every other cluster, ideally using L4 network load balancers (NLBs). A service in a given
cluster that needs to be accessed from a different remote cluster requires a ServiceEn-
try configuration in the remote cluster in *.global format. CoreDNS, installed with Istio,
can provide a domain for .global entries and uses port 53 to proxy services external to
the mesh.
A1svc.clusterA.local
A2svc.clusterA.local
B1svc..global
B2svc..global
B1svc.clusterA.local
B2svc.clusterA.local
A1svc..global
A2svc..global
Kubernetes API
Kubernetes API
Istio Controller
(Pilot, Mixer, Citadel)
Core DNS
Core DNS
Istio Controller
(Pilot, Mixer, Citadel)
Istio Gateway
(Public)
MTLS
Service A.1
Service B.1
Istio Gateway
(Public)
MTLS
Service A.2
Cluster A
Service B.2
Root CA
Cluster B
Summary
Running Kubernetes in multi-cluster and multicloud environments is gaining a lot of
attention among enterprises. This is because it enables advanced functionalities for
Kubernetes – as app portability, multi-region deployments, high availability, etc. – and
avoids vendor lock-in scenarios. In fact, enterprise K8s platforms, such as OpenShift 4.0,
already supporting KubeFed, along with Google’s backing of Istio, are already making
Kubernetes Federation and multi-cluster apps more of reality.
FALL 2019 | THE DOPPLER | 69