Requirement:
We would like to spread our kubernetes workload across region. So we can have safer DR solution for our services. ie we have worker nodes in phoenix of OCI, we would like to add new worker nodes in ashburn of OCI within the same tenancy and the same kubernetes cluster. This wiki is based on oracle provided kubernete and container service see official doc .Solution:
The main part is on firewall side between the 2 regions. As long as the ports are open among nodes for kubernetes own communication and services of pods. It would be fine. The network we use flannel which is on VXLAN.Once firewall ports are open, refer this blog to add a new worker node
Firewall Part :
Kubernetes own communctions between the 2 regions
All the worker nodes in the clusters should open "ports: 10250 8472" to be able to receive connections
Source: All the nodes
Destination : worker nodes
port: TCP: 10250 UDP:8472
All Master nodes should open "port : 6443" (API server) to be able to receive connections
Source: All worker nodes and End users Program to access API server
Destation : Master nodes
port: 6443
All Etcd nodes should open "port : 2379 " (etcd service) to be able to receive connections
Source: All the nodes ,
Destation : Etcd nodes
port: 2379
All services ports need to be exposed to outside kubernetes
Source: 0.0.0.0 or restricted users depends on what services
Destation : All the worker nodes
port: the ports to be exposed
All services ports need to be exposed to outside kubernetes
Source: 0.0.0.0 or restricted users depends on what services
Destation : All the worker nodes
port: the ports to be exposed
No comments:
Post a Comment