Add docs for clusterset IP feature

[tpantelis]

User guide and subctl commands.

[submariner-bot]

🤖 Created branch: z_pr1181/tpantelis/clusterset_ip

[skitt]

This gives the impression that the virtual IP won’t work unless the user does something else — is that so?

[tpantelis]

yes. This is for Istio support - they need a VIP and will handle the rest. We could also not document this feature.

[sridhargaddam]

How is the routing handled for the virtualIP? Are we adding any iptable rules to support the datapath?

Lighthouse DNS will return the cluster set virtual IP from queries instead of a constituent cluster IP address. However, Submariner does not perform load balancing and relies on some external component to do so.

Normally when we return the clusterIP itself (or the associated GlobalIngressIP) kube-proxy does the load-balancing once the remote traffic lands in the local cluster (where the service is exprted). Can you please eloborate how this use-case works with virtualIP?

[vthapar]

Currently we're not doing any routing. This feature currently will be used only by Istio and it will take care of routing. Current submariner connectivity doesn't support this use case.

This use case can also be used by someone using Lighthouse-only for MCS service discovery and using their own MCS controller for datapath.

[skitt]

It seems to me that this should be documented because users could end up shooting themselves in the foot.

Can we make the caveat more general? It’s not just load balancing, it’s any kind of routing.

Suggested change

	Lighthouse DNS will return the cluster set virtual IP from queries instead of a constituent cluster IP address. However, Submariner
	does not perform load balancing and relies on some external component to do so.
	Lighthouse DNS will return the cluster set virtual IP from queries instead of a constituent cluster IP address. However, Submariner
	does not route this virtual IP and relies on some external component to do so.