Skip to content

Multicluster isolation

Multicluster isolation is a networking and architectural strategy in Kubernetes Service meshes, specifically within configurations like Istio, that segregates traffic between external (north-south) and internal (east-west) communications.^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]

To achieve this isolation, the architecture decouples the entry points for traffic by deploying a dedicated gateway for cross-cluster or internal mesh communication, distinct from the gateway handling Ingress from the public internet^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Implementation

This isolation is implemented by creating a separate "East-West Gateway" deployment.^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md] The primary objective of this separation is to prevent internal cross-cluster traffic—which can be high volume from microservices communicating with one another—from overwhelming the default Ingress gateway intended for external user traffic^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

When deploying this configuration, the environment variables for the specific cluster and network must align with those used for the control plane deployment^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Traffic Types

The isolated gateway handles specific traffic flows depending on the multicluster topology:

  • Primary-Remote: The gateway exposes the control plane service (istiod) to allow remote clusters to access the primary cluster's control plane^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].
  • Multinetwork: The gateway exposes services directly to enable cross-cluster load balancing across different networks^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Sources

^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]