-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
We should not implement OSSM-9323 for 3.0.z, so we need to add the steps for creating istio-reader-service-account before installing the remote secrets.
We need to modify the multi-primary documentation part (after the install of Istio on each cluster):
- Create the istio-reader-service-account for both clusters:
$ oc --context="${CTX_CLUSTER1}" create serviceaccount istio-reader-service-account -n istio-system $ oc --context="${CTX_CLUSTER2}" create serviceaccount istio-reader-service-account -n istio-system
- Add the cluster role cluster-reader to both of these service accounts:
$ oc --context="${CTX_CLUSTER1}" adm policy add-cluster-role-to-user cluster-reader -z istio-reader-service-account -n istio-system $ oc --context="${CTX_CLUSTER2}" adm policy add-cluster-role-to-user cluster-reader -z istio-reader-service-account -n istio-system
- Install a remote secret on the East cluster that provides access to the API server on the West cluster by running the following command:
$ istioctl create-remote-secret \ --context="${CTX_CLUSTER2}" \ --name=cluster2 \ --create-service-account=false | \ oc --context="${CTX_CLUSTER1}" apply -f -
- Install a remote secret on the West cluster that provides access to the API server on the East cluster by running the following command:
$ istioctl create-remote-secret \ --context="${CTX_CLUSTER1}" \ --name=cluster1 \ --create-service-account=false | \ oc --context="${CTX_CLUSTER2}" apply -f -