4

What I want

  • ClusterA have PodA
  • ClusterB have ServiceB select PodB in namespace:default
  • In GKE(Google Kubernetes Engine)

PodA in ClusterA can access ServiceB in clusterB like api.default.svc.cluster.clusterB.

Solutions I tried

Any solutions or ideas are appreciated! A example will be better.

RammusXu
  • 1,180
  • 1
  • 7
  • 21
  • are these two kubernetes cluster in same network / flat network, you want to access it with serviceB.default.svc.cluster.local ? – Nadeem Hussain Jul 01 '20 at 12:56
  • 1
    I am not sure if what you are trying is easily achievable. Please tell is there any reason that you are trying to use 2 clusters? Have you thought about using single cluster with additional node pool? You could spawn a specific workload only on it by using `nodeSelector`. Here is the link if you are interested: [Kubernetes.io: Create a pod that gets scheduled to your chosen node](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/#create-a-pod-that-gets-scheduled-to-your-chosen-node) – Dawid Kruk Jul 01 '20 at 13:24
  • @NadeemHussain In same GCP project and same region for now. But i will also need to access other cluster outside GCP. `serviceB.default.svc.cluster.local ` is ok. With a cluster name suffix will be better. – RammusXu Jul 02 '20 at 01:58
  • @DawidKruk Cross region. Cross cloud platform. So more node pool don't work to me. – RammusXu Jul 02 '20 at 01:59
  • 3
    if i understand clear your end goal is to access svc from one cluster to another and both these clusters can be on different network , if so , why don't you expose these svc via internal loadbalancer nginx ingress. , that way you dont have to create multiple load balancers too , just ingress crd will work for each svc – Nadeem Hussain Jul 03 '20 at 08:42
  • @NadeemHussain My goal is communicate between two cluster and "discover" services. So ingress didn't help too much. I guess I need expose some kind of dns service to VPC. – RammusXu Jul 06 '20 at 03:00
  • If the clusters were in the same cloud provider you could try to use `VPC Network Peering`: https://cloud.google.com/vpc/docs/vpc-peering. This solution has a caveat that you would be able to communicate only through ip addresses, not service names. Also, please take a look here: [Istio.io: Install: Multisluster: Shared](https://istio.io/latest/docs/setup/install/multicluster/shared/) - it's a guide for Istio deployment with multiple clusters. The guide also mentions service discovery between clusters. Please let me know if the solution with Istio would be satisfactory. – Dawid Kruk Jul 07 '20 at 07:56
  • @RammusXu is using the mentioned DNS pattern required? An alternative would be to create a public DNS Zone and let it be managed by [external-dns](https://github.com/kubernetes-sigs/external-dns). This way you can give services annotations which are picked up by external-dns, which will then create DNS records in the managed zone containing the private IPs (so it's only partly public). The next part of the solution would be to use (cross-region) network peering, so that the private IP is routable between clusters. – Alexander Block Jul 09 '20 at 08:05

1 Answers1

2

I found three solutions for this. For multi-cluster kubernetes architecture.

I chose Linkerd. Pretty easy to setup, good latency and good documents.

I also wrote an article in Chinese if someone interested. https://rammusxu.github.io/2020/07/28/Linkerd-Multi-Kubernetes-Cluster-Feature-Overview/

RammusXu
  • 1,180
  • 1
  • 7
  • 21