andrewazores
commented
2 months ago I think this sounds like a general solution might be to implement a service mesh discovery plugin. Are you talking about Istio in particular here?
Open grzesuav opened 2 months ago
andrewazores
commented
2 months ago I think this sounds like a general solution might be to implement a service mesh discovery plugin. Are you talking about Istio in particular here?
grzesuav
commented
2 months ago no, there are two separate problems.
For discover in remote cluster you just need kubernetes RBAC with remote api server endpoint. This is how i.e. ArgoCD does it (and many others). There is also initiative in kubernetes multicluster sig around standardizing Cluster Catalogue and Cluster Credentials - https://docs.google.com/document/d/1SZfgMiRArqlVJ0Yxygg7UAAGqPi4Eu18_2T7umxVTwg/edit - work in progress currently. The problem they aiming to solve is to define a common API, because currently different tools - like argocd, kueue etc are all using its own format.
As most API servers are publicly available it solves the accessibility problem for them.
However in case of cryostat it seconds step - even if you discover endpoints from api server cryostat still need to be able to connect via IP to those - they are various ways to do that, like https://docs.cilium.io/en/stable/network/clustermesh/clustermesh/#gs-clustermesh or istio.
This issue is about the first part - kubernetes service discovery
Describe the feature
Having several kubernetes clusters in the same service mesh, it would be good for Cryostat being able to discover targets in other clusters
Anything other information?
No response