Skip to content

Istio Multicluster Architectures

Istio multicluster architectures are designed to support complex deployment scenarios, specifically Primary-Remote configurations and Multi-network setups^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. These configurations typically assume that the Istio base installation has already been deployed to the primary clusters^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

East-West Gateway

A core component in these architectures is the deployment of a dedicated East-West Gateway^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. Unlike the default Ingress gateway used for external (North-South) traffic, this gateway is reserved specifically for inter-cluster communication^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Separating this traffic prevents east-west traffic from flooding the north-south Ingress gateway^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. Deployment is handled using the gen-eastwest-gateway.sh script, which requires environment variables for the mesh ID (MESH), cluster name (CLUSTER), and network ID (NETWORK) that align with the control plane configuration^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Primary-Remote Configuration

In a Primary-Remote setup, remote clusters rely on the control plane (istiod) located in a primary cluster^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. To facilitate this, the istiod service must be exposed through the East-West Gateway using the expose-istiod.yaml configuration^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Multi-network Configuration

For Multi-network architectures, the goal is to enable cross-cluster load balancing across different networks^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. This requires exposing services via the East-West Gateway in each cluster, typically achieved by applying an expose-services.yaml configuration^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Sources

^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]