Hi everyone, my name is Hang Du. I'm a Solution Architect from Alibaba Cloud Native team. Today I will introduce how to manage your Kubernetes clusters on Multiple Cloud or Hybrid cloud. In recent years, CRSP much talk about MultiCloud and Hybrid Cloud. MultiCloud and the multi cluster architectures can provide benefits such as high availability and the multi regions zooms. At the same time, those types of architectures can also reduce the interdependancy which in turn offers a host of advantages, such as reduced cost reduction, and the need to store data with a single vendor, and ability to take advantage of the best features each vendor's has to offer without being locked into one particular Cloud vendor. Multi Clouds, Hybrid Clouds strategy has been talked about for a long time and being considered to be the next big thing, however, it's a sad reality that each Cloud [inaudible] each data center has its own set of APIs, which makes Multi Cloud strategy a pretty complex combination, these changed for the better with a rapid popularization of the concept of Cloud native. Kubernetes has made application delivery in crystallize dendrites and completely decoupled from underlying infrastructure, so popularization of Kubernetes APIs has built a solid foundation for Multi Cloud and Hybrid Cloud architectures. Managing Kubernetes clusters on MultiCloud or Hybrid Cloud is a last amount of MultiCloud and Hybrid Cloud strategy. There are couple of ways to manage Kubernetes clusters, so first the finger is designed for the multi side active scenario. The typical character of this scenario is that all clusters are red, white, and the data is synchronized in real time using global traffic and manager to assign different ways to different clusters based on resource allocation. Second finger shows how to use micro service registration, and the discovery mechanism to manage applications on multiple clusters, rather than managing clusters themselves [inaudible] results demands and use multi-cloud setups as backup results pools. The third finger shows how to use Alibaba Cloud Container Service to manage Kubernetes clusters anywhere centralized. It also provides consistent management experience and easy integration with Alibaba Cloud middleware for all Kubernetes clusters. The benefit of using Alibaba Cloud Container Service to manage Multiple Clouds, Hybrid Cloud Kubernetes clusters are as follow. First, it provides unified management to all Kubernetes clusters using Kubernetes native operation method, managing all your Kubernetes resources from the same portal provides consistent experience, such as security competence, application management, observable scanning and cluster audit policy. Second, all managed Kubernetes clusters can apply the same logging, monitoring capability by integrate database Alibaba Cloud middleware, integrated with Alibaba Cloud SoS for logging management's integrated with ours to gain application performance observability. Third, you can take advantage of the scalability of public Cloud by integrating with infinite resources, you can have infinity to resource pool which can response to a traffic spike, we saw service interruption. Typical scenario of Multi Cloud deployment is active mode, so first the reason why you use this deployment is disaster recovery. This topology achieves Cloud vendors resilience and regional resilience. If one of your Cloud serves experience issues, you might long to shift the traffic to a house you vendors, it is not possible to prevent threats to availability but it is possible to mitigate them. The second reason is improving latency for any user, so closer you back on region A's to any user to [inaudible]. To achieve these goals, you can use global traffic manager to real user access traffic of the application surveys to different clusters. GTM uses the DNS smarter resolution and say, application services Ronnie's data has check to direct user access requests to the most appropriate IP address. GTM provides smart resolution based on network area and a house check based on paying TCP, HTTP, HTTPS. It can be used to build [inaudible] Multi-Active and Remote Disaster Recovery Services flexibly and quickly. With regard to Cluster Management Federation can be used to push cluster configurations such as role-based access, access control policies and other policies to multiple clusters. CI/CD, is usually used for application release management. It's a good choice for continuous delivery because application definition, configurations and the environment should be declared to you and then virtually controlled. Application deployment and lifecycle management should be automated, editable, and easy to understand. With regard to Micro-Service Management is to provide traffic management, security and availability services. Running Multi-Kubernetes clusters, can securely communicate with each other transparently. Kubernetes clusters could be run anywhere, even in different cloud platforms which makes it easy to multi-cluster services mesh mechanism. Another typical scenario is dealing with sudden burst of resources demands, which is so-called Cloud bursting. If an organization using private Cloud reaches 100 percent of it's resource capacity, overflow traffic is directed to a public cloud, so there's no interruption of services. In addition to flexibility and a self-service functionality, the key advantage to cloud bursting is economic savings. You only pay for the additional resources when there's demand for the resources. An application can be applied to the private cloud, then burst to the private cloud only when necessary to meet peak demands. Your workloads running on both public cloud and private cloud can register to the centralized registration for service discovery. Clients of service use either Client Site Discovery or Service Site Discovery to determine the location of a service's instance to reach to send the request. The microservices can communicate to each other no matter where it is running, on the same-cluster, on multiple cluster, or on a hybrid cluster. The object of the Multiple Cloud: Hybrid Cloud Management is application rather than cluster. This slide shows how to register external Kubernetes clusters to Alibaba Cloud Container Service for centralized management to connect Kubernetes clusters to Multi-Cloud Management System. Kubernetes is API hosting, the main technique or challenge lies in establishing cluster tunnels. Cluster tunnels installs that agent in your Kubernetes cluster on a private network, which enables access from the public Cloud with this tunnel. Users can access your Kubernetes clusters as if each were running on a public cloud without the need for public IP addresses and use, manage, and monitor your clusters anytime anywhere. Features such as authentication, authorization, logging, audit, and the console, are controlled from a single point no matter how many clusters and where a cluster is. There are two layers of this architecture of Cloud tunnel. The lower layer is a hosted cluster with an agent for each. The agent runs the hosted clusters and are able to access resources on the private network which the cluster reside. They are also responsible for establishing tunnels that connect the private networks to the public Cloud by using Stubs. The upper layer is composed of clouds on the public network, and is responsible for centralized authorization, authentication, and audit. Commands for the private Kubernetes cluster are passed to the agent through the tunnel. Registered Kubernetes cluster are taking advantage of the features provided by Alibaba Cloud such as: Cluster Audit, Logging Management, Application Performance Management and Application high availability service. Another advantage of registering your Kubernetes clusters to Alibaba Cloud Container Service is utilizing all its resources. Adding a Virtual note to your cluster equals to adding an infinitely results pull to your cluster. The scalable unit is pod rather than node. Which means results can be ready much faster to response to traffic spike. The technology behind virtual nodes is Elastic Container Instance, which is an agile, and a secure server less container management service. ECI provides you with the capability to run containers without having to dedicate resources, to manage servers, or the underlying infrastructure. Containers can be easily setup from just a container image, and you are charged only for the results consumed by your container. With multi Cloud Hybrid cloud 1.0 architecture. Alibaba Cloud Container Service provides unified cluster management by registering external clusters to Alibaba Cloud Console, which provides cluster federation governance, monitoring, and back up to centralize the managed multi-clusters, with a consistent experience. In 1.0 architecture, all managed clusters are integrated with Alibaba cloud mid where easily with zero intrusion and low cost to take advantage of the capability for logging, monitoring, security and a high availability. With 2.0. architecture, Alibaba Cloud Container Service extends the unified management, to application level. Alibaba cloud service mesh is a managed service mesh solution, to provide traffic management, security, observability, for services running on multiple cluster. These slides shows how to manage multiple clusters with a single mesh to achieve multi-region active architecture. Multi-cluster deployments give you a great degree of isolation and availability. But increased complexity. If your system have higher availability requirements, you likely need cluster across multiple zones and regions. You can counter reconfiguration chains or new binary releases in a single cluster. Where the configuration chains only affect a small amount of user traffic. Additionally, if a cluster has a problem, you can temporary route traffic to nearby clusters, until you address the issue. Inter cluster communication are based on Cloud's enterprise network, which is a high availability network built on the high performance, and the low latency global priority network provided by Alibaba Cloud. By introducing service mesh, you can extend multi-cloud hybrid cloud management to application level for unified traffic management. Let's see the demo. In this demo, I have a Kubernetes cluster, set up on that's our Cloud Vender. I'm going to register it to Alibaba Cloud Container Service. First, let's create or register Kubernetes cluster. It sets up on Alibaba Cloud, which is used to communicate with agent installed on the external clusters. I'll choose a region and accept the terms. It will take a couple of seconds to complete. After completion, you can see the placeholder cluster listed. So status is to be connected. Click "Manage" to get the agent YAML file. Copy the YAML file, which will be created on your external Kubernetes cluster. Let's go back to your external Kubernetes cluster. You can see there are three nodes for these cluster. Let's create the agent. With all agents to be running. Now, go back to ACK console. You can see that the cluster status has been changed to running, and there are three nodes for your external cluster. Next, I'm going to deploy an application Helm chart into your external cluster from ACK console. Let's go to your third-party Cloud platform and check. There's no service. I'll create NGINX application using Helm chart from ACK console. Make sure that you choose the correct cluster. Let's go back to your third-party Cloud platform. You can see there's a service created, and you can access the service from the load balancer IP address. Let's go back to ACK and delete it. Let's check again. You can see that the service has been deleted from your external cluster. Next, I will demo how to integrate Alibaba Cloud service into your external cluster. For the registered Kubernetes cluster, you can enable audit logging capability. Once enabled, the audit logs will be recorded to track the operation that modify it's configuration or metadata of a resource. From the cluster auditing page, you can see the pretty defined dashboard for Kubernetes audit center. You can see the public visit and authorized visit to API server, you can see the location of the clients to visit the API server, and you can also see some sensitive actions, and you can also see some operation overview. It adds actually every actions to your objects in Kubernetes cluster. Next, I will demo how to integrate your registered Kubernetes cluster with Alibaba Cloud middleware, the first middleware to integrate with it's Application High Availability Service. AHAS is a product that focus on improving the high availability capability of applications. By integrating AHAS within the registered Kubernetes cluster, you can build the functions such as automatic detection of application architecture, high-availability evaluation of fault injection, and one-click flow control degradation, which can quickly and cost-effectively improve application availability. Go to the AHAS console, you can see the architecture map for your external registered Kubernetes cluster. From container level, you can see the status of your container installed on your registered Kubernetes cluster. From a Kubernetes perspective, you can see it's a deployment. From host perspective, you can see the no status. The next Alibaba Cloud meeting, I'm going to demo to integrate with ARMS. Application Real-Time Monitoring Service is an application performance management product of Alibaba Cloud. By integrating ARMS within the registered Kubernetes cluster, you can quickly and conveniently build business monitoring capability within few second response time for business and enterprises based on customer dimensions such as the browser, application, and business. To enable ARMS integration, you just need to add annotations to your boot, YAML file. Let's go to the ARMS console. From the console, you can see the status of your application for each request; and from application details page, you can see the request flow and the time consumed for each request. In this demo, you can see the advantage of registering your external Kubernetes cluster to ACK console. First, you can have unified management console; and second, you can easily integrate your external Kubernetes cluster with Alibaba Cloud middleware.
