Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Sail Operator
Labels:
- FeatureDevelopment

Epic Name:
Federation for OSSM 3
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Status:
To Do
Hierarchy Progress Bar:

33% To Do, 67% In Progress, 0% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Intelligence Requested:
Market:

This epic is to develop a plan, scope and implement a form of service mesh federation that will be supportable in OpenShift Service Mesh 3 (via the sail-operator). Unlike federation with Maistra, it should be implemented using a combination of upstream Istio contributions and an independent controller (ie not in Red Hat's fork of Istio). It does not need to be a complete replacement of the Maistra federation feature, but should support some of the more common use cases.

Details of this work are currently being captured across two documents:

[Business background](https://docs.google.com/document/d/1cYbzRkClNOb4dIvMA6s2St4HOZisqvvqAF_tphKjyCA/edit)
[Technical Design Proposal](https://docs.google.com/document/d/16T7GxDABKgruN9FxJzbPou99vWG0fesUWjYawv6yfak/edit?resourcekey=0-AwFFsjFH1gh9hprmxv37nQ#heading=h.xw1gqgyqs5b)

Federation is also touched upon in an upcoming blog on multi-cluster Service mesh:

https://docs.google.com/document/d/1a8rDkUcR6UZtBcnTk6li4l5NNKkDdCHLDQW5HBDZFMI/edit

Challenges with current federation:

As it is part of Maistra.io, we do not benefit from the hardening that being in a large multi-vendor project like Istio provides.
As it is embedded with Istio, it is difficult to maintain, as the underlying code change frequently during rebases.

Consider... "As an upstream Istio user, if I want to federate service meshes,...such that I can include a select number(not all) of remote services locally...how would I set this up?" Are there features that could be added to Istio to support this? If so, could we put a community proposal together?
Refactor federation out into its own controller to be contributed as a separate project to istio-ecosystem (may have to review how it compares with Admiral, another multi-cluster project in istio-ecosystem)
Can the use of SPIRE for trust offer a simplification?
Contribute CRDs upstream to make it easier to configure with upstream resources.

Related upstream issues:

https://github.com/istio/istio/issues/48998
https://github.com/istio/istio/issues/40589
(Some discussion on federation related to Ambient): https://github.com/istio/istio/issues/43937
https://github.com/istio/istio/issues/31967
https://github.com/istio/istio/issues/31077

Other similar federation implementations:
https://github.com/vmware/hamlet
Admiral

is related to

OSSM-5039 RBAC in OSSM federation with spiffe propagation

Backlog

links to

openshift/openshift-docs#84682: OSSM-4835 [Doc] Capture Differences between OSSM 2.x and OSSM 3.0

Assignee:: Jacek Ewertowski

Reporter:: Daniel Grimm

Contributors:: Bartosz Majsak, Eoin Fennessy, Jacek Ewertowski

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/05/25 1:24 PM

Updated:: 2024/11/21 7:03 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates