Implement connecting multiple clusters with isolation and boundary protection, as defined by major industry standards. #16470

vadimeisenbergibm · 2019-08-22T06:54:17Z

Major industry standards require isolation and boundary protection:

put an access control mechanism at the boundary (firewall, gateway, etc.)
all the access control mechanisms must be deny-all by default
do not expose private IP addresses from the isolated environment
do not let components from outside the boundary to manage security inside the isolated environment

The three multi-cluster patterns as documented on istio.io do not provide isolation between clusters and their boundary protection.

vadimeisenbergibm · 2019-08-22T07:03:49Z

@smawson @costinm @louiscryan @sdake @frankbu @andraxylia @nmittler @ayj @linsun I have created an epic to define the activity related to connecting multiple clusters with isolation & boundary protection.

smawson · 2019-08-22T23:57:00Z

Awesome, thank you Vadim!

vadimeisenbergibm added area/environments area/networking Epic labels Aug 22, 2019

istio-policy-bot added the lifecycle/needs-triage label Oct 30, 2019

geeknoid removed the lifecycle/needs-triage label Oct 31, 2019

ayj added the area/environments/multicluster label Dec 6, 2019

irisdingbj added the feature/Multi-cluster issues related with multi-cluster support label Mar 31, 2020

howardjohn removed the area/environments/multicluster label Jul 31, 2020

howardjohn added this to the Nebulous Future milestone Nov 19, 2020

howardjohn closed this as not planned Won't fix, can't repro, duplicate, stale Jul 8, 2024

Provide feedback