Kubernetes Cluster Federation (KubeFed)

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJT...
    server: https://<ip>:443
  name: k8s-cluster-host
- cluster:
    certificate-authority-data: LS0tLS1CRUdJT...
    server: https://<ip>:443
  name: k8s-cluster-member1
- cluster:
    certificate-authority-data: LS0tLS1CRUdJT...
    server: https://<ip>:443
  name: k8s-cluster-member2
contexts:
- context:
    cluster: k8s-cluster-host
    user: admin-host
  name: k8s-context-host
- context:
    cluster: k8s-cluster-member1
    user: admin-member1
  name: k8s-context-member1
- context:
    cluster: k8s-cluster-member2
    user: admin-member2
  name: k8s-context-member2
current-context: k8s-context-host
kind: Config
preferences: {}
users:
- name: admin-host
  user:
    password: 8Rvl5qW...
    username: admin
- name: admin-member1
  user:
    password: 0JefxZq...
    username: admin
- name: admin-member2
  user:
    password: hJLiVLI...
    username: admin

$ kubectl config get-contexts

$ kubectl config use-context <context-name>

$ VERSION=0.2.0-alpha.1
$ OS=linux
$ ARCH=amd64
$ curl -LO https://github.com/kubernetes-sigs/kubefed/releases/download/v${VERSION}/kubefedctl-${VERSION}-${OS}-${ARCH}.tgz
$ tar -zxvf kubefedctl-*.tgz
$ chmod u+x kubefedctl
$ sudo mv kubefedctl /usr/local/bin/ # make sure the location is in the PATH

$ cat << EOF | kubectl apply -f -
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	  name: tiller
	  namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	  name: tiller
	roleRef:
	  apiGroup: rbac.authorization.k8s.io
	  kind: ClusterRole
	  name: cluster-admin
	subjects:
	  - kind: ServiceAccount
	    name: tiller
	    namespace: kube-system
	EOF

$ helm init --service-account tiller

$ helm repo add kubefed-charts https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/charts
$ helm install kubefed-charts/kubefed --name kubefed --version=0.2.0-alpha.1 --namespace kube-federation-system

$ kubefedctl join fed-cluster-member1 --cluster-context k8s-context-member1 --host-cluster-context k8s-context-host --v=2
$ kubefedctl join fed-cluster-member2 --cluster-context k8s-context-member2 --host-cluster-context k8s-context-host --v=2

$ kubefedctl unjoin fed-cluster-member1 --cluster-context k8s-context-member1 --host-cluster-context k8s-context-host --v=2
$ kubefedctl unjoin fed-cluster-member2 --cluster-context k8s-context-member2 --host-cluster-context k8s-context-host --v=2

$ kubectl -n kube-federation-system get kubefedclusters

$ kubefedctl enable <api-resources-name.api-group> --kubefed-namespace kube-federation-system

$ kubectl api-resources -o wide

$ kubefedctl enable deployments.apps --kubefed-namespace kube-federation-system
$ kubefedctl enable services --kubefed-namespace kube-federation-system
$ kubefedctl enable ingresses.extensions --kubefed-namespace kube-federation-system

$ kubefedctl disable services --kubefed-namespace kube-federation-system

$ kubectl create namespace <namespace-name>

# namespace.yaml file
apiVersion: v1
kind: Namespace
metadata:
  name: fed-namespace

$ kubectl create -f resource/namespace.yaml

# federated_namespace.yaml
apiVersion: types.kubefed.io/v1beta1
kind: FederatedNamespace
metadata:
  name: fed-namespace
  namespace: fed-namespace
spec:
  placement:
    clusters:
    - name: member-cluster-1
    - name: member-cluster-2

$ kubectl --context=<host-cluster-context> create -f resource/federated_namespace.yaml

# rbac_externaldns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
  namespace: fed-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: external-dns
  namespace: fed-namespace
rules:
- apiGroups: [""]
  resources: ["services","endpoints","pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
  resources: ["ingresses"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
  namespace: fed-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: fed-namespace

$ kubectl --context=<host-cluster-context> create -f resource/rbac_externaldns.yaml

# externaldns.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
  namespace: fed-namespace
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      # Only use if you're also using RBAC
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: registry.opensource.zalan.do/teapot/external-dns:latest
        args:
        - --source=crd # or service or ingress
        - --crd-source-apiversion=multiclusterdns.kubefed.io/v1alpha1
        - --crd-source-kind=DNSEndpoint
        - --provider=pdns
        - --pdns-server=http://<ip>:<port>
        - --pdns-api-key=<api-key>
        - --registry=txt
        - --txt-prefix=cname
        - --domain-filter=<domain> # will make ExternalDNS see only the zones matching provided domain; omit to process all available zones in PowerDNS 
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization

$ kubectl --context=<host-cluster-context> create -f resource/externaldns.yaml

# federated_deployment.yaml
apiVersion: types.kubefed.io/v1beta1
kind: FederatedDeployment
metadata:
  name: fed-helloworld
  namespace: fed-namespace
spec:
  template:
    metadata:
      name: helloworld
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: helloworld
      template:
        metadata:
          labels:
            app: helloworld
        spec:
          containers:
          - image: docker.io/csdgarr/hello-world:v1
            name: helloworld
            imagePullPolicy: IfNotPresent
  placement:
    clusters:
    - name: member-cluster-1
    - name: member-cluster-2
  overrides:
    - clusterName: member-cluster-2
      clusterOverrides:
      - path: "/spec/replicas"
        value: 3

$ kubectl --context=<host-cluster-context> create -f resource/federated_deployment.yaml

# federated_service.yaml
apiVersion: types.kubefed.io/v1beta1
kind: FederatedService
metadata:
  name: fed-helloworld-service
  namespace: fed-namespace
spec:
  template:
    metadata:
      name: fed-helloworld-service
      labels:
        app: helloworld
    spec:
      selector:
        app: helloworld
      type: ClusterIP
      ports:
      - name: http
        port: 8080
        targetPort: 8080
        protocol: TCP
  placement:
    clusters:
    - name: member-cluster-1
    - name: member-cluster-2

$ kubectl --context=<host-cluster-context> create -f resource/federated_service.yaml

# federated_ingress.yaml
apiVersion: types.kubefed.io/v1beta1
kind: FederatedIngress
metadata:
  name: fed-helloworld-ingress
  namespace: fed-namespace
spec:
  template:
    metadata:
      name: helloworld-ingress
      labels:
        app: helloworld
    spec:
      rules:
      - host: helloworld.<domain>
        http:
          paths:
          - path: / 
            backend:
              serviceName: fed-helloworld-service
              servicePort: 8080
  placement:
    clusters:
    - name: member-cluster-1
    - name: member-cluster-2

$ kubectl --context=<host-cluster-context> create -f resource/federated_ingress.yaml

$ kubectl describe federated<resource-type>.types.kubefed.io/<resource-name> --namespace <namespace>

# ingressdnsrecord.yaml
apiVersion: multiclusterdns.kubefed.io/v1alpha1
kind: IngressDNSRecord
metadata:
  name: fed-helloworld-ingress
  namespace: fed-namespace
spec:
  hosts:
  - helloworld.<domain>
  recordTTL: 300

$ kubectl --context=<host-cluster-context> create -f resource/ingressdnsrecord.yaml