istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/docs/setup/install/multicluster/multi-primary/index.md

3.0 KiB
Raw Blame History

title description weight keywords test owner
Install Multi-Primary Install an Istio mesh across multiple primary clusters. 10
kubernetes
multicluster
yes istio/wg-environments-maintainers

Follow this guide to install the Istio control plane on both cluster1 and cluster2, making each a {{< gloss >}}primary cluster{{< /gloss >}}. Both clusters reside on the network1 network, meaning there is direct connectivity between the pods in both clusters.

Before proceeding, be sure to complete the steps under before you begin.

In this configuration, each control plane observes the API Servers in both clusters for endpoints.

Service workloads communicate directly (pod-to-pod) across cluster boundaries.

{{< image width="75%" link="arch.svg" caption="Multiple primary clusters on the same network" >}}

Configure cluster1 as a primary

Create the Istio configuration for cluster1:

{{< text bash >}} $ cat < cluster1.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: values: global: meshID: mesh1 multiCluster: clusterName: cluster1 network: network1 EOF {{< /text >}}

Apply the configuration to cluster1:

{{< text bash >}} istioctl install --context="{CTX_CLUSTER1}" -f cluster1.yaml {{< /text >}}

Configure cluster2 as a primary

Create the Istio configuration for cluster2:

{{< text bash >}} $ cat < cluster2.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: values: global: meshID: mesh1 multiCluster: clusterName: cluster2 network: network1 EOF {{< /text >}}

Apply the configuration to cluster2:

{{< text bash >}} istioctl install --context="{CTX_CLUSTER2}" -f cluster2.yaml {{< /text >}}

Enable Endpoint Discovery

Install a remote secret in cluster2 that provides access to cluster1s API server.

{{< text bash >}} $ istioctl create-remote-secret
--context="${CTX_CLUSTER1}"
--name=cluster1 |
kubectl apply -f - --context="${CTX_CLUSTER2}" {{< /text >}}

Install a remote secret in cluster1 that provides access to cluster2s API server.

{{< text bash >}} $ istioctl create-remote-secret
--context="${CTX_CLUSTER2}"
--name=cluster2 |
kubectl apply -f - --context="${CTX_CLUSTER1}" {{< /text >}}

Congratulations! You successfully installed an Istio mesh across multiple primary clusters!

Next Steps

You can now verify the installation.

Cleanup

  1. Uninstall Istio in cluster1:

    {{< text syntax=bash snip_id=none >}} istioctl uninstall --context="{CTX_CLUSTER1}" -y --purge kubectl delete ns istio-system --context="{CTX_CLUSTER1}" {{< /text >}}

  2. Uninstall Istio in cluster2:

    {{< text syntax=bash snip_id=none >}} istioctl uninstall --context="{CTX_CLUSTER2}" -y --purge kubectl delete ns istio-system --context="{CTX_CLUSTER2}" {{< /text >}}