IstioFederation

Scope: Cluster
Version: v1alpha1

CR for setting remote cluster as trusted one.

  • specobject

    Required value

    • metadataEndpointstring

      Required value

      HTTPS endpoint with remote cluster metadata.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/
      
    • trustDomainstring

      Required value

      The TrustDomain of the remote cluster.

      A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.

      Pattern: ^[0-9a-zA-Z._-]+$

      Example:

      trustDomain: cluster.local
      

IstioMulticluster

Scope: Cluster
Version: v1alpha1

CR for setting remote cluster as trusted one.

  • specobject

    Required value

    • enableIngressGatewayboolean

      Should Istio use ingressgateways to access remote Pods?

      If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.

      Default: true

    • metadataEndpointstring

      Required value

      HTTPS endpoint with remote cluster metadata.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/