ClusterLink
ClusterLink simplifies the connection between application services that are located in different domains, networks, and cloud infrastructures.
Disclaimers and warnings
This is an incomplete work in progress, provided in the interest of sharing experience and gathering feedback. The code is pre-alpha quality right now. This means that it shouldn't be used in production at all.
For more details, visit our website.
ClusterLink in a nutshell
ClusterLink deploys a gateway into each location, facilitating the configuration and access to multi-cloud services.
The ClusterLink gateway contains the following components:
Control Planeis responsible for maintaining the internal state of the gateway, for all the communications with the remote peer gateways by means of the ClusterLink CP Protocol, and for configuring the local data plane to forward user traffic according to policies. Part of the control plane is the policy engine that can also apply network policies (ACL, load-balancing, etc.)Data Planeresponds to user connection requests, both local and remote, initiates policy resolution in the CP, and maintains the established connections. ClusterLink DP relies upon standard protocols and avoids redundant encapsulations, presenting itself as a K8s service inside the cluster and as a regular HTTP endpoint from outside the cluster, requiring only a single open port (HTTP/443) and leveraging HTTP endpoints for connection multiplexing.
ClusterLink leverages the Kubernetes API using CRDs to configure cross-cluster communication. ClusterLink management is based on the following key concepts:
- Peer. Represent remote ClusterLink gateways and contain the metadata necessary for creating protected connections to these remote peers.
- Exported service. Represent application services hosted in the local cluster and exposed to remote ClusterLink gateways as Imported Service entities in those peers.
- Imported service. Represent remote application services that the gateway makes available locally to clients inside its cluster.
- Policy. Represent communication rules that must be enforced for all cross-cluster communications at each ClusterLink gateway.
For further information, please refer to the concepts section on the ClusterLink website.
Getting started
ClusterLink can be set up and run on different environments: local environment (Kind), Bare-metal environment, or cloud environment. For more details, refer to the Getting Started Guide.
Additionally, here are some other documents you may find helpful:
- ClusterLink Tutorials - These tutorials describe how to establish multi-cluster connectivity for applications using two or more clusters.
- ClusterLink Developer's Guide -This guide explains how to configure a development environment and contribute code to ClusterLink.
Contributing
Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.
Scope
In Scope
ClusterLink is intended to connect services and applications running in different clusters. As such, the project will implement or has implemented:
- Remote Service sharing
- Extending private Cloud service endpoints to remote sites
- Centralized management (future)
Out of Scope
ClusterLink will be used in a cloud native environment with other tools. The following specific functionality will therefore not be incorporated:
- Certificate management: ClusterLink uses certificates and trust bundles provided to it. It does not manage certificate lifetimes, rotation, etc. - these are delegated to external tools.
- Enabling IP level connectivity between sites. ClusterLink uses existing network paths.
- Pod to Pod communications. ClusterLink works at the level of
Services. You can support Pod-to-Pod communications by creating a service per pod.
Communications
- User Mailing List
- Developer Mailing List
License
This project is licensed under Apache License, v2.0. Code contributions require Developer Certificate of Originality.
Code of Conduct
We follow the CNCF Code of Conduct.