Multi-Cluster Federation Overview

    • Services on all clusters can make calls to each other through Consul Service Mesh.
    • Intentions can be used to enforce rules about which services can communicate across all clusters.
    • The Consul UI has a drop-down menu that lets you navigate between datacenters.

    Consul provides two mechanisms for WAN (Wide Area Network) federation:

    1. Traditional WAN Federation
    2. WAN Federation Via Mesh Gateways (newly available in Consul 1.8.0)

    With traditional WAN federation, all Consul servers must be exposed on the wide area network. In the Kubernetes context this is often difficult to set up. It would require that each Consul server pod is running on a Kubernetes node with an IP address that is routable from all other Kubernetes clusters. Often Kubernetes clusters are deployed into private subnets that other clusters cannot route to without additional network devices and configuration.

    WAN Federation Via Mesh Gateways

    To solve the problems that occurred with traditional WAN federation, Consul 1.8.0 now supports WAN federation via mesh gateways. This mechanism only requires that mesh gateways are exposed with routable addresses, not Consul servers. We can front the mesh gateway pods with a single Kubernetes service and all traffic flows between datacenters through the mesh gateways.

    Clusters/datacenters can be federated even if they have overlapping pod IP spaces or if they’re on different cloud providers or platforms. Kubernetes clusters can even be federated with Consul datacenters running on virtual machines (and vice versa). Because the communication between clusters is end-to-end encrypted, mesh gateways can even be exposed on the public internet.

    The only requirement is that the mesh gateways for each cluster can route to one another. For example, if using a load balancer service in front of each cluster’s mesh gateway, the load balancer IP must be routable from the other mesh gateway pods.

    Now that you have an overview of federation, proceed to either the Federation Between Kubernetes Clusters or pages depending on your use case.