连接两个k8s集群
设置
我有两个集群,一个在 digitalocean(产品)上管理,一个在 aws(测试)上管理。
DO 集群 IP4 CIDR: 10.245.0.0/16
AWS 集群 IP4 CIDR: 10.100.0.0/16
数字海洋上有集群域
.svc.cluster.local
和 aws 上的具有集群域
.svc.cluster.test
我在两者上都安装了 CoreDNS,还安装了 Vault(仅限产品)和 consul(两个集群)
所需状态
我需要能够从产品集群连接进行测试使用内部 DNS (service-name.namespace.svc.cluster.(local/test) 因为thanos-prometheus和vault(从产品vault实例获取测试集群上的秘密)
我还需要使用连接到两个集群VPN 并能够在浏览器中解析 http 地址(最好使用wireguard)
我设法使用 tailscale 获取可访问的 http 地址,但仍然无法实现集群间通信
有谁知道如何解决这个问题吗?
Setup
I have two clusters, one managed on digitalocean (prod) and one managed on aws (test).
DO cluster IP4 CIDR: 10.245.0.0/16
AWS cluster IP4 CIDR: 10.100.0.0/16
The one on digital ocean has cluster domain
.svc.cluster.local
and the one on aws has cluster domain
.svc.cluster.test
I have CoreDNS installed on both and I also have Vault installed (prod only) and consul installed (both clusters)
Desired state
I need to be able to connect from prod cluster to test using internal DNS (service-name.namespace.svc.cluster.(local/test) because of thanos-prometheus and vault (getting secrets on test cluster from prod vault instance)
I also need to connect to both clusters using VPN and be able to resolve http adresses in browser (preferably with wireguard)
i managed to get http adresses accesible using tailscale but cluster-to-cluster communication was still not possible
Does anyone have any idea how to approach this? Thank you in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以考虑Rancher https://rancher.com/docs/rancher/v2.6 /en/ 作为集群管理工具。将两个集群 DO 和 AWS k8s 集群作为 Rancher 中的下游集群加入,并使用 Rancher 进行集中管理
You can consider Rancher https://rancher.com/docs/rancher/v2.6/en/ as cluster management tool. join the two clusters DO and AWS k8s clusters as downstream clusters in rancher and manage them centrally using rancher