I have two Istio meshes one for PCI and another for non-PCI workloads, I want to use a single control plane, instead of a replicated control plane? Will this work or there should be replicated control planes?
Can you explain a little more about the problem you are trying to solve? Do you want to configure the meshes from one point? do you want service discovery between two of them? Can you explain your topology a little more about this point
multi-cluster deployments, I am asking about mesh-federation
Sure, We have 2 EKS clusters in 2 different networks, one of those clusters runs workloads that are PCI and needs to have strong boundary protection and security. but we want to enable cross-cluster communication using mesh-federation, enabling only certain workloads in a non-pci cluster to communicate with a PCI cluster and vice versa.
The current mesh federation work is only in the scope of explaining how we’re going to communicate one way, what if we want to have both way communication?
You have to configure service entries for both clusters and expose the services via eastwest-gateway. i.e. configure service entries for cluster02 in cluster01 and vice versa. I’m assuming you want mesh-federation because you want to limit the exposure of services between clusters?
Yes you are correct, since I want to security and boundary protection as much as possible
How will the service discovery be? It happens because of the service entry files we wrote?
Yes, the service entry will help the service discovery.