← 返回首页
🌐

多集群管理

📂 devops ⏱ 2 min 263 words
kubernetes多集群联邦专家实战

多集群管理

多集群场景

场景 说明
灾备 主备集群,故障切换
地理分布 就近访问,低延迟
环境隔离 开发/测试/生产分离
合规要求 数据本地化

集群联邦

KubeFed

# 安装KubeFed
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/charts/kubefed/charts/kubefed/crds/v2beta1/kubefedconfig.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/charts/kubefed/charts/kubefed/crds/v2beta1/kubefedschedules.yaml

联邦资源

apiVersion: types.kubefed.io/v1beta1
kind: FederatedDeployment
metadata:
  name: myapp
  namespace: test
spec:
  template:
    metadata:
      labels:
        app: myapp
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: myapp
      template:
        metadata:
          labels:
            app: myapp
        spec:
          containers:
            - name: myapp
              image: myapp:v1
  placement:
    clusters:
      - name: cluster1
      - name: cluster2
  overrides:
    - clusterName: cluster1
      clusterOverrides:
        - path: "/spec/replicas"
          value: 5

多集群服务

服务导入

apiVersion: types.kubefed.io/v1beta1
kind: FederatedService
metadata:
  name: myapp
  namespace: test
spec:
  template:
    spec:
      selector:
        app: myapp
      ports:
        - port: 80
          targetPort: 8080
  placement:
    clusters:
      - name: cluster1
      - name: cluster2

实践:多集群部署

# 1. 集群配置
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-config
data:
  clusters.yaml: |
    clusters:
      - name: us-west
        server: https://us-west.example.com
        token: xxx
      - name: us-east
        server: https://us-east.example.com
        token: xxx

---
# 2. 多集群部署脚本
apiVersion: batch/v1
kind: Job
metadata:
  name: multi-cluster-deploy
spec:
  template:
    spec:
      containers:
        - name: deployer
          image: kubectl:latest
          command:
            - /bin/sh
            - -c
            - |
              for cluster in us-west us-east; do
                kubectl --context=$cluster apply -f /manifests/
              done
      restartPolicy: Never

集群入口

# 全局负载均衡
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: global-cert
spec:
  domains:
    - myapp.example.com

---
apiVersion: networking.gke.io/v1
kind: MultiClusterService
metadata:
  name: myapp
spec:
  template:
    spec:
      selector:
        app: myapp
      ports:
        - port: 80

---
apiVersion: networking.gke.io/v1
kind: MultiClusterIngress
metadata:
  name: myapp
  annotations:
    networking.gke.io/pre-shared-certs: "global-cert"
spec:
  template:
    spec:
      backend:
        serviceName: myapp
        servicePort: 80

配置同步

# 使用Config Sync
apiVersion: configsync.gke.io/v1beta1
kind: RootSync
metadata:
  name: config-root
  namespace: config-management-system
spec:
  sourceFormat: hierarchical
  git:
    repo: https://github.com/example/config-repo.git
    branch: main
    dir: .

监控多集群

# Thanos多集群监控
apiVersion: monitoring.coreos.com/v1
kind: ThanosRuler
metadata:
  name: thanos-ruler
spec:
  queryEndpoints:
    - thanos-query-us-west:10901
    - thanos-query-us-east:10901
  ruleSelector:
    matchLabels:
      prometheus: k8s

最佳实践

  1. 统一配置管理
  2. 集中式监控
  3. 自动化部署
  4. 故障切换策略
  5. 数据同步

总结

多集群管理是大规模Kubernetes部署的必要能力。通过联邦、服务网格和统一管理平面,可以实现高效的多集群运维。