Citadel support multiple replica or not?

Hi, I found the citadel replica is configurable like this (replicas: {{ .Values.replicaCount }}, the modification is in https://github.com/istio/istio/pull/14961 ), but the doc said “Citadel does not support multiple instances. Running multiple Citadel instances may introduce race conditions and lead to system outages.”.
Can anyone help to confirm which one is correct?
@Tao_Li

Thanks,

Yep, this feature seems to be supported.

I’ve submitted a pull request to update the docs.

1 Like

Hi @jwendell

Then does I need to enable the flag --read-signing-cert-only in citadel to make multiple citadels setup work?

--read-signing-cert-only: When set, Citadel only reads the self-signed signing cert and key from Kubernetes secret without generating one (if not exist). This flag avoids racing condition between multiple Citadels generating self-signed key and cert. Please make sure one and only one Citadel instance has this flag set to false.

I can’t find any reference to this flag in helm chart or the new installer repo.

1 Like

who know this? does that mean only “not self-assigned” citadel support multiple relica?
Thanks,
@Oliver

Hobby