The goal of this component is to find other clusters running Liqo on the same LAN, and to obtain the information required to possibly start the peering process.
Joinflag in the
ForeignClusterCR becomes true (either automatically or manually), an operator is triggered that creates a new
FederationRequestCR in the foreign cluster. The
FederationRequestcreation process includes the creation of new
kubeconfigwith management permissions on
AdvertisementCRs. It is worth noting that, by default, each Liqo cluster grants the create-only permission on
FederationRequestresources to unauthenticated user.
FederationRequestis used to start the sharing of resources.
Discovery service allows two clusters to know each other, ask for resources and begin exchanging
The protocol is described by the following steps:
mDNS packets are very similar to the ones exchanged in DNS discovery with exception of PTR records.
In mDNS discovery list of all clusters will be the ones that replies on multicast query on
List of supported features
ForeignClusterCR will be created for each cluster
SearchDomainCR is added, an operator retrieves data from DNS server, a new
ForeignClusterCR will be created for each cluster registered to domain provided
ForeignClusteris added, peering process will automatically begin
joinflag becomes true in a specific
ForeignCluster, peering process will start for that cluster
joinflag to false
ForeignClusterwill be notified and changes its status to not joined
List of known limitations
This component can be divided in two main blocks:
The goal of this block is to find clusters, to collect data and to create
This can be done by mDNS resolver, DNS client or by manual insertion.
If we are using DNS client, we use an additional sub-component, the
SearchDomain operator. This operator watches
SearchDomain resources, when a new one is added, it contacts DNS server to retrieve required data.
This logic merges discovered clusters with already existent ones. Currently, it checks if there is a cluster with the same ClusterId, if not it creates a new one.
This block is a standard Kubernetes operator that is watching on
When new one is added this component retrieves CAData from the remote cluster and stores it in a secret. That secret will
be used in all next interactions with remote cluster to authenticate it using it as Certification Authority of remote
cluster TLS certificate.
join flag becomes true in a
ForeignCluster, this component creates a new
PeeringRequest CR in the remote
cluster triggering peering process.
Vice versa when we set to false this flag,
PeeringRequest will be deleted triggering peering delete.
Every 30 seconds it checks is everything is working as expected both in the local and in the remote cluster,
if something is not it tries to reconcile them.
The typical workflow consist of three main steps:
When we no longer need foreign resources we can disable
join flag to trigger peering delete. This process consists of: