Federation makes it easy to manage resources across clusters by providing two distinct types of building blocks. The first is resources and the second is service discovery:
- Resource synchronization across clusters: Federation is the glue that allows you to keep track of the many resources needed to run sets of applications. When you're running a lot of applications, with many resources and object types, across many clusters, federation is key to keeping your clusters organized and managed well. You may find yourself needing to keep an application deployment running in multiple clusters with a single pane of glass view.
- Multi-cluster service discovery: There are a number of resources that share well between clusters such as DNS, load balancers, object storage, and ingress. Federation gives you the ability to automatically configure those services with multi-cluster awareness, so you can route application traffic and manage the control plane across several clusters.
As we'll learn next, Kubernetes federation is managed by a tool named kubefed, which has a number of command-line flags that allow you to manage many clusters and the building blocks we discussed previously. The major building blocks of kubefed that we'll use are as follows:
- kubefed init: Initialize a federation control plane
- kubefed join: Join a cluster to a federation
- kubefed options: Print the list of flags inherited by all commands
- kubefed unjoin: Unjoin a cluster from a federation
- kubefed version: Print the client and server version information
Here's a handy list of the options that can be used:
--alsologtostderr log to standard error as well as files --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. --cache-dir string Default HTTP cache directory (default "/Users/jrondeau/.kube/http-cache") --certificate-authority string Path to a cert file for the certificate authority --client-certificate string Path to a client certificate file for TLS --client-key string Path to a client key file for TLS --cloud-provider-gce-lb-src-cidrs cidrs CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16) --cluster string The name of the kubeconfig cluster to use --context string The name of the kubeconfig context to use --default-not-ready-toleration-seconds int Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300) --default-unreachable-toleration-seconds int Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300) -h, --help help for kubefed --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure --ir-data-source string Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb") --ir-dbname string InfluxDB database name which contains metrics required by InitialResources (default "k8s") --ir-hawkular string Hawkular configuration URL --ir-influxdb-host string Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy") --ir-namespace-only Whether the estimation should be made only based on data from the same namespace. --ir-password string Password used for connecting to InfluxDB (default "root") --ir-percentile int Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90) --ir-user string User used for connecting to InfluxDB (default "root") --kubeconfig string Path to the kubeconfig file to use for CLI requests. --log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log-dir string If non-empty, write log files in this directory --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) --logtostderr log to standard error instead of files (default true) --match-server-version Require server version to match client version -n, --namespace string If present, the namespace scope for this CLI request --password string Password for basic authentication to the API server --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") -s, --server string The address and port of the Kubernetes API server --stderrthreshold severity logs at or above this threshold go to stderr (default 2) --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --username string Username for basic authentication to the API server -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Here's a high-level diagram that shows what all of these pieces look like when strung together: