Shared control plane (single-network)
Follow this guide to install an Istio multicluster service mesh where the Kubernetes cluster services and the applications in each cluster have the capability to expose their internal Kubernetes network to other clusters.
In this configuration, multiple Kubernetes clusters running a remote configuration connect to a shared Istio control plane. Once one or more remote Kubernetes clusters are connected to the Istio control plane, Envoy can then form a mesh network across multiple clusters.
Two or more clusters running a supported Kubernetes version (1.13, 1.14, 1.15).
The ability to deploy the Istio control plane on one of the clusters.
A RFC1918 network, VPN, or an alternative more advanced network technique meeting the following requirements:
Individual cluster Pod CIDR ranges and service CIDR ranges must be unique across the multicluster environment and may not overlap.
All pod CIDRs in every cluster must be routable to each other.
All Kubernetes control plane API servers must be routable to each other.
Helm 2.10 or newer. The use of Tiller is optional.
This guide describes how to install a multicluster Istio topology using the manifests and Helm charts provided within the Istio repository.
Deploy the local control plane
Install the Istio control plane on one Kubernetes cluster.
Install the Istio remote
You must deploy the
istio-remote component to each remote Kubernetes
cluster. You can install the component in one of two ways: