Cilium Feature Proposal

Is your proposed feature related to a problem?

Sort of. We run a large clustermesh with tens of clusters. However right now there's no way to verify that nobody has messed with "their" cluster in the clustermesh. For all we know they could (provided they manage to access the etcd):
a) insert foreign cluster's endpoint number
b) insert fake labels on their actual endpoints and pretend they are a different cluster

Describe the feature you'd like

It would be nice to have the option to specify not just another cluster's kvstore (etcd), but also their cluster name (or derive it from the file name) AND their remote cluster ID.

• The cluster ID would be verified against the endpoints in that ETCD
• The name of their cluster would be fixed as a local label for endpoints from their cluster, something like cilium.io:cluster-name: fubar.

(Hope this is actual CFP and not a bug report?)

Cheers

Ashley