Kasten K10 Header

Configuring Kasten Multi-Cluster Manager across Tanzu and OpenShift

In this blog post I’m going to cover setting up the Multi-cluster support for Kasten when you’ve installed the software to multiple Kubernetes clusters.

One K10 cluster you have deployed will become the primary node. You will use this node and dashboard interface to access the cluster UI.

  • The primary cluster defines policies and other configuration centrally. Centrally defined policies and configuration can then be distributed to designated clusters to be enacted.

Additional clusters are then added in and are called Secondaries.

  • The secondary clusters receive policies and other configuration from the primary cluster. Once policies are distributed to a secondary, the local K10 installation enacts the policy. This ensures that the policy will continue to be enforced, even if disconnected from the primary.

Pre-Requisites:

  • Authentication
    • Token Authentication must be used
  • Network
    • Secondary K10’s ingress must be accessible by the primary
    • Secondary API Server must be accessible by the primary
  • Run the tool on a bastion host that has connectivity using kubectl to all of the clusters you want to bring together.
Download the K10MultiCluster tool
  • Set the tool as executable
  • Move the tool to your /usr/local/bin/ folder
curl -LJO https://github.com/kastenhq/external-tools/releases/download/4.0.9/k10multicluster_4.0.9_linux_amd64


chmod +x k10multicluster_4.0.9_linux_amd64

sudo mv k10multicluster_4.0.9_linux_amd64 /usr/local/bin/k10multicluster

Download K10Multicluster

Next let’s list out our available clusters we can connect to from our node

kubectl config get-contexts

kubectl config get-contexts

Setup Primary Cluster

Now we are ready to setup our primary cluster by running the following command:

k10multicluster setup-primary \
--context=<primary_cluster_context_name> \
--name=<primary_cluster_name>

# My Demo example

k10multicluster setup-primary --context=tkg-wld-01-admin@tkg-wld-01-admin --name=tkg-wld-01-admin

k10multicluster setup-primary

If I visit the UI on the Primary Cluster dashboard, I will see the cluster option:

k10 dashboard - clusters

Setup Secondary Cluster

Now we continue to configure my secondary clusters using the bootstrap argument:

k10multicluster bootstrap \
    --primary-context=<primary_cluster_context_name> \
    --primary-name=<primary_cluster_name> \
    --secondary-context=<secondary_cluster_context_name> \
    --secondary-name=<secondary_cluster_name> \
    --secondary-cluster-ingress=<secondary_ingress>/<k10_endpoint>

# My Demo Example

k10multicluster bootstrap \
 --primary-context=tkg-wld-01-admin@tkg-wld-01 \
 --primary-name=tkg-wld-01-admin \
 --secondary-context=tkg-wld-02-admin@tkg-wld-02 \
 --secondary-name=tkg-wld-02-admin \
 --secondary-cluster-ingress=http://192.168.200.58/k10

k10multicluster bootstrap

Now when you visit your Primary Cluster Dashboard, you will see the clusters added. You may have a message about setting up the permissions to a second cluster if the tool has been unsuccessful in its initial configuration. This can be rectified in the UI as per the below screenshot, Kasten even helpful populates the configuration for you.

k10 dashboard - clusters - grant permissions - pre-filed form - Add k10 Cluster Role Binding

k10 cluster role binding created successfully

k10 - Global k10 Resources - User Permissions

You can also add clusters in directly in the UI by uploading your kubeconfig file.

k10 multi cluster - add clusters in the UI

Configuring Global Policies

By creating the multi-cluster configuration, we enable the ability to have centralised global configurations. Above we touched on the first Global configuration, permissions. Other areas that can be configured Globally are:

  • Profiles
    • These are the location and infrastructure profiles to define where data is held externally from the Kubernetes cluster, and the platform hosting the Kubernetes cluster.
  • Policies
    • This is the protection policy configuration to select artifacts and set the schedule, and where the protected data is stored.
  • Distributions
    • Provide a way to describe the relationship between globally defined resources and the clusters to which they should be distributed

We can also see on the home screen the data usage across all clusters as well as recent activity.

For my example, I’m going to configure a location and infrastructure policy, a protection policy, then a distribution to push this two of my clusters. As the first policies are the same as configuring on a local k10 cluster. I will simply show the screenshots, you can find more details here.

K10 Multi-Cluster - Global Policies - Configure Location and infrastructure profile

K10 Multi-Cluster - Global Policies - Configure Data Protection Policy

Now to configure a distribution policy to push these settings to my K10 clusters, one Tanzu Kubernetes Grid Cluster and one OpenShift Cluster.

  • Select your clusters from either labels or the cluster objects
  • Select the resources available as necessary and click “Add Distribution”

 

K10 Multi-Cluster - Global Policies - Configure Distribution Policy

You will then see the policy object, and the status will change once the sync has completed to each of the clusters.

K10 Multi-Cluster - Global Policies - Configure Distribution Policy - Status

If I click into each of my clusters, I can now see the policies have been pushed.

K10 Multi-Cluster - Global Policies - Sync successful - cluster 1

K10 Multi-Cluster - Global Policies - Sync successful - cluster 2

Disconnect a Secondary Cluster

Removing a cluster from the Multi-Cluster dashboard is quite easy, but can only be completed using the CLI Tool.

k10multicluster disconnect \
    --primary-context=<primary_cluster_context_name> \
    --primary-name=<primary_cluster_name> \
    --secondary-context=<secondary_cluster_context_name> \
    --secondary-name=<secondary_cluster_name>

# My Demo Example

k10multicluster disconnect \
--primary-context=tkg-wld-01-admin@tkg-wld-01 \
--primary-name=tkg-wld-01-admin \
--secondary-context=tkg-wld-02-admin@tkg-wld-02 \
--secondary-name=tkg-wld-02-admin 

k10multi-cluster disconnect

Wrap Up

Setting up the Multi-Cluster feature for Kasten is quite easy. I like how it’s proxied via a primary cluster as well. Meaning I only need to make one UI externally accessible to my users. If needed, I could setup an “empty” K10 instance that is used as the primary, to connect to all my K10 instances for each cluster which is deployed to protect data.

As usual, the Kasten documentation is simple and easy to follow. I only created this post to add some colour, images, and examples.

You can find my other Kasten Blog posts & recordings below:

Regards

Dean Lewis

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.