K
Q

How are you connecting two Istio clusters?

10/1/2018

The scenario:

I have two K8s clusters. One is on-prem, the other is hosted in AWS. I could use Istio to make communication painless and do things like balloon capacity in AWS, but I'm getting hung up on trying to connect them. Reading the documentation, it looks like I need a VPN deployed inside of K8s if I want to have encrypted tunnels so that each internal network can talk to the other side. They're both non-overlapping 10-dots so I have that part done.

Is that correct or am I missing something on how to connect the two K8s clusters?

-- tiber
istio
kubernetes
vpn

Similar Questions

VDO on Kubernetes
kube-dns stops working after random amount of time
Is it possible to stop a job in Kubernetes without deleting it
GKE (Google Cloud) Kubernetes Exposed Service Connection Refused

2 Answers

10/1/2018

Having Istio in your cluster is independent of setting up basic communication in between your two clusters. There are a few options that I can think of here:

  1. VPN between some nodes in both clusters like you mentioned.
  2. BGP peering with Calico and your existing infrastructure.
  3. A router in between your two clusters that understand the internal cluster IPs (This could be with BGP or static routes)
  4. Kubernetes Federation. V1 is in alpha and V2 is in the implementation phase as of this writing. Not prod ready yet IMO.
-- Rico
Source: StackOverflow
10/3/2018

OK I figured out I'm basically doing it wrong. Since istio uses TLS - I don't need the VPN for crypto, just connectivity, which is overkill since it's encrypting encrypted traffic. I just need some sort of connectivity between the clusters which we can facilitate on the existing link and I can use EIPs if I don't have that.

-- tiber
Source: StackOverflow