Skip to content

Kubernetes Multi Region Clustering using DNS

This document is specific to dynamic discovery with DNS_PING and is an extension of PingFederate Cluster Across Multiple Kubernetes Clusters. This is the recommended approach for GA PingFederate 10.2+

Overview

PingFederate DNS PING MultiRegion Deployment Diagram

The PingIdentity PingFederate Docker image default instance/server/default/conf/tcp.xml file points to DNS_PING. Once you have two peered Kubernetes clusters, to span a PingFederate cluster across becomes easy. A single pingfederate cluster using DNS_PING queries a local headless service. In this example we use externalDNS to give an externalName to the headless service. externalDNS makes a corresponding record on AWS Route53 and constantly updates it with container ips of the backend PF engines.

External DNS

if unable to use externalDNS, another way to expose the headless service across clusters is needed. HAProxy may be viable.

What You'll Do

  • Edit the externalName of the pingfederate-cluster service and the DNS_QUERY_LOCATION variable as needed

    search on the files for # CHANGEME

  • Deploy the clusters
  • Cleanup

Running

Prerequisites

Clone the getting-started Repository to get the Kubernetes yaml and configuration files for the exercise (20-kubernetes/14-dns-pingfederate-multiregion), then:

  1. Look through the files, there are embedded comments to explain the purpose of its structure.

  2. Fix the first un-commented line under any # CHANGEME in the files. This will be the Kubernetes namespace and the will be the externalName of the pingfederate-cluster service.

  3. Deploy the first cluster

    kubectl apply -f 01-east.yaml
    
  4. Wait for the pingfederate-admin pod to be running, then validate you can log into the console. You can port-forward the admin service and look at clustering via the admin console.

    kubectl port-forward svc/pingfederate 9999:9999
    
  5. If you have console access to AWS Route53, you should be able to find the externalName specified and see the IPs of your containers.

  6. Switch Kubernetes context to second cluster

  7. Deploy the second cluster

    kubectl apply -f 02-west.yaml
    

Cleanup Clusters

kubectl delete -f 02-west.yaml

Switch Kubernetes context to second cluster

kubectl delete -f 01-east.yaml