Accessing external service on another Kubernetes cluster

[JCMais]

Is your feature request related to a problem? Please describe. Let's say I have three Kubernetes Clusters, A, B and C.

I have services I want to protect on all of them, but I only want to install SSO on a single one, and it should be able to proxy request to the other ones. The services are not exposed outside of the clusters, they are simple ClusterIP services.

Has anyone done something similar to this? If yes, how exactly?

Describe alternatives you've considered One way to do that that I suppose would work is to have a kubectl proxy sidecar, and access the svc using the Kubernetes api, like:

http://localhost:<cluster-b-proxy-port>/api/v1/proxy/namespaces/<cluster-b-namespace>/services/<cluster-b-service>:<cluster-b-service-port-name>/

[jphines]

We don't deploy kubernetes internally at BuzzFeed, so I don't have much experience here to be able to supply a working solution :/.

SSO should work as long as the routes are reachable from the service. I'm not sure how that would work with multiple k8s clusters where, as far as I understand, those routes aren't reachable inter-clusters.

[JCMais]

No problem @jphines , I will probably investigate this further the following months since I will need to have something like that working.

[LanceSandino]

If you use GKE (Google Kubernetes Engine) you can just use an Internal Load Balancer https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing

(as long as your routing is set up, by default clusters in the same region are I believe)

**Edit: other providers offer this as well: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer