Hi, I found the citadel replica is configurable like this (replicas: {{ .Values.replicaCount }}, the modification is in https://github.com/istio/istio/pull/14961 ), but the doc said “Citadel does not support multiple instances. Running multiple Citadel instances may introduce race conditions and lead to system outages.”.
Can anyone help to confirm which one is correct? @Tao_Li
Then does I need to enable the flag --read-signing-cert-only in citadel to make multiple citadels setup work?
--read-signing-cert-only: When set, Citadel only reads the self-signed signing cert and key from Kubernetes secret without generating one (if not exist). This flag avoids racing condition between multiple Citadels generating self-signed key and cert. Please make sure one and only one Citadel instance has this flag set to false.
I can’t find any reference to this flag in helm chart or the new installer repo.
Does Istio 1.4 supports multi replicas of citadel, for scalability. There is a reference in Istio 1.1 (Istioldie 1.1 / Repairing Citadel), but not sure if this is still valid for istio 1.4.