Access service across clusters within native Service

In Karmada, the MultiClusterService can enable users to access service across clusters with the native Service domain name, like foo.svc, with the aim of providing users with a seamless experience when accessing service across multiple clusters, as if they were operating within a single cluster.

This document provides an example of how to enable MultiClusterService for accessing service across clusters with native Service.

Prerequisites

Karmada has been installed

We can install Karmada by referring to Quick Start, or directly run hack/local-up-karmada.sh script which is also used to run our E2E cases.

Member Cluster Network

Ensure that at least two clusters have been added to Karmada, and the container networks between member clusters are connected.

  • If you use the hack/local-up-karmada.sh script to deploy Karmada, Karmada will have three member clusters, and the container networks of the member1 and member2 will be connected.
  • You can use Submariner or other related open source projects to connected networks between member clusters.

Access service across clusters within native Service - 图1note

In order to prevent routing conflicts, Pod and Service CIDRs of clusters need non-overlapping.

Enable MultiClusterService in karmada-controller-manager

To enable the MultiClusterService feature in the karmada-controller-manager, run the following command:

  1. kubectl --context karmada-host get deploy karmada-controller-manager -n karmada-system -o yaml | sed '/- --v=4/i \        - --feature-gates=MultiClusterService=true' | kubectl --context karmada-host replace -f -

Please note that the MultiClusterService feature is disabled by default and can be enabled using the --feature-gates=MultiClusterService=true flag.

If you prefer a more cautious approach, follow these steps:

  1. Run kubectl --context karmada-host edit deploy karmada-controller-manager -n karmada-system
  2. Check if --feature-gates=MultiClusterService=true is present in the spec.template.spec.containers[0].command field.
  3. If not, add --feature-gates=MultiClusterService=true to enable the feature.

Deploy deployment in member1 cluster

We need to deploy deployment in member1 cluster:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: nginx
  5.   labels:
  6.     app: nginx
  7. spec:
  8.   replicas: 2
  9.   selector:
  10.     matchLabels:
  11.       app: nginx
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: nginx
  16.     spec:
  17.       containers:
  18.       - image: nginx
  19.         name: nginx
  20.         resources:
  21.           requests:
  22.             cpu: 25m
  23.             memory: 64Mi
  24.           limits:
  25.             cpu: 25m
  26.             memory: 64Mi
  27. ---
  28. apiVersion: policy.karmada.io/v1alpha1
  29. kind: PropagationPolicy
  30. metadata:
  31.   name: nginx-propagation
  32. spec:
  33.   resourceSelectors:
  34.     - apiVersion: apps/v1
  35.       kind: Deployment
  36.       name: nginx
  37.   placement:
  38.     clusterAffinity:
  39.       clusterNames:
  40.         - member1

After deploying, you can check the created pods:

  1. $ karmadactl get po
  2. NAME                     CLUSTER   READY   STATUS              RESTARTS   AGE
  3. nginx-5c54b4855f-6sq9s   member1   1/1     Running             0          28s
  4. nginx-5c54b4855f-vp948   member1   1/1     Running             0          28s

Deploy curl pod in member2 cluster

Let’s deploy a curl pod in member2 cluster:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: curl
  5.   labels:
  6.     app: curl
  7. spec:
  8.   replicas: 1
  9.   selector:
  10.     matchLabels:
  11.       app: curl
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: curl
  16.     spec:
  17.       containers:
  18.       - image: curlimages/curl:latest
  19.         command: ["sleep", "infinity"]
  20.         name: curl
  21.         resources:
  22.           requests:
  23.             cpu: 25m
  24.             memory: 64Mi
  25.           limits:
  26.             cpu: 25m
  27.             memory: 64Mi
  28. ---
  29. apiVersion: policy.karmada.io/v1alpha1
  30. kind: PropagationPolicy
  31. metadata:
  32.   name: curl-propagation
  33. spec:
  34.   resourceSelectors:
  35.     - apiVersion: apps/v1
  36.       kind: Deployment
  37.       name: curl
  38.   placement:
  39.     clusterAffinity:
  40.       clusterNames:
  41.         - member2

After deploying, you can check the created pods:

  1. $ karmadactl get po -C member2
  2. NAME                    CLUSTER   READY   STATUS    RESTARTS   AGE
  3. curl-6894f46595-c75rc   member2   1/1     Running   0          15s

Later, we will run the curl command in this pod.

Deploy MultiClusterService and Service in Karmada

Now, instead of using PropagationPolicy/ClusterPropagationPolicy for the Service, we utilize MultiClusterService for propagation.

To enable MultiClusterService in Karmada, deploy the following yaml:

  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   ports:
  7.   - port: 80
  8.     targetPort: 80
  9.   selector:
  10.     app: nginx
  11. ---
  12. apiVersion: networking.karmada.io/v1alpha1
  13. kind: MultiClusterService
  14. metadata:
  15.    name: nginx
  16. spec:
  17.   types:
  18.     - CrossCluster
  19.   consumerClusters:
  20.     - name: member2
  21.   providerClusters:
  22.     - name: member1

Access the backend pods from member2 cluster

To access the backend pods in the member1 cluster from the member2 cluster, execute the following command:

  1. $ karmadactl exec -C member2 curl-6894f46595-c75rc -it -- sh
  2. ~ $ curl http://nginx.default
  3. Hello, world!
  4. Version: 1.0.0
  5. Hostname: nginx-0

Using MultiClusterService, the pods are situated solely in the member1 cluster. However, they can be accessed from the member2 cluster using the native Service name.