Service mesh Control Plane Exposure¶

Service Mesh Control Plane Exposure refers to the architectural configuration required to allow remote or secondary clusters to access a centralized control plane.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md] This is a fundamental aspect of Service Mesh topologies such as Primary-Remote configurations, where a single istiod instance manages data planes across multiple clusters.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]

Implementation¶

To expose the control plane for cross-cluster access, the istiod service is made accessible through an East-West Gateway.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md] This is typically achieved by applying specific Kubernetes manifests, such as samples/multicluster/expose-istiod.yaml, within the istio-system namespace.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]

Related Infrastructure¶

This exposure mechanism relies on the deployment of a dedicated Gateway resource separate from the default Ingress, designed to handle inter-cluster (east-west) traffic without impacting north-south Ingress loads.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]

Related Concepts¶

• East-West Gateway
• [[Multicluster Service Mesh]]
• Primary-Remote Configuration
• Service Mesh

Sources¶

^[400-devops-07-monitoring-and-observability-k8s-istio-samples-multicluster-readme.md]