我的书签
添加书签
移除书签Shared control plane (single-network)
In this configuration, multiple Kubernetes clusters runninga remote configuration connect to a shared Istiocontrol plane.Once one or more remote Kubernetes clusters are connected to theIstio control plane, Envoy can then form a mesh network across multiple clusters.
The ability to deploy the Istio control planeon one of the clusters.
A RFC1918 network, VPN, or an alternative more advanced network techniquemeeting the following requirements:
Individual cluster Pod CIDR ranges and service CIDR ranges must be uniqueacross the multicluster environment and may not overlap.
All pod CIDRs in every cluster must be routable to each other.
This guide describes how to install a multicluster Istio topology using themanifests and Helm charts provided within the Istio repository.
Install the on one Kubernetes cluster.
You must deploy the component to each remote Kubernetescluster. You can install the component in one of two ways:
- Use the following command on the remote cluster to installthe Istio control plane service endpoints:
All clusters must have the same namespace for the Istiocomponents. It is possible to override the name on the maincluster as long as the namespace is the same for all Istio components inall clusters.
- The following command example labels the namespace. Use similarcommands to label all the remote cluster’s namespaces requiring automaticsidecar injection.
Repeat for all Kubernetes namespaces that need to setup automatic sidecarinjection.
Set up a multicluster mesh over two GKE clusters.
Shared control plane (multi-network)
Install an Istio mesh across multiple Kubernetes clusters using a shared control plane for disconnected cluster networks.
通过控制平面副本集实例,在多个 Kubernetes 集群上安装 Istio 网格。
Multi-mesh deployments for isolation and boundary protection
Deploy environments that require isolation into separate meshes and enable inter-mesh communication by mesh federation.
Configuring Istio route rules in a multicluster service mesh.
