crear un servicio round robin en el clúster 2:

1 kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: echoserver
6 spec:
7   ports:
8     - port: 8080
9       targetPort: 8080
10       protocol: TCP
11   selector:
12     app: echoserver2
13 EOF

Verifica el Pod 0 del clúster 1:

1 source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2 target_pod="echoserver0-0"
3 source_pod="echoserver1-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-682f2df6e1745e000788a1d5-24552 to echoserver0-0
2 SUCCESS

Verifica el Pod 1 del clúster 0:

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-682f2df6e1745e000788a1d5-24552 to echoserver1-0
2 SUCCESS

Verifica el Pod 1 del clúster 2:

1 source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2 target_pod="echoserver1-0"
3 source_pod="echoserver2-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver2-0 in gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-682f2df6e1745e000788a1d5-24552 to echoserver1-0
2 SUCCESS

Verifica el Pod 2 del clúster 0:

1 source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2 target_pod="echoserver2-0"
3 source_pod="echoserver0-0"
4 target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5 echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6 out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7   /bin/bash -c "curl -v ${target_url}" 2>&1);
8 
9 if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10 then
11   echo "SUCCESS"
12 else
13   echo "ERROR: ${out}"
14   return 1
15 fi

1 Checking cross-cluster DNS resolution and connectivity from echoserver0-0 in gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-682f2df6e1745e000788a1d5-24552 to echoserver2-0
2 SUCCESS

Ejecute el script de limpieza:

1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver0
2 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver1
3 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete statefulset echoserver2
4 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
5 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
6 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver
7 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver0-0
8 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver1-0
9 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" delete service echoserver2-0
10 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" delete ns "connectivity-test"
11 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" delete ns "connectivity-test"
12 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" delete ns "connectivity-test"

Volver

GKE Clusters

Certificados TLS

1	CTX_CLUSTER1=${K8S_CLUSTER_0_CONTEXT_NAME} \
2	CTX_CLUSTER2=${K8S_CLUSTER_1_CONTEXT_NAME} \
3	CTX_CLUSTER3=${K8S_CLUSTER_2_CONTEXT_NAME} \
4	ISTIO_VERSION="1.20.2" \
5	./install_istio_separate_network.sh

1	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "connectivity-test"
2	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
3
4	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "connectivity-test"
5	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite
6
7	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "connectivity-test"
8	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" label namespace "connectivity-test" istio-injection=enabled --overwrite

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver0
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver0
11	template:
12	metadata:
13	labels:
14	app: echoserver0
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver0
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver1
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver1
11	template:
12	metadata:
13	labels:
14	app: echoserver1
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver1
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl apply --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: apps/v1
3	kind: StatefulSet
4	metadata:
5	name: echoserver2
6	spec:
7	replicas: 1
8	selector:
9	matchLabels:
10	app: echoserver2
11	template:
12	metadata:
13	labels:
14	app: echoserver2
15	spec:
16	containers:
17	- image: k8s.gcr.io/echoserver:1.10
18	imagePullPolicy: Always
19	name: echoserver2
20	ports:
21	- containerPort: 8080
22	EOF

1	kubectl wait --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver0-0 --timeout=60s
2	kubectl wait --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver1-0 --timeout=60s
3	kubectl wait --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "connectivity-test" --for=condition=ready pod -l statefulset.kubernetes.io/pod-name=echoserver2-0 --timeout=60s

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "connectivity-test" -f - <<EOF
2	apiVersion: v1
3	kind: Service
4	metadata:
5	name: echoserver0-0
6	spec:
7	ports:
8	- port: 8080
9	targetPort: 8080
10	protocol: TCP
11	selector:
12	statefulset.kubernetes.io/pod-name: "echoserver0-0"
13	EOF

1	source_cluster=${K8S_CLUSTER_1_CONTEXT_NAME}
2	target_pod="echoserver0-0"
3	source_pod="echoserver1-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	Checking cross-cluster DNS resolution and connectivity from echoserver1-0 in gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-682f2df6e1745e000788a1d5-24552 to echoserver0-0
2	SUCCESS

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_2_CONTEXT_NAME}
2	target_pod="echoserver1-0"
3	source_pod="echoserver2-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi

1	source_cluster=${K8S_CLUSTER_0_CONTEXT_NAME}
2	target_pod="echoserver2-0"
3	source_pod="echoserver0-0"
4	target_url="http://${target_pod}.connectivity-test.svc.cluster.local:8080"
5	echo "Checking cross-cluster DNS resolution and connectivity from ${source_pod} in ${source_cluster} to ${target_pod}"
6	out=$(kubectl exec --context "${source_cluster}" -n "connectivity-test" "${source_pod}" -- \
7	/bin/bash -c "curl -v ${target_url}" 2>&1);
8
9	if grep "Hostname: ${target_pod}" &>/dev/null <<< "${out}"
10	then
11	echo "SUCCESS"
12	else
13	echo "ERROR: ${out}"
14	return 1
15	fi