Is there any Layer approach for multicluster communication instead of service mesh approach?
We are investigating on communication between our clusters (AWS and GCP mostly) and we investigating solutions like Istio and linkerd. but the things is all of them connects each cluster to another one (like star network). We are instead searching about a way like using layer apporach instead of mesh approach and the main reason is security-wise. we don't want to get panic if one of the clusters get hacked, so there should be no chance for attacker to have access to another cluster. something like this diagram: D2 link for viewing better It is obvious that external services will provide service for other components, and maybe they will visit other externel services by Relay component. In this architecture, we have two external services: Notification Service and Recommendation Service. They just simply listen on one port (8080/8081) and return a json message which include service name and timestamp. Connectors This component will not listen on any port, so it will not accept any request. When it is started, it will get 2 arguments, a service name and that service's endpoint. Then it will connect to the router(hub) and register that serivce name. when it receives a message from the router, it will send the message to the service, and send that serivce's reply message to the router(hub). Relay This component will accept connections from external services, and forward request to router(hub) component, and then return the response from router(hub) to the accessor. Router This component will accept connections from connector component and relay component. When connector register a service name, it will store that service and that GRPC connection in a dict. When relay send a message to router, it will find the service name in the dict and send the message to that service. When the service reply, it will send the reply message to the relay. Now I have two questions regarding these definitions: because we still didn't find any workaround like istio or linkerd that provide this for us, do you know any similar product to provide this functionality for us? do you think this architecture make sense? because whenever we search on web about this we couldn't find anything similar to this and this means that we maybe wrong about this design.
We are investigating on communication between our clusters (AWS and GCP mostly) and we investigating solutions like Istio and linkerd. but the things is all of them connects each cluster to another one (like star network).
We are instead searching about a way like using layer apporach instead of mesh approach and the main reason is security-wise. we don't want to get panic if one of the clusters get hacked, so there should be no chance for attacker to have access to another cluster. something like this diagram:
It is obvious that external services will provide service for other components, and maybe they will visit other externel services by Relay component. In this architecture, we have two external services: Notification Service and Recommendation Service. They just simply listen on one port (8080/8081) and return a json message which include service name and timestamp.
Connectors
This component will not listen on any port, so it will not accept any request. When it is started, it will get 2 arguments, a service name and that service's endpoint. Then it will connect to the router(hub) and register that serivce name. when it receives a message from the router, it will send the message to the service, and send that serivce's reply message to the router(hub).
Relay
This component will accept connections from external services, and forward request to router(hub) component, and then return the response from router(hub) to the accessor.
Router
This component will accept connections from connector component and relay component. When connector register a service name, it will store that service and that GRPC connection in a dict. When relay send a message to router, it will find the service name in the dict and send the message to that service. When the service reply, it will send the reply message to the relay.
Now I have two questions regarding these definitions:
because we still didn't find any workaround like istio or linkerd that provide this for us, do you know any similar product to provide this functionality for us?
do you think this architecture make sense? because whenever we search on web about this we couldn't find anything similar to this and this means that we maybe wrong about this design.
