Replies: 2 comments
-
I think it's important to mention that I am using a self-signed certificate as a client.
|
Beta Was this translation helpful? Give feedback.
-
Okay, it seems like it's fixed. The magic is in extracting the generated root certificate from the first cluster and correctly adding it to the second one without overwriting, so the second cluster considers it its own. If implemented through Ansible, it would look like this:
Ansible tasks:
Now the check for multi-primary clusters in different networks is working. I implemented this through Ansible and haven't verified it in the terminal, but without Ansible, it would look something like this:
than:
|
Beta Was this translation helpful? Give feedback.
-
Hello everyone,
I have successfully configured two Kubernetes clusters using Istio in different networks (without using istio-csr). I also have a successfully configured cluster in one region using istio-csr, which seems to be working as intended with HTTPS and more.
Now, I am trying to create a cluster in another region and set up multi-cluster on different networks using istio-csr. The first one works, but there is no connection between the clusters (using this: https://istio.io/latest/docs/setup/install/multicluster/verify/).
It seems that the issue lies in the fact that the root certificates created automatically on both clusters are different, as outlined in this guide: https://cert-manager.io/docs/tutorials/istio-csr/istio-csr/.
If I try to use the root certificate from the main cluster, I get errors like:
If I use the certificate generated during creation, the connection between clusters doesn't work.
How can I use a single root certificate for both clusters? Or any additional ideas?
Beta Was this translation helpful? Give feedback.
All reactions