Karmada Multi-Ingress(MCI)技术实践
一、背景
在多集群场景中,Kubernetes 原生 Ingress 控制器无法跨集群调度和管理流量。Karmada 作为一款 Kubernetes 多集群管理控制平面,推出了 Multi-Cluster Ingress(MCI)能力,专门解决多集群应用统一入口问题。
MCI 通过 MultiClusterIngress CRD 资源实现多集群 Ingress 的管理与自动下发,结合 karmada-agent 实现资源同步,最终达到跨集群流量入口统一、自动化、可控的目标。
二、MCI 核心组件说明
| 组件 | 作用 |
|---|---|
| MultiClusterIngress (MCI) | 核心 CRD 资源,定义多集群应用的统一入口 |
| ServiceExport / ServiceImport | 解决跨集群后端服务发现问题 |
| karmada Ingress Controller | 各成员集群内部流量入口,需接收 karmada-apiserver 分发的 Ingress 资源(Karmda并没有自己维护Karmda ingress Controller 需要手动编译可以参考此链接) |
三、MCI 典型架构图
┌──────────────────┐│ Karmada Control ││ Plane (Host) │└──────────────────┘│┌─────────────┴─────────────┐│ │┌─────────────────┐ ┌─────────────────┐│ Member Cluster│ │ Member Cluster││ (cluster1) │ │ (cluster2) │├─────────────────┤ ├─────────────────┤│ karmda-ingress │ │ karmada-ingress │└─────────────────┘ └─────────────────┘
四、MCI 部署步骤详解
1. 环境准备
- Kubernetes >= 1.20
- Karmada >= v1.5.0
- 各成员集群已加入 Karmada
- 成员集群部署 karmada-ingress
2. 各成员部署 karmada-ingress
// for HTTPS
git clone https://github.com/karmada-io/multi-cluster-ingress-nginx.git
// for SSH
git clone git@github.com:karmada-io/multi-cluster-ingress-nginx.gitcd charts/ingress-nginxhelm install ingress-nginx . -n ingress-nginx --create-namespace在部署完成后需要编辑 ingrss-nginx-controller deployment,添加以下内容:
apiVersion: apps/v1
kind: Deployment
metadata:...
spec:#...template:spec:containers:- args:- /nginx-ingress-controller- --karmada-kubeconfig=/etc/kubeconfig # new line#...volumeMounts:#...- mountPath: /etc/kubeconfig # new linename: kubeconfig # new linesubPath: kubeconfig # new linevolumes:#...- name: kubeconfig # new linesecret: # new linesecretName: kubeconfig # new line
5. 创建服务暴露资源
在创建之前需要跑一个 nginx deployment,执行命令 kubectl create deployment nginx --image nginx --port=80 --kubeconfig /root/.kube/kamadaconfig
然后再创建服务暴露,资源如下:
apiVersion: v1
kind: Service
metadata:name: serve
spec:ports:- port: 80targetPort: 80selector:app: nginx
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:name: example-policy # The default namespace is `default`.
spec:resourceSelectors:- apiVersion: apps/v1kind: Deploymentname: nginx - apiVersion: v1kind: Servicename: serveplacement:clusterAffinity:clusterNames:- test - test2
---
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceExport
metadata:name: serve
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:name: serve-export-policy
spec:resourceSelectors:- apiVersion: multicluster.x-k8s.io/v1alpha1kind: ServiceExportname: serveplacement:clusterAffinity:clusterNames:- test- test2
---
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceImport
metadata:name: serve
spec:type: ClusterSetIPports:- port: 80protocol: TCP
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:name: serve-import-policy
spec:resourceSelectors:- apiVersion: multicluster.x-k8s.io/v1alpha1kind: ServiceImportname: serveplacement:clusterAffinity:clusterNames:- test- test26. 创建 MultiClusterIngress 资源
MultiClusterIngress 也需要通过 karmada-apiserver 创建。
apiVersion: networking.karmada.io/v1alpha1
kind: MultiClusterIngress
metadata:name: demo-localhostnamespace: default
spec:ingressClassName: nginxrules:- host: demo.localdev.mehttp:paths:- backend:service:name: serveport:number: 81path: /webpathType: Prefix
五、验证方式
- 在本地电脑绑定域名:
echo "CLUSTER_INGRESS_IP demo.example.com" >> /etc/hosts
- 访问:
curl http://demo.example.com
应能正常访问后端服务。