小杨同学的wiki

配置crd-policy

[root@brazil-11627 ~]# more service-export-import-crd-policy.yaml
# propagate ServiceExport CRD
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: serviceexport-policy
spec:
  resourceSelectors:
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: serviceexports.multicluster.x-k8s.io
  placement:
    clusterAffinity:
      clusterNames:
        - brazil
        - chile01
---
# propagate ServiceImport CRD
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: serviceimport-policy
spec:
  resourceSelectors:
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: serviceimports.multicluster.x-k8s.io
  placement:
    clusterAffinity:
      clusterNames:
        - brazil
        - chile01

配置导出policy

[root@brazil-11627 ~]# cat service-export-demo-policy.yaml
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceExport
metadata:
  name: demo
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
  name: serve-export-policy
spec:
  resourceSelectors:
    - apiVersion: multicluster.x-k8s.io/v1alpha1
      kind: ServiceExport
      name: demo
  placement:
    clusterAffinity:
      clusterNames:
        - chile01

配置导入

[root@brazil-11627 ~]# cat service-improt-demo-policy.yaml
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceImport
metadata:
  name: demo
spec:
  type: ClusterSetIP
  ports:
  - name: port-0   # 该name信息很重要，如果不配置会无法在iptables nat表中进行转发
    port: 80
    protocol: TCP
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
  name: serve-import-policy
spec:
  resourceSelectors:
    - apiVersion: multicluster.x-k8s.io/v1alpha1
      kind: ServiceImport
      name: demo
  placement:
    clusterAffinity:
      clusterNames:
        - brazil

https://karmada.io/docs/userguide/service/multi-cluster-service

iptables转发信息

[root@brazil-11627 ~]# iptables-save | grep derived-demo
-A KUBE-SEP-K62PFHEP6QVAGI5W -s 172.16.0.4/32 -m comment --comment "default/derived-demo:port-0" -j KUBE-MARK-MASQ
-A KUBE-SEP-K62PFHEP6QVAGI5W -p tcp -m comment --comment "default/derived-demo:port-0" -m tcp -j DNAT --to-destination 172.16.0.4:80
-A KUBE-SERVICES -d 10.247.31.76/32 -p tcp -m comment --comment "default/derived-demo:port-0 cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.247.31.76/32 -p tcp -m comment --comment "default/derived-demo:port-0 cluster IP" -m tcp --dport 80 -j KUBE-SVC-WIEL5QUBLOM63VPZ
-A KUBE-SVC-WIEL5QUBLOM63VPZ -m comment --comment "default/derived-demo:port-0" -j KUBE-SEP-K62PFHEP6QVAGI5W

测试和监控脚本

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://tomcat-sample.default.svc.cluster.local:8080/;
  }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}



while true
do
       HTTPCODE=`curl -I -m 10 -o /dev/null -s -w %{http_code}  http://tomcat-sample.default.svc.cluster.local:8080/sample/`
       if [[ $HTTPCODE !=200 ]];then
            echo "site error"
       else
            echo "site ok"
       fi
done

### 配置crd-policy

```yaml
[root@brazil-11627 ~]# more service-export-import-crd-policy.yaml
# propagate ServiceExport CRD
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: serviceexport-policy
spec:
  resourceSelectors:
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: serviceexports.multicluster.x-k8s.io
  placement:
    clusterAffinity:
      clusterNames:
        - brazil
        - chile01
---
# propagate ServiceImport CRD
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
  name: serviceimport-policy
spec:
  resourceSelectors:
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: serviceimports.multicluster.x-k8s.io
  placement:
    clusterAffinity:
      clusterNames:
        - brazil
        - chile01
```

### 配置导出policy

```yaml
[root@brazil-11627 ~]# cat service-export-demo-policy.yaml
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceExport
metadata:
  name: demo
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
  name: serve-export-policy
spec:
  resourceSelectors:
    - apiVersion: multicluster.x-k8s.io/v1alpha1
      kind: ServiceExport
      name: demo
  placement:
    clusterAffinity:
      clusterNames:
        - chile01
```

### 配置导入

```yaml
[root@brazil-11627 ~]# cat service-improt-demo-policy.yaml
apiVersion: multicluster.x-k8s.io/v1alpha1
kind: ServiceImport
metadata:
  name: demo
spec:
  type: ClusterSetIP
  ports:
  - name: port-0   # 该name信息很重要，如果不配置会无法在iptables nat表中进行转发
    port: 80
    protocol: TCP
---
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
  name: serve-import-policy
spec:
  resourceSelectors:
    - apiVersion: multicluster.x-k8s.io/v1alpha1
      kind: ServiceImport
      name: demo
  placement:
    clusterAffinity:
      clusterNames:
        - brazil
```

https://karmada.io/docs/userguide/service/multi-cluster-service

### iptables转发信息

```bash
[root@brazil-11627 ~]# iptables-save | grep derived-demo
-A KUBE-SEP-K62PFHEP6QVAGI5W -s 172.16.0.4/32 -m comment --comment "default/derived-demo:port-0" -j KUBE-MARK-MASQ
-A KUBE-SEP-K62PFHEP6QVAGI5W -p tcp -m comment --comment "default/derived-demo:port-0" -m tcp -j DNAT --to-destination 172.16.0.4:80
-A KUBE-SERVICES -d 10.247.31.76/32 -p tcp -m comment --comment "default/derived-demo:port-0 cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.247.31.76/32 -p tcp -m comment --comment "default/derived-demo:port-0 cluster IP" -m tcp --dport 80 -j KUBE-SVC-WIEL5QUBLOM63VPZ
-A KUBE-SVC-WIEL5QUBLOM63VPZ -m comment --comment "default/derived-demo:port-0" -j KUBE-SEP-K62PFHEP6QVAGI5W
```

### 相关指令

```bash
kubectl get clusters
kubectl delete cm member2 member3 member4  -n karmada-cluster
kubectl get endpointslices
kubectl get ep  derived-demo
kubectl get serviceimport
kubectl get serviceimport
kubectl get crds
```

### 测试和监控脚本

```bash
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

#access_log  /var/log/nginx/host.access.log  main;

location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://tomcat-sample.default.svc.cluster.local:8080/;
  }

error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

while true
do
       HTTPCODE=`curl -I -m 10 -o /dev/null -s -w %{http_code}  http://tomcat-sample.default.svc.cluster.local:8080/sample/`
       if [[ $HTTPCODE !=200 ]];then
            echo "site error"
       else
            echo "site ok"
       fi
done
```