KEP-1645: Add specification for multi-network scenario

keps/sig-multicluster/1645-multi-cluster-services-api/README.md

@@ -93,6 +93,8 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Exporting Services](#exporting-services)
     - [Restricting Exports](#restricting-exports)
   - [Importing Services](#importing-services)
+    - [Multi-network scenario](#multi-network-scenario)
+      - [Known limitation](#known-limitation)
   - [ClusterSet Service Behavior Expectations](#clusterset-service-behavior-expectations)
     - [Service Types](#service-types)
     - [ClusterSetIP](#clustersetip)
@@ -260,6 +262,12 @@ nitty-gritty.
   The cluster name should be consistent for the life of a cluster and its
   membership in the clusterset. Implementations should treat name mutation as
   a delete of the membership followed by recreation with the new name.
+- **cluster network** - An identifier for the cluster network. Each cluster can have an optional name that can identify the network its running in. The network name must be a valid [RFC
+  1123](https://tools.ietf.org/html/rfc1123) DNS label. Two or more clusters within the ClusterSet can have the same network identifier.
+
+  The network name should be consistent during its
+  membership in the clusterset. Implementations should treat network change as
+  a delete of the membership followed by recreation with the new name.
 
 [namespace sameness]: https://github.com/kubernetes/community/blob/master/sig-multicluster/namespace-sameness-position-statement.md
 
@@ -664,6 +672,12 @@ endpoints:
 The `ServiceImport.Spec.IP` (VIP) can be used to access this service from within
 this cluster.
 
+
+#### Multi-network scenario
+One or more clusters in a ClusterSet can be running on a discrete network (a non-flat network). An MCS controller can use the `network.k8s.io` `ClusterProperty` to determine if a cluster in a `ClusterSet` is running on a discrete network. Note that the endpoints of the `EndpointSlice` for a cluster on discrete network may only be representative of the pods backing the multi-cluster service and not the real pod addresses.
+##### Known limitation
+In a multi-network scenario where the `EndpointSlice`s do not contain the actual pod addresses, there isn't currently a way (K8s native support) to proportionately distribute the traffic based on the actual number of pods. There is active ongoing work in SIG-Network to add an attribute to represent the number of endpoints for `EndpointSlice`s. This will provide a way for kube-proxy to load balance across `EndpointSlice`s .
+
 ### ClusterSet Service Behavior Expectations
 
 #### Service Types

keps/sig-multicluster/2149-clusterid/README.md

@@ -90,6 +90,7 @@ tags, and then generate with `hack/update-toc.sh`.
     - [Multi-Cluster Services](#multi-cluster-services)
     - [Diagnostics](#diagnostics)
     - [Multi-tenant controllers](#multi-tenant-controllers)
+    - [Multi-network scenario](#multi-network-scenario)
   - [<code>ClusterProperty</code> CRD](#-crd)
   - [Well known properties](#well-known-properties)
     - [Property: <code>id.k8s.io</code>](#property-)
@@ -98,10 +99,16 @@ tags, and then generate with `hack/update-toc.sh`.
       - [Contents](#contents)
       - [Consumers](#consumers)
       - [Notable scenarios](#notable-scenarios)
-    - [Property: <code>clusterset.k8s.io</code>](#property--1)
+    - [Property: <code>network.k8s.io</code>](#property--1)
+      - [Uniqueness](#uniqueness-1)
       - [Lifespan](#lifespan-1)
       - [Contents](#contents-1)
       - [Consumers](#consumers-1)
+      - [Notable scenarios](#notable-scenarios-1)
+    - [Property: <code>clusterset.k8s.io</code>](#property--2)
+      - [Lifespan](#lifespan-2)
+      - [Contents](#contents-2)
+      - [Consumers](#consumers-2)
   - [Additional Properties](#additional-properties)
   - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
   - [Risks and Mitigations](#risks-and-mitigations)
@@ -294,6 +301,9 @@ My controller interacts with multiple clusters and needs to disambiguate between
 
 _For example, [CAPN's virtualcluster project](https://github.com/kubernetes-sigs/cluster-api-provider-nested) is implementing a multi-tenant scheduler that schedules tenant namespaces only in certain parent clusters, and a separate syncer running in each parent cluster controller needs to compare the name of the parent cluster to determine whether the namespace should be synced. ([ref](https://github.com/kubernetes/enhancements/issues/2149#issuecomment-768486457))._
 
+#### Multi-network scenario
+
+With in a ClusterSet I have one or more clusters where pods across these clusters are not directly routable (a non-flat network).
 
 ### `ClusterProperty` CRD
 
@@ -307,7 +317,7 @@ The schema for `ClusterProperty` is intentionally loose to support multiple form
 
 ### Well known properties
 
-The `ClusterProperty` CRD will support two specific properties under the well known names `id.k8s.io` and `clusterset.k8s.io`. Being "well known" means that they must conform to the requirements described below, and therefore can be depended on by multi-cluster implementations to achieve use cases dependent on knowledge of a cluster's ID or ClusterSet membership.
+The `ClusterProperty` CRD will support three specific properties under the well known names `id.k8s.io`, `network.k8s.io` and `clusterset.k8s.io`. Being "well known" means that they must conform to the requirements described below, and therefore can be depended on by multi-cluster implementations to achieve use cases dependent on knowledge of a cluster's ID or ClusterSet membership.
 
 The requirements below use the keywords **must, should,** and **may** purposefully in accordance with [RFC-2119](https://tools.ietf.org/html/rfc2119).
 
@@ -353,6 +363,37 @@ Contains a unique identifier for the containing cluster.
 
 **Reusing cluster names**: Since an `id.k8s.io ClusterProperty` has no restrictions on whether or not a ClusterProperty can be repeatable, if a cluster unregisters from a ClusterSet it is permitted under this standard to rejoin later with the same `id.k8s.io ClusterProperty` it had before. Similarly, a *different* cluster could join a ClusterSet with the same `id.k8s.io ClusterProperty` that had been used by another cluster previously, as long as both do not have membership in the same ClusterSet at the same time. Finally, two or more clusters may have the same `id.k8s.io ClusterProperty` concurrently (though they **should** not; see "Uniqueness" above) *as long as* they both do not have membership in the same ClusterSet.
 
+#### Property: `network.k8s.io`
+
+Contains an identifier representing the network for the cluster.
+
+
+##### Uniqueness
+
+*   The identifier **need not** exist (as its only applicable for multi-network scenario) and **need not** be unique
+
+##### Lifespan
+
+*   The identifier, if exists, **should** be immutable for the lifespan of a ClusterSet membership.
+
+
+##### Contents
+
+*   The identifier **should** be a valid string.
+*   The identifier **should** be a human readable description.
+
+
+##### Consumers
+
+*   **Should** be able to rely on the identifier, if exists, unmodified for the entire duration of its membership in a ClusterSet.
+*   **Should** watch the `network.k8s.io` property to handle potential changes if they live beyond the ClusterSet membership.
+*   **May** rely on the existence of an identifier for clusters that do not belong to a ClusterSet so long as the implementation provides one.
+
+
+##### Notable scenarios
+
+**Cluster changes its network**: Since a `network.k8s.io ClusterProperty` must be immutable for the duration of its *membership* in a given ClusterSet, the property contents can be "changed" by unregistering the cluster from the ClusterSet and reregistering it with the new network name.
+
 #### Property: `clusterset.k8s.io`
 
 Contains an identifier that relates the containing cluster to the ClusterSet in which it belongs.