DocsICP FilingConsole
官方文档
首页

Step 2: Initialize the environment

更新时间:
复制 MD 格式
产品详情
我的收藏

This topic describes how to initialize a unitized environment based on your architecture plan in preparation for application releases.

Note

This topic applies only to the public cloud Gold environment in the Hangzhou region.

Step 1: Create a unitized workspace

  1. Log on to the SOFAStack console.

  2. In the navigation pane on the left, click Global Settings at the bottom to go to the workspace list page.

  3. Click Create Workspace, select the Unitized Workspace type, and click Create.

    • Standard Workspace: A standard workspace is an organizational mechanism in SOFAStack used to group and isolate resources for different purposes and stages. You can assign a workspace for each stage of your development and operations and maintenance (O&M) process, such as a development workspace in a single data center (zone) or a production workspace in two data centers (zones).

    • Unitized Workspace: A unitized workspace adds unitization capabilities to a standard workspace. It can be used for active-active disaster recovery within the same city and for remote disaster recovery. It is a collection of standard workspaces. You can use a unitized workspace group to isolate user resources. Clusters in different workspace groups are isolated from each other.

  4. On the Create Workspace page, enter the following basic information.

    • Workspace ID: Enter an ID for the workspace that is 2 to 64 characters in length. The ID must be in English, globally unique, and cannot be modified after creation. Examples: dev, test, and prod. For this example, enter DemoIDC.

    • Workspace Name: Enter a display name for the workspace that is 1 to 64 characters in length. Examples: Development Workspace, Test Workspace, and Production Workspace. For this example, enter DemoIDC.

    • Region: Select the region where the workspace is located.

    • Network Type: Select VPC Network.

  5. Click Next. On the Create Unitized Architecture page, click Add Zone. You can configure an unlimited number of zones for each workspace. In this example, two zones are configured for the workspace to prepare for architectures such as dual-data-center high availability.

    Note

    The system automatically generates a unitized architecture topology and divides it into logical units and deployment units based on the zone configuration.

  6. Click Next. On the Create VPC page, enter the following configuration information:

    • VPC Name: The name must be 2 to 128 characters in length and start with a letter. It can contain digits, underscores (_), and hyphens (-). It cannot start with http:// or https://. We recommend that you use the same name as the workspace. For this example, enter DemoIDC1 and DemoIDC2.

    • VPC CIDR Block: The CIDR block of the VPC. This cannot be changed after it is selected. The private IP addresses of all resources within the VPC, such as ECS, RDS, and SLB instances, are allocated from this CIDR block. The following CIDR blocks are available:

      • 10.0.0.0/9

      • 172.16.0.0/12

      • 192.168.0.0/16

    • vSwitch: Click Add vSwitch. In the Create vSwitch window, enter the following information and click Submit.

      • Name: The name of the vSwitch. It must be 2 to 128 characters in length and start with a letter. It can contain digits, underscores (_), and hyphens (-).

      • Zone: The zone for the vSwitch. vSwitches in different zones within the same VPC can communicate with each other over the internal network. You need to create a vSwitch for each zone.

      • Custom CIDR Block: Disabled by default. If you enable this, you must enter a CIDR block address. The CIDR block of the vSwitch can be the same as or a subnet of its parent VPC's CIDR block.

      • Subnet Mask: If Custom CIDR Block is disabled, you must select a subnet mask and a CIDR block address. The default subnet mask for a VPC is /24, such as 172.31.0.0/24, which provides a maximum of 65,536 private IP addresses. The range is from /16 to /29, which provides 4 to 65,532 addresses.

      • Description: Enter a description for the vSwitch. The description can be 2 to 256 characters in length and cannot start with http:// or https://.

  7. Click Next. On the Create Security Group page, click Add Security Group. In the Add Security Group window, enter the following information and click Submit.

    • Security Group Name: Optional. The name must be 2 to 128 characters in length and start with a letter. It can contain digits, colons (:), underscores (_), or hyphens (-). It cannot start with http:// or https://.

    • Description: The description can be 2 to 256 characters in length and cannot start with http:// or https://.

    • Rules: Keep the default settings.

Step 2: Create a cluster

A cluster is a logical group for running workloads. It contains a set of ECS resources, and each ECS instance is a node in the cluster. When you first use the multi-cluster container engine (LHC), you must create an initial cluster and add at least one node.

Note

Cluster creation typically takes about 20 minutes. The time required depends on the number of zones and nodes included.

In this example, you create a cluster for each of the two zones in the unitized workspace: democluster1 and democluster2. This process implements an active-active architecture within the same city.

  1. In the navigation pane on the left, choose Operations Management > Multi-cluster Container Engine to go to the LHC console.

  2. Choose Cluster Management > Cluster Details.

  3. On the Cluster List page, click Create Cluster.

  4. On the Create Cluster page, the system automatically runs a precheck. The precheck ensures that the required products are activated and that your account balance is greater than CNY 100. After the precheck is passed, click Next.

    Note

    If the precheck fails, resolve the issues and click Recheck to run the precheck again.

  5. On the Basic Configuration page, enter the following configuration information.

    • VPC: Select the VPC that belongs to the current unitized workspace.

    • Cluster Name: Required. Enter the display name of the cluster. For this example, enter democluster1 and democluster2.

    • Kubernetes Version: Select a Kubernetes version. You can select 1.16.9-aliyun.1 or 1.18.8-aliyun.1.

    • Container Runtime: docker 19.03.5.

    • Network Configuration:

      • vSwitch: From the list of existing vSwitches, select one to three vSwitches based on the zones. If the required vSwitch is not available, click Create vSwitch to create one. For more information, see Create a vSwitch.

      • Network Plugin: Select the network plugin to enable. The Terway network plugin is supported. For more information, see Flannel and Terway. Terway is a network plugin developed by Alibaba Cloud Container Service. It assigns elastic network interfaces (ENIs) from Alibaba Cloud to containers, supports Kubernetes Network Policy to define access policies between containers, and supports bandwidth throttling for individual containers.

      • Pod vSwitch: If you select Terway as the network plugin, you must specify a vSwitch to assign IP addresses to pods. Each pod vSwitch corresponds to a vSwitch of a worker instance. If the required vSwitch is not available, click Create vSwitch to create one. For more information, see Create a vSwitch.

      • Service CIDR: Set the Service CIDR. The CIDR block cannot overlap with the VPC or pod CIDR blocks and cannot be modified after creation.

      • Advanced Configuration:

        • Configure SNAT: This option is selected by default and cannot be modified. When you create a cluster, public network access is disabled by default. If the VPC that you select does not have public network access, select Configure SNAT for VPC. ACK then creates a NAT Gateway and automatically configures SNAT rules for you.

        • Public Network Access: Specify whether to expose the API Server using an Elastic IP Address (EIP). The API Server provides HTTP REST interfaces for creating, reading, updating, and deleting various resource objects, such as pods and services, and for watching for changes.

          • If you enable this option, an EIP is created and attached to an internal-facing SLB instance. The API Server on port 6443 of the master node is exposed. You can then connect to and operate the cluster from the public network using the kubeconfig file.

          • If you disable this option, no EIP is created. You can connect to and operate the cluster from within the VPC only using the kubeconfig file.

            Note

            To obtain the kubeconfig information, go to the ACK console.

        • kube-proxy Proxy Mode: Supports iptables and IPVS modes.

          • iptables: A mature and stable kube-proxy proxy mode. Service discovery and load balancing for Kubernetes services are configured using iptables rules. However, its performance is average and is significantly affected by scale. This mode is suitable for clusters with a small number of services.

          • IPVS: A high-performance kube-proxy proxy mode. Service discovery and load balancing for Kubernetes services are configured using the Linux IPVS module. This mode is suitable for scenarios with many services and high-performance requirements for load balancing.

        • Cluster Deletion Protection: Prevents accidental deletion of the cluster through the console or API. This option is selected by default but can be changed.

        • Deployment Unit: The Use default configurations option is selected by default. If you clear this check box, you can set different deployment units for each zone. To modify a deployment unit, go to the Classic Application Service console > Environment Parameters.

        • Data Disk Attachment: The Use Simple Log Service option is selected by default and cannot be modified. A project named k8s-log-{ClusterID} is automatically created.

  6. After you complete the configuration, click Next.

  7. On the Node Configuration page, complete the following worker node configurations.

    • Billing Method: Supports pay-as-you-go and subscription billing for nodes. If you select subscription, set the following parameters.

      • Duration: You can select 1, 2, 3, or 6 months, or 1 to 5 years.

      • Auto-renewal: Set whether to enable auto-renewal.

    • Number of Nodes: The number of worker instances (ECS instances) to create.

    • Instance Type: You can select multiple instance types. For more information, see Instance families.

    • System Disk: Supports ESSD, standard SSD, and ultra disk.

    • Attach Disk: Supports standard SSD and ultra disk.

    • Operating System: Supports CentOS and Alibaba Cloud Linux (Alinux).

    • Logon Password: Set the logon password for the nodes. It must be 8 to 30 characters long and contain at least three of the following: uppercase letters, lowercase letters, digits, and special characters.

    • Confirm Password: Confirm the logon password for the nodes.

  8. After you complete the configuration, click Next.

  9. On the Configuration Preview page for the cluster, confirm that the configuration is correct and click Submit.

    Note

    • Creating a multi-node Kubernetes cluster typically takes about 10 minutes.

    • If a task fails during cluster creation, you can click the event to view error details, or click Retry or Ignore.

Step 3: Create a gateway cluster

The unified access gateway carries service load balancing traffic in a cluster. You must plan the cluster based on the traffic type, such as public network, internal network, or office network traffic.

Note

After you create a unified access gateway cluster, you must also create a unified access instance for the gateway cluster and a load balancing Service for the application service to handle various types of service traffic.

  1. Log on to the LHC console. In the navigation pane on the left, choose Network > Unified Access Cluster.

  2. On the Cluster List page, click Create Gateway Cluster.

  3. On the Create Gateway Cluster page, enter the following configuration information.

    • Cluster Name: The name must be 1 to 63 characters in length. It can contain only lowercase letters, digits, and hyphens (-). It must start with a letter and end with a letter or digit.

    • Network Type: You can specify an internal network or a public network. After you specify the network type for a cluster, you can create only unified access instances of the same network type on that cluster.

    • Initial Cluster Status: You can select Online or Maintenance.

      • Online: The gateway cluster provides traffic forwarding services and can accept updates to forwarding rules.

      • Maintenance: The gateway cluster only provides traffic forwarding services and does not accept requests to update forwarding rules.

    • Container Specifications: The specifications of the containers and the number of nodes determine the request processing capacity of the cluster. The minimum specification is 1-core CPU, 1 GB memory, and 5 GB disk.

    • Host Network Mode: The network model used by the gateway cluster. If you select No, each pod has an independent IP address.

    • Container Version Configuration:

      • Name: The name must be 1 to 63 characters in length. It can contain only lowercase letters, digits, and hyphens (-). It must start with a letter and end with a letter or digit.

      • Container Image: Enter the container image address for the gateway nodes. Example: registry.cn-hangzhou.aliyuncs.com/sofastack/spanner:1.3.0.

      • Number of Replicas: Enter the number of gateway nodes. The maximum is 100.

      • Label: Optional. A label key consists of two parts: an optional prefix and a name, separated by a /. The name part can be up to 63 characters in length. It must start and end with an alphanumeric character ([a-z], [0-9], or [A-Z]) and can contain alphanumeric characters and the _ - . characters. The prefix is optional. If a prefix is used, it must conform to DNS subdomain specifications. A DNS subdomain is a series of DNS labels concatenated by ., and the total length cannot exceed 253 characters. The kubernetes.io/ and k8s.io/ prefixes are reserved. Label values can be up to 63 characters in length. They must start and end with an alphanumeric character ([a-z], [0-9], or [A-Z]) and can contain alphanumeric characters and the _ - . characters. The value cannot be empty.

Step 4: Create a unified access instance

Prerequisites

Procedure

  1. Log on to the LHC console.

  2. In the navigation pane on the left, choose Network > Unified Access Instance to go to the unified access instance list page.

  3. Click Create Instance and enter the following configuration information:

    • Basic Information:

      • Instance Name: Required. The name must be 1 to 63 characters in length and unique. It can contain lowercase letters, digits, and hyphens (-). It must start with a letter and end with a letter or digit.

      • Network Type: Supports Internal Network or Public Network.

      • Unified Access Cluster: Select an available access cluster.

    • Configuration Information:

      • HTTP Protocol: Required. Set the Frontend Port number. The valid range is 1 to 65535.

      • HTTPS Protocol: Optional. You must set the Frontend Port number and the Certificate ID.

Step 5: Initialize unit routing rules

  1. Log on to the LHC console. In the navigation pane on the left, choose Traffic Management > Application Layer.

    On the Production Traffic tab, the system displays the most recently pushed global traffic rule, which is the currently effective global traffic snapshot.

  2. Click Rule Configuration to go to the Production Traffic Rule Configuration page. This page displays the currently configured rules, which are not necessarily in effect.

  3. Click a logical unit card or sharding data to go to the edit page and enter the following configuration information:

    For a deployment unit of the RZone type, configure the UID sharding for the corresponding deployment unit as follows.

    • RZ01A : 00-49

    • RZ02A : 50-99

    Note

    Ensure that the sum of the traffic ratios for all adjusted deployment units is 100%. The value range for UID sharding is 00 to 99.

Step 6: Initialize middleware

Message queue initialization

Create a topic

  1. Log on to the MSMQ console. In the navigation pane on the left, choose Topic Management to go to the topic list page.

  2. In the upper-left corner of the list, click Create Topic. In the dialog box that appears, enter or select the topic information:

    • Topic: The name of the topic. The name must be 3 to 64 characters in length. It can contain only letters, digits, hyphens (-), and underscores (_). It cannot start with "CID" or "GID". Example: TP_TEST_POC.

    • Message Type: Select Transactional Message.

    • Description: Optional. A remark about the topic.

  3. Click OK.

Create a Group ID

  1. Log on to the MSMQ console. In the navigation pane on the left, choose Group Management to go to the Group ID list page.

  2. In the upper-left corner of the list, click Create Group ID. In the dialog box that appears, enter or select the Group ID information:

    • Group ID: Required. The ID must be 7 to 64 characters in length and start with "GID" or "GID-". It can contain only letters, digits, hyphens (-), and underscores (_). Example: GID_SGROUP.

    • Description: Optional. A remark about the Group ID.

  3. Click OK.

Create a message routing task

  1. Log on to the MSMQ console. In the navigation pane on the left, choose Message Routing.

  2. In the upper-left corner of the message routing task list, click Create Routing Task.

  3. In the Create Routing Task window, configure the following task information:

    • Source Topic: Enter the name of the topic that contains the messages to be synchronized, such as TP_TEST_POC.

    • Target Unit: Select the unit that contains the topic to which messages will be synchronized, such as RZONE.

    • Target Topic: Enter the name of the topic to which messages will be synchronized, such as TP_TEST_POC.

    • Start Sync Offset: Select the position in the source topic's message queue from which to start message synchronization. Messages that enter the queue after this position are synchronized to the target topic. Select an option as needed.

      • Earliest offset: After the task starts for the first time, synchronization begins from the earliest message that is written to the source topic queue within its validity period. Messages sent before the initial startup of the task are not synchronized.

      • Latest offset: After the task starts for the first time, synchronization begins from the latest message that is written to the source topic queue. Messages sent before the initial startup of the task are not synchronized.

      • Custom offset: Select the position in the source topic's message queue from which to start message synchronization. Messages sent before the initial startup of the task are not synchronized.

    • Description: Optional. Enter a specific description or remark for the sync task.

  4. Click OK.

Previous:Step 1: Architecture planningNext:Step 3: Develop a unitized application