Update Multi-cluster architecture doc

[luolanzone]

Update MC architecture doc and change old diagrams' format from png to svg.

Signed-off-by: Lan Luo [email protected]

[codecov-commenter]

Codecov Report

Merging #3638 (5894ae2) into main (ea99ee5) will decrease coverage by 2.71%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3638      +/-   ##
==========================================
- Coverage   63.37%   60.66%   -2.72%     
==========================================
  Files         288      293       +5     
  Lines       41223    43224    +2001     
==========================================
+ Hits        26127    26222      +95     
- Misses      13000    14854    +1854     
- Partials     2096     2148      +52     

Flag	Coverage Δ
kind-e2e-tests	44.88% <ø> (-5.19%)	⬇️
unit-tests	44.56% <ø> (+0.22%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...g/agent/apiserver/handlers/featuregates/handler.go	4.54% <0.00%> (-77.28%)	⬇️
pkg/apis/controlplane/v1beta2/helper.go	40.00% <0.00%> (-60.00%)	⬇️
...kg/apiserver/registry/system/supportbundle/rest.go	22.17% <0.00%> (-50.44%)	⬇️
pkg/support/dump.go	7.90% <0.00%> (-49.16%)	⬇️
pkg/support/dump_others.go	0.00% <0.00%> (-44.74%)	⬇️
pkg/agent/controller/networkpolicy/fqdn.go	39.51% <0.00%> (-36.00%)	⬇️
...g/agent/apiserver/handlers/addressgroup/handler.go	5.00% <0.00%> (-35.00%)	⬇️
...agent/apiserver/handlers/appliedtogroup/handler.go	5.00% <0.00%> (-35.00%)	⬇️
pkg/agent/controller/networkpolicy/reject.go	50.58% <0.00%> (-34.71%)	⬇️
...kg/agent/controller/networkpolicy/audit_logging.go	56.30% <0.00%> (-27.74%)	⬇️
... and 75 more

[jianjuns]

I think we generally use only SVG diagram in the repo.

[luolanzone]

Hi @jianjuns I changed a little bit for MC doc, Could you review again? thanks.

[jianjuns]

Remove on-prem, public, etc. from the diagrams.

[jianjuns]

@luolanzone : the current version of user guide looks too complex to follow. I think let us split the PR to two, one for architecture doc, one for user guide, and let me work together with you on the latter.

[luolanzone]

@jianjuns I removed this PR from release v1.7, but could you help to review and check if it's Ok to merge in this release? thanks.

[jianjuns]

The picture is too small.

[jianjuns]

Do not use on-prem / public, etc. They are not popular terms with K8s.

[luolanzone]

Updated.

[jianjuns]

a basic Antrea Multi-cluster topology with one leader cluster and two member clusters.

[luolanzone]

Updated

[jianjuns]

The picture is a little small too (hard for me to read the texts).

[jianjuns]

In the picture, consider:

1. Endpoint -> Endpoints
2. Monitor -> Watch?

[luolanzone]

Done

[jianjuns]

Again, a little small.

[jianjuns]

We should remove "node-a1" around the tunnel line?

A minor one - the color of Cluster C box looks too different from that of Cluster A B. Could we adjust the colors?

[luolanzone]

yea, node-a1 is added by mistake, it's fixed, and color is adjusted.

[jianjuns]

I feel "Multi-cluster Service Connectivity" is not a good term for people to understand.

How about "Multi-cluster Gateway" or "Cross-cluster Connectivity".

[luolanzone]

Rename it to Multi-cluster Gateway"

[jianjuns]

I feel no need to mention feature gate or particular component configurations in the architecture doc.

[luolanzone]

Removed

[jianjuns]

Probably talk about the new behavior first, like:

"Since Antrea v1.7.0, Multi-cluster Gateways must be configured to support Multi-cluster Service access across member clusters, and Service CIDRs cannot overlap between clusters. Refer to xxx for more information. Before Antrea v1.7.0, Pod IPs must be directly reachable across clusters for Multi-cluster Service access, and Pod CIDRs cannot overlap between clusters.

[jianjuns]

I feel this section can be merged to the previous one. Probably just one section called "Antrea Multi-cluster Service", which first introduces what is Multi-cluster Service, and then the implementation, including Service export and import.

Please read your doc and make sure a reader with no knowledge on multi-cluster implementation can understand what you wrote.

[luolanzone]

The pipeline is introduced first considering both MC Service and MC network policy depend on this, I will check how to refine it. thanks.

[luolanzone]

Refined the whole structure and some descriptions.

[jianjuns]

An Antrea Multi-cluster ClusterSet includes a leader clusters and multiple member clusters.

[luolanzone]

Done

[jianjuns]

Why by default? Probably copy the description in user guide.

[luolanzone]

Done

[jianjuns]

Other diagrams use Cluster A/B/C. Probably we should change this one too to be consistent.

[luolanzone]

Done

[jianjuns]

I feel better to move this paragraph to be before line 9.

[luolanzone]

Done

[jianjuns]

This section makes no sense to be here. And readers do not even know what is Multi-cluster Service from this doc so far.

Anyway, let us do some small adjustment in this PR, and revise later. Let us move this section to be after "Antrea Multi-cluster Controller". And in this section, let us first have the "Service Export and Import" sub-section; and add another sub-section called "Service Access Across Clusters", and move this paragraph there.

[jianjuns]

Antrea started to support Multi-cluster Gateway since v1.7.0.

[luolanzone]

Done

[jianjuns]

Fix the following:

member of a ClusterSet with unique cluster ID, to claim a ClusterSet with unique ClusterSet ID.

with a unique cluster ID

and to claim a ClusterSet with a unique ClusterSet ID.

[jianjuns]

It might be more natural to talk about ClusterSet first:

The ClusterClaim CRD is used to claim a ClusterSet with a unique ClusterSet ID, and to claim the cluster itself as a member of a ClusterSet with a unique cluster ID.

[luolanzone]

Done

[jianjuns]

I meant adding a section at the same level of "## Antrea Multi-cluster Controller" called "## Multi-cluster Controller Service", so the sections are like:

## Antrea Multi-cluster Controller
## Multi-cluster Controller Service
### Service Export and Import
### Service Access Across Clusters
## Multi-cluster Gateway
### Multi-cluster Service Traffic Walk
## Antrea Multi-cluster NetworkPolicy

What you think? BTW, I removed "Antrea" from a few section titles. I feel no need to repeat it in all places.

[luolanzone]

sure, I will refine it. thanks.

[luolanzone]

I suppose you mean ## Multi-cluster Service in the second item?

[jianjuns]

Ah, yes

[luolanzone]

Done

[jianjuns]

Remove "watches...". It is not more important than other responsibilities of MC Controller to mention first.

[jianjuns]

If you want, we can say "Antrea Multi-cluster Controller implements ClusterSet management and resource export/import in the ClusterSet".

[jianjuns]

In either a leader or a member cluster, Antrea Multi-cluster Controller is deployed with a Deployment of a single replica, but it takes different responsibilities in member and leader clusters.

[jianjuns]

I feel we can remove this paragraph, as resource export/import is talked in a later one too.

[jianjuns]

Ditto

[jianjuns]

Maybe add a sub-section of "ClusterSet Initialization"

[jianjuns]

This section is not well organized. I feel harder to explain all my suggestion than just writing down what is in my mind. Probably let me push a version for you to review.

[jianjuns]

@luolanzone : I updated a version. Please review.

[jianjuns]

Should we use "pod-a/b/c" to be consistent with "node-a1", etc.?

[luolanzone]

sure, I will update it.

[luolanzone]

@jianjuns the change looks good to me overall, I changed a few minor descriptions and the line length for Antrea Multi-cluster NetworkPolicy section as well, you can move forward if you feel it's ready.

[luolanzone]

Here is the main one I updated, we have a webhook for MemberClusterAnnounce in leader cluster, so I used validates here, and admin is the one to add/update member clusters to ClusterSet, Controller will validate and update status only.

[jianjuns]

/skip-all