🔍 These use cases have been tested on OpenShift 4.14 with MetalLB.
Use cases:
- Istio multicluster & multiprimary
- Istio multicluster & multiprimary with different cluster domain
- Istio multicluster & multiprimary. Custom service discovery instead of automatic service discovery
In this scenario, Istio is installed via Sail Operator. The deployment model is Multi-Primary on different networks.
Follow the specific README for this scenario.
Istio multicluster & multiprimary on OpenShift. Cluster domain different per cluster. Exposing all services automatically
In this scenario, Istio is installed via Sail Operator. The deployment model is Multi-Primary on different networks.
In this scenario, the cluster domain is different per cluster:
- cluster1 domain: cluster1.local
- cluster2 domain: cluster2.local
⚠️ With this setup, both cluster domains should be considered the same as the trustdomain: You can not differentiate the cluster domain when using the spiffe id. For instance, by applying an AuthorizationPolicy, you can not trust only a cluster, both are trusted. See the following issue for more information.
Follow the specific README for this scenario.
Istio multicluster & multiprimary on OpenShift. Cluster domain different per cluster. Adding custom services instead of automatic service discovery
In this scenario, Istio is installed via Sail Operator. The deployment model is Multi-Primary on different networks.
In this scenario, the cluster domain is different per cluster:
- cluster1 domain: cluster1.local
- cluster2 domain: cluster2.local
Each custom service is added to the cluster by using the following Istio resources:
⚠️ With this setup, only the spiffe id used in the Istio resources is trusted: In this use case, you can differentiate the cluster domain when using the spiffe id.
Follow the specific README for this scenario.
Fran Perea Rodríguez @RedHat