Skip to content

Commit

Permalink
Address PR comments
Browse files Browse the repository at this point in the history
  • Loading branch information
Zijun Wang committed Nov 22, 2023
1 parent 699a38c commit 789c726
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions docs/guides/multi-cluster.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,28 @@
Here is a recommended multi-cluster architecture if you'd like to setup kubernetes service-to-service communications across multiple clusters.

Suppose your organization would like to have one large infrastructure that have many clusters in one AWS account. It's recommended your infrastructure includes the following components:
- One manually created VPC Lattice service network, (it could create by either AWS Console, CLI, CloudFormation, Terraform or any other tools)
- Create `VpcServiceNetworkAssociations` between VPC Lattice service network and each config cluster's VPC and workload clusters' VPCs
- One manually created VPC Lattice service network, (it could be created by either AWS Console, CLI, CloudFormation, Terraform or any other tools)
- Create vpc service network associations between VPC Lattice service network and each config cluster's VPC and workload clusters' VPCs
- Multiple workload cluster(s), that are used to run application workload(s). Workload cluster(s) should only have following workloads related kubernetes objects:
- Application workload(s) (`Pod(s)`, `Deployment(s)` etc.)
- `Service(s)` for application workload(s)
- `ServiceExport(s)`, that export kubernetes application Service(s) to the "config cluster"
- One extra dedicated "config cluster", which is act as a "service network control plane" and it should include following kubernetes objects:
- One extra dedicated "config cluster", which acts as a "service network control plane" and it should include following kubernetes objects:
- One `Gateway` that has __same name__ as the manually created VPC Lattice service network name
- `ServiceImport(s)`, that reference to kubernetes application services that export from workload cluster(s)
- `ServiceImport(s)`, that reference to kubernetes application services that are exported from workload cluster(s)
- `HTTPRoute(s)`,`GRPCRoute(s)`, that have rules backendRefs to `ServiceImport(s)` that referring kubernetes application service(s) in workload cluster(s)

![config cluster and multiple workload clusters](../images/multi-cluster.png)


Above architecture is recommended for following reasons:
- Putting all Route(s) and only one Gateway in the config cluster is easier to manage and have less chance to have conflict.
- You are easier to have seperated roles in your organization. The infra operator team only manage the resource in the config cluster and VPC Lattice resource, and the application developer team only manage the resource in the workload cluster(s).
- It is easier to have seperated roles in your organization. The infra operator team only manages the resource in the config cluster and VPC Lattice resource, and the application developer teams only manage the resource in the workload cluster(s).



Following steps show you how to set up this recommended multi-cluster architecture with 1 config cluster and 2 workload clusters.
1. Create 3 k8s clusters: `config cluster`, `workload cluster-1`, `workload cluster-2`. Install AWS gateway api controller in each cluster, you could follow this instruction [deploy.md](deploy.md)
1. Create 3 k8s clusters: `config cluster`, `workload cluster-1`, `workload cluster-2`. Install AWS Gateway API Controller in each cluster, you could follow this instruction [deploy.md](deploy.md)
1. Create a VPC Lattice `ServiceNetwork` with name `my-gateway`
1. Create `VPCServiceNetworkAssociation(s)` between previous step created service network and each config cluster's VPC and workload clusters' VPCs
1. Setup following resource in the workload cluster1:
Expand All @@ -44,5 +44,5 @@ Following steps show you how to set up this recommended multi-cluster architectu
kubectl apply -f examples/service-1-import.yaml
kubectl apply -f examples/service-2-import.yaml
```
1. At this point, the connectivity setup finished, pods in workload cluster1 are able to communicate with `service-2` in workload cluster2 (and vice versa) via the `my-httproute` dns name.
1. Furthermore, you could have more workloads clusters to join the `my-gateway` service network by creating the `ServiceNewtorkAssociation(s)`, they will all be able to communicate with `service-1` and `service-2` via the `my-httproute` dns name and path matching.
1. At this point, the connectivity setup finished, pods in workload cluster1 are able to communicate with `service-2` in workload cluster2 (and vice versa) via the `my-httproute` DNS name.
1. Furthermore, you could have more workloads clusters to join the `my-gateway` service network by creating the `ServiceNewtorkAssociation(s)`, they will all be able to communicate with `service-1` and `service-2` via the `my-httproute` DNS name and path matching.

0 comments on commit 789c726

Please sign in to comment.