From fc44d7116f7b2f8d4459000708f732c981f0af54 Mon Sep 17 00:00:00 2001 From: Lan Luo Date: Thu, 20 Apr 2023 14:07:00 +0800 Subject: [PATCH] Update Multi-cluster user guide Update Multi-cluster user guide to provide more details for Gateway enablement. Signed-off-by: Lan Luo --- docs/multicluster/user-guide.md | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/docs/multicluster/user-guide.md b/docs/multicluster/user-guide.md index 4ef352739fa..81a2766c73b 100644 --- a/docs/multicluster/user-guide.md +++ b/docs/multicluster/user-guide.md @@ -63,10 +63,10 @@ when applying or downloading an Antrea YAML manifest. [multi-cluster Pod-to-Pod connectivity](#multi-cluster-pod-to-pod-connectivity), in particular configuration (please check the corresponding sections to learn more information), requires an Antrea Multi-cluster Gateway to be set up in each member -cluster to route Service and Pod traffic across clusters. To support Multi-cluster -Gateways, `antrea-agent` must be deployed with the `Multicluster` feature enabled -in a member cluster. You can set the following configuration parameters in -`antrea-agent.conf` of the Antrea deployment manifest to enable the `Multicluster` +cluster by default to route Service and Pod traffic across clusters. To support +Multi-cluster Gateways, `antrea-agent` must be deployed with the `Multicluster` +feature enabled in a member cluster. You can set the following configuration parameters +in `antrea-agent.conf` of the Antrea deployment manifest to enable the `Multicluster` feature: ```yaml @@ -81,6 +81,12 @@ antrea-agent.conf: | namespace: "" # Change to the Namespace where antrea-mc-controller is deployed. ``` +In order for Multi-cluster features to work, it is necessary for `enableGateway` to be set to true by +the user, except when Pod-to-Pod direct connectivity already exists (e.g., provided by the cloud provider) +and `endpointIPType` is configured as `PodIP`. Details can be found in [Multi-cluster Services](#multi-cluster-service). +Please note that [Multi-cluster NetworkPolicy](#multi-cluster-networkpolicy) always requires +Gateway. + Prior to Antrea v1.11.0, Multi-cluster Gateway only works with Antrea `encap` traffic mode, and all member clusters in a ClusterSet must use the same tunnel type. Since Antrea v1.11.0, Multi-cluster Gateway also works with the Antrea `noEncap`, `hybrid` @@ -353,10 +359,19 @@ spec: ## Multi-cluster Gateway Configuration -Multi-cluster Gateways are required to support multi-cluster Service access -across member clusters. Each member cluster should have one Node served as its -Multi-cluster Gateway. Multi-cluster Service traffic is routed among clusters -through the tunnels between Gateways. +Multi-cluster Gateways are responsible for establishing tunnels between clusters. +Each member cluster should have one Node serving as its Multi-cluster Gateway. +Multi-cluster Service traffic is routed among clusters through the tunnels between +Gateways. + +Below is a table about communication support for different configurations. + +| Pod-to-Pod connectivity provided by underlay | Gateway Enabled | MC EndpointTypes | Cross-cluster Service/Pod communications | +| -------------------------------------------- | --------------- | ----------------- | ---------------------------------------- | +| No | No | N/A | No | +| Yes | No | PodIP | Yes | +| No | Yes | PodIP/ClusterIP | Yes | +| Yes | Yes | PodIP/ClusterIP | Yes | After a member cluster joins a ClusterSet, and the `Multicluster` feature is enabled on `antrea-agent`, you can select a Node of the cluster to serve as