Primary-Remote Configuration¶

Primary-Remote Configuration is a multicluster deployment pattern in Istio designed to connect a primary cluster's control plane with one or more remote clusters^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Overview¶

In this topology, the remote cluster relies on the control plane (istiod) hosted in the primary cluster^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. To facilitate this, a dedicated gateway deployment for east-west traffic is required to prevent network congestion from overwhelming the default north-south Ingress gateway^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

Configuration Steps¶

Implementing this configuration involves two main steps: deploying the East-West Gateway and exposing the control plane.

1. Deploy the East-West Gateway ¶

A dedicated East-West Gateway must be deployed to the primary cluster^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]. This is achieved using the gen-eastwest-gateway.sh script, which requires environment variables for the mesh ID, cluster name, and network to match the control plane's configuration^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

export MESH=mesh1
export CLUSTER=cluster1
export NETWORK=network1
./samples/multicluster/gen-eastwest-gateway.sh | \
    [istioctl](<./istioctl.md>) manifest generate -f - | \
    [kubectl](<./kubectl.md>) apply -f -

2. Expose the Control Plane¶

Once the gateway is active, the istiod service must be exposed through it to grant the remote cluster access to the primary control plane^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md].

[kubectl](<./kubectl.md>) apply -f samples/multicluster/expose-istiod.yaml -n istio-system

Sources¶

^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]