From 0351954137db76cab8b176f8fe001898f2973245 Mon Sep 17 00:00:00 2001 From: Daneyon Hansen Date: Wed, 16 Jan 2019 14:51:49 -0700 Subject: [PATCH] Updates multicluster gateway doc to support node ports (#3063) --- .../examples/multicluster/gateways/index.md | 13 +++++- .../multicluster-install/gateways/index.md | 43 ++++++++++++++++++- 2 files changed, 53 insertions(+), 3 deletions(-) diff --git a/content/docs/examples/multicluster/gateways/index.md b/content/docs/examples/multicluster/gateways/index.md index 2f7660d972..c623d17747 100644 --- a/content/docs/examples/multicluster/gateways/index.md +++ b/content/docs/examples/multicluster/gateways/index.md @@ -99,7 +99,16 @@ running in a second cluster. `httpbin.bar.global` on *any port* to be routed to the endpoint `:15443` over an mTLS connection. - > Do not create a `Gateway` configuration for port 15443. + If your cluster2 Kubernetes cluster is running in an environment that does not + support external load-balancers, you must use the IP and nodePort corresponding + to port 15443 of a node running the `istio-ingressgateway` service. Instructions + for obtaining the node IP can be found in the + [Control Ingress Traffic](/docs/tasks/traffic-management/ingress/#determining-the-ingress-ip-and-ports) + guide. The following command can be used to obtain the nodePort: + + {{< text bash >}} + $ kubectl --context=$CTX_CLUSTER2 get svc -n istio-system istio-ingressgateway -o=jsonpath='{.spec.ports[?(@.port==15443)].nodePort}' + {{< /text >}} The gateway for port 15443 is a special SNI-aware Envoy preconfigured and installed as part of the multicluster Istio installation step @@ -107,6 +116,8 @@ running in a second cluster. load balanced among pods of the appropriate internal service of the target cluster (in this case, `httpbin.bar` in `cluster2`). + > Do not create a `Gateway` configuration for port 15443. + 1. Verify that `httpbin` is accessible from the `sleep` service. {{< text bash >}} diff --git a/content/docs/setup/kubernetes/multicluster-install/gateways/index.md b/content/docs/setup/kubernetes/multicluster-install/gateways/index.md index f4b96acce8..da715ad730 100644 --- a/content/docs/setup/kubernetes/multicluster-install/gateways/index.md +++ b/content/docs/setup/kubernetes/multicluster-install/gateways/index.md @@ -58,6 +58,9 @@ on **each** Kubernetes cluster. --from-file=@samples/certs/cert-chain.pem@ {{< /text >}} +1. Update Helm’s dependencies by following step 2 in the + [Installation with Helm](/docs/setup/kubernetes/helm-install/#installation-steps) instructions. + 1. Generate a multicluster-gateways Istio configuration file using `helm`: {{< text bash >}} @@ -90,8 +93,10 @@ services from remote clusters in the format `..global`. Istio also ships with a CoreDNS server that will provide DNS resolution for these services. In order to utilize this DNS, Kubernetes' DNS needs to be configured to point to CoreDNS as the DNS -server for the `.global` DNS domain. Create the following ConfigMap (or -update an existing one): +server for the `.global` DNS domain. Create one of the following ConfigMaps +or update an existing one: + +For clusters that use kube-dns: {{< text bash >}} $ kubectl apply -f - <}} +For clusters that use CoreDNS: + +{{< text bash >}} +$ kubectl apply -f - <}} + ## Configure application services Every service in a given cluster that needs to be accessed from a different remote