Fabric

Defining a ClusterLink fabric

The concept of a Fabric encapsulates a set of cooperating peers. All peers in a fabric can communicate and may share services between them, with access governed by policies. The Fabric acts as a root of trust for peer-to-peer communications (i.e., it functions as the certificate authority enabling mutual authentication between peers).

Currently, the concept of a Fabric is just that - a concept. It is not represented or backed by any managed resource in a ClusterLink deployment. Once a Fabric is created, its only relevance is in providing a certificate for use by each peer’s gateways. One could potentially consider a more elaborate implementation where a central management entity explicitly deals with Fabric life cycle, association of peers to a fabric, etc. The role of this central management component in ClusterLink is currently delegated to users who are responsible for coordinating the transfer of certificates between peers, out of band.

Initializing a new fabric

Prerequisites

The following sections assume that you have access to the clusterlink CLI and one or more peers (i.e., clusters) where you’ll deploy ClusterLink. The CLI can be downloaded from the ClusterLink releases page on GitHub.

Create a new fabric CA

To create a new fabric certificate authority (CA), execute the following CLI command:

clusterlink create fabric --name <fabric_name>

This command will create the CA files cert.pem and key.pem in a directory named <fabric_name>. The --name option is optional, and by default, “default_fabric” will be used. While you will need access to these files to create the peers` gateway certificates later, the private key file should be protected and not shared with others.

Once a Fabric has been created and initialized, you can proceed with configuring peers. For a complete, end-to-end use case, please refer to the iperf tutorial.