If you missed today’s user community meeting, an update for Istio multicluster support in 1.1 was provided by Etai and Ram from IBM. If you are interested in this topic, feel free to check out the slides and video recording:
We have also built a simple survey to gather your input on this important topic so that we can serve you better. Please take a min to fill it out and we will share the result soon.
The fact that the meshNetworks has a IP:Port defined per network (like 15443 in this case), how do define a gateway config to take care of multiple applications across the clusters (like both using different protocols, etc.).
Also, how is the reverse side data path set-up through the gateway (from remote cluster app connecting to the main cluster app).
The 15443 is a general purpose control plane port open for incoming traffic from another cluster. Because we have control plane security enabled in this setup the data from source envoy to destination envoy is encrypted without termination. The special AUTO_PASSTHROUGH mode guides the ingress gateway to route to local service based on the SNI information. Istio has custom SNI string that holds the service, port and subset.
In this scenario you will need two networks defined in meshNetworks. For example, adding a network1 with CIDR range and GW IP for the primary in addition to the network2 of the remote.
Please notice that we still need to verify this scenario and make sure there are no issues with it.
Many thanks for those of you who filled out the survey! As promised, attached is the result, enjoy! Looks like both multicluster deployment models are common with slight preference towards split horizon multicluster single control plane deployment model.
