Azure Kubernetes Fleet Manager: Seamless Cross-Cluster Networking with Cilium
This article introduces Azure Kubernetes Fleet Manager's new cross-cluster networking capabilities, powered by Cilium and eBPF. It addresses the challenges of multi-cluster Kubernetes networking by providing transparent, high-performance East-West connectivity, global service discovery, and unified security policies across a fleet of clusters, simplifying complex distributed system architectures.
Read original on Azure Architecture BlogThe Challenge of Multi-Cluster Networking
As cloud-native adoption grows, organizations frequently deploy multiple Kubernetes clusters for reasons like regulatory compliance, disaster recovery, and blast radius isolation. Historically, connecting these clusters has incurred a "networking tax" due to reliance on complex VPNs, gateways, and manual service discovery. This complexity adds latency and operational overhead, especially in large-scale fleet deployments. The need for consistent, reliable cross-cluster connectivity is critical for scenarios such as seamless failover, shared services architectures, and dynamic workload shifting across regions for capacity or latency optimization.
Azure Kubernetes Fleet Manager with Cilium-based Networking
Azure Kubernetes Fleet Manager aims to simplify multi-cluster Kubernetes management. With the integration of Cilium-based cross-cluster networking, it extends the Kubernetes networking model across cluster boundaries. This enables pods and services to communicate as if they were local, while maintaining crucial cluster-level isolation and governance. The solution leverages eBPF for efficient routing, policy enforcement, and observability, providing high-performance networking without traditional proxies or gateways.
- Seamless East-West Connectivity: Utilizes eBPF-based routing with Azure CNI powered by Cilium for native-performance pod communication across clusters.
- Global Service Discovery: A simple annotation (`service.cilium.io/global=true`) transforms a standard Kubernetes Service into a global one, enabling automatic endpoint discovery, transparent load balancing, and failover across member clusters.
- Multi-cluster Observability: Offers a unified view of network health with aggregated metrics, logs, and flow visibility through Advanced Container Networking Services, integrating Cilium telemetry.
- Unified Security and Governance: Network policies can span across clusters, ensuring identity-based security policies follow workloads globally.
- Zero-Touch Management: Fleet Manager handles certificate and network configuration lifecycle, reducing operational burden.
Architecting for Strategic Resilience
Cross-cluster networking is a foundational component for building inherently resilient architectures. It enables system designers to create shared services clusters supporting hundreds of tenants or global services that route traffic to the healthiest available endpoints. This approach makes infrastructure more agile, allowing applications to gracefully handle single-cluster or even single-region failures by distributing workloads and ensuring continuous availability.