K8s site should support Site Mesh group

Currently K8s sites do not expose IKE's container listeners outside the K8s cluster (NodePort), thus it is impossible to implement a Site Mesh group. The APIs to provision the Site Mesh group work, but the sites are simply not reachable.

This is an important use case for customers with their own L3 connectivity between K8s sites or ones that require traffic to remain within their network for regulatory reasons. (request is a requirement for IBM Satellite integration as well as IBM FinSrv deployments)

This is documented in:

https://gitlab.com/volterra/support/technical/-/issues/4671

It is preferable if the only required would be statically Node IPs in the K8s clusters and L3 reach-ability between K8s nodes in the K8s site wishing to host a K8s site as part of a Site Mesh.

There is no immediate requirement that a Pod IP based DC Group Cluster be supported.

  • John Gruber
  • Sep 29 2021
  • Shipped
  • Attach files