IBM Cloud Kubernetes Service & IBM Cloud Private
This example demonstrates how to use Istio's multicluster feature to join 1 IBM Cloud Private cluster and 1 IBM Cloud Kubernetes Service cluster together, using the multicluster installation instructions.
Set up two clusters
Install One IBM Cloud Private cluster. NOTE: You can configure Pod CIDR ranges and service CIDR ranges by
network_cidrandservice_cluster_ip_rangeincluster/config.yamlfor IBM Cloud Private.## Network in IPv4 CIDR format network_cidr: 10.1.0.0/16 ## Kubernetes Settings service_cluster_ip_range: 10.0.0.1/24Request One IBM Cloud Kubernetes Service cluster. NOTE: By default, when you have provisioned a IBM Cloud Kubernetes Service cluster, the CIDR is as below.
pod subnet CIDR: 172.30.0.0/16. service subnet CIDR: 172.21.0.0/16.
Configure pod communication across IBM Cloud Kubernetes Service & IBM Cloud Private
Since these two clusters are in isolated network environments we need to set up VPN connection between them.
Set up strongSwan in IBM Cloud Kubernetes Service cluster:
Set up helm in IBM Cloud Kubernetes Service by following these instructions.
Install strongSwan using helm chart by following these instructions,Example configuration parameters from
config.yaml:ipsec.auto: add remote.subnet: 10.0.0.0/24,10.1.0.0/16Get the external IP of the
vpn-strongswanservice:$ kubectl get svc vpn-strongswan
Set up strongSwan in IBM Cloud Private:
Complete the strongSwan workarounds for IBM Cloud Private by following these instructions.
Install strongSwan from the catalog in the management console by following these instructions,example configuration parameters:
Namespace: default Operation at startup: start Local subnets: 10.0.0.0/24,10.1.0.0/16 Remote gateway: Public IP of IKS vpn-strongswan service that you get earlier Remote subnets: 172.30.0.0/16,172.21.0.0/16 Privileged authority for VPN pod: checkedVerify that IBM Cloud Private can connect to IBM Cloud Kubernetes Service by running the following command on the IBM Cloud Kubernetes Service cluster:
$ export STRONGSWAN_POD=$(kubectl get pod -l app=strongswan,release=vpn -o jsonpath='{ .items[0].metadata.name }') $ kubectl exec $STRONGSWAN_POD -- ipsec status
Confirm pods can communicate by pinging pod IP in IBM Cloud Private from IBM Cloud Kubernetes Service.
$ ping 10.1.14.30 PING 10.1.14.30 (10.1.14.30) 56(84) bytes of data. 64 bytes from 10.1.14.30: icmp_seq=1 ttl=59 time=51.8 ms
Install Istio for multicluster
Follow the multicluster installation steps to install and configure the local Istio control plane and Istio remote on IBM Cloud Private and IBM Cloud Kubernetes Service.
This example uses IBM Cloud Private as the Istio local control plane and IBM Cloud Kubernetes Service as the Istio remote.
Deploy Bookinfo example across clusters by following these instructions
See also
Example multicluster GKE install of Istio.
Example multicluster IBM Cloud Private install of Istio.
Install Istio with multicluster support.
Instructions to download the Istio release.
Instructions to setup a Google Kubernetes Engine cluster for Istio.
Describes the options available when installing Istio using the included Helm chart.