diff --git a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_https_enabled.yaml b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_https_enabled.yaml index 85545d7f2..930a96e9b 100644 --- a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_https_enabled.yaml +++ b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_https_enabled.yaml @@ -22,7 +22,7 @@ spec: spec: volumes: - name: mongodb-versions - emptyDir: {} + emptyDir: { } containers: - name: mongodb-ops-manager volumeMounts: @@ -37,6 +37,8 @@ spec: initContainers: - name: setting-up-rhel-mongodb image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -48,6 +50,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-4-4 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -59,6 +63,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-5-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -70,6 +76,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-6-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -81,6 +89,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-6-0-sig image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -92,6 +102,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-6-0-21 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -103,6 +115,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-6-0-21-sig image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -112,9 +126,10 @@ spec: volumeMounts: - name: mongodb-versions mountPath: /mongodb-ops-manager/mongodb-releases - - name: setting-up-rhel-mongodb-7-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -126,6 +141,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-7-0-sig image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -137,6 +154,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-8-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -148,6 +167,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-8-0-sig image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L diff --git a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_localmode-single-pv.yaml b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_localmode-single-pv.yaml index 59079a224..32193de7a 100644 --- a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_localmode-single-pv.yaml +++ b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/om_localmode-single-pv.yaml @@ -35,6 +35,8 @@ spec: initContainers: - name: setting-up-rhel-mongodb-4-2-8 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -46,6 +48,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-6-0-21 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -57,6 +61,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-7-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L @@ -68,6 +74,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases - name: setting-up-rhel-mongodb-8-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - curl - -L diff --git a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/remote_fixtures/nginx.yaml b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/remote_fixtures/nginx.yaml index adb665a0e..0911c9c58 100644 --- a/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/remote_fixtures/nginx.yaml +++ b/docker/mongodb-kubernetes-tests/tests/opsmanager/fixtures/remote_fixtures/nginx.yaml @@ -29,6 +29,8 @@ spec: initContainers: - name: setting-up-mongosh-1-4-1 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -38,6 +40,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-1-9-1 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -47,6 +51,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-1-10-4 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -56,6 +62,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-0-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -65,6 +73,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-0-2 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -74,6 +84,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-0-2-om7 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -83,6 +95,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-1-5-om7 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -92,6 +106,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-2-3-om7 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -101,6 +117,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-2-4-om7 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -110,6 +128,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-4-0 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -119,6 +139,8 @@ spec: mountPath: /mongodb-ops-manager/mongodb-releases/compass - name: setting-up-mongosh-2-5-6 image: curlimages/curl:latest + securityContext: + runAsUser: 1337 # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers command: - sh - -c @@ -126,15 +148,14 @@ spec: volumeMounts: - name: mongosh-versions mountPath: /mongodb-ops-manager/mongodb-releases/compass - restartPolicy: Always - securityContext: {} + securityContext: { } terminationGracePeriodSeconds: 30 volumes: - name: mongodb-versions - emptyDir: {} + emptyDir: { } - name: mongosh-versions - emptyDir: {} + emptyDir: { } - configMap: name: nginx-conf name: nginx-conf diff --git a/docker/mongodb-kubernetes-tests/tests/opsmanager/om_remotemode.py b/docker/mongodb-kubernetes-tests/tests/opsmanager/om_remotemode.py index e75525a94..80bd0a81f 100644 --- a/docker/mongodb-kubernetes-tests/tests/opsmanager/om_remotemode.py +++ b/docker/mongodb-kubernetes-tests/tests/opsmanager/om_remotemode.py @@ -14,6 +14,7 @@ VERSION_NOT_IN_WEB_SERVER = "4.2.1" + # If this test is failing after an OM Bump, ensure that the nginx deployment fixture contains the associated mongosh # version. More details in this ticket: https://jira.mongodb.org/browse/CLOUDP-332640 @@ -47,6 +48,10 @@ def add_mdb_version_to_deployment(deployment: Dict[str, Any], version: str): "name": KubernetesTester.random_k8s_name(prefix="mdb-download"), "image": "curlimages/curl:latest", "command": ["sh", "-c", f"{curl_command} && true"], + "securityContext": { + # workaround for init-container istio issue -> https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers + "runAsUser": 1337, + }, "volumeMounts": [ { "name": "mongodb-versions", diff --git a/multi_cluster/tools/install_istio.sh b/multi_cluster/tools/install_istio.sh index 8e65b56fc..15ca12d46 100755 --- a/multi_cluster/tools/install_istio.sh +++ b/multi_cluster/tools/install_istio.sh @@ -38,6 +38,7 @@ make -f ../tools/certs/Makefile.selfsigned.mk "${CTX_CLUSTER3}-cacerts" || make # create cluster secret objects with the certs and keys kubectl --context="${CTX_CLUSTER1}" delete ns istio-system || true kubectl --context="${CTX_CLUSTER1}" create ns istio-system +kubectl --context="${CTX_CLUSTER1}" label --overwrite ns istio-system pod-security.kubernetes.io/enforce=privileged kubectl --context="${CTX_CLUSTER1}" create secret generic cacerts -n istio-system \ --from-file=${CTX_CLUSTER1}/ca-cert.pem \ --from-file=${CTX_CLUSTER1}/ca-key.pem \ @@ -46,6 +47,7 @@ kubectl --context="${CTX_CLUSTER1}" create secret generic cacerts -n istio-syste kubectl --context="${CTX_CLUSTER2}" delete ns istio-system || true kubectl --context="${CTX_CLUSTER2}" create ns istio-system +kubectl --context="${CTX_CLUSTER2}" label --overwrite ns istio-system pod-security.kubernetes.io/enforce=privileged kubectl --context="${CTX_CLUSTER2}" create secret generic cacerts -n istio-system \ --from-file=${CTX_CLUSTER2}/ca-cert.pem \ --from-file=${CTX_CLUSTER2}/ca-key.pem \ @@ -54,6 +56,7 @@ kubectl --context="${CTX_CLUSTER2}" create secret generic cacerts -n istio-syste kubectl --context="${CTX_CLUSTER3}" delete ns istio-system || true kubectl --context="${CTX_CLUSTER3}" create ns istio-system +kubectl --context="${CTX_CLUSTER3}" label --overwrite ns istio-system pod-security.kubernetes.io/enforce=privileged kubectl --context="${CTX_CLUSTER3}" create secret generic cacerts -n istio-system \ --from-file=${CTX_CLUSTER3}/ca-cert.pem \ --from-file=${CTX_CLUSTER3}/ca-key.pem \ @@ -67,6 +70,10 @@ apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: tag: ${VERSION} + components: + cni: + namespace: istio-system + enabled: true meshConfig: defaultConfig: terminationDrainDuration: 30s @@ -81,13 +88,17 @@ spec: network: network1 EOF -bin/istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml -y & +bin/istioctl install --context="${CTX_CLUSTER1}" --set components.cni.enabled=true -f cluster1.yaml -y & cat <cluster2.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: tag: ${VERSION} + components: + cni: + namespace: istio-system + enabled: true meshConfig: defaultConfig: terminationDrainDuration: 30s @@ -102,13 +113,17 @@ spec: network: network1 EOF -bin/istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml -y & +bin/istioctl install --context="${CTX_CLUSTER2}" --set components.cni.enabled=true -f cluster2.yaml -y & cat <cluster3.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: tag: ${VERSION} + components: + cni: + namespace: istio-system + enabled: true meshConfig: defaultConfig: terminationDrainDuration: 30s @@ -123,7 +138,7 @@ spec: network: network1 EOF -bin/istioctl install --context="${CTX_CLUSTER3}" -f cluster3.yaml -y & +bin/istioctl install --context="${CTX_CLUSTER3}" --set components.cni.enabled=true -f cluster3.yaml -y & wait diff --git a/multi_cluster/tools/install_istio_central.sh b/multi_cluster/tools/install_istio_central.sh index da6f84477..2ee3e5427 100755 --- a/multi_cluster/tools/install_istio_central.sh +++ b/multi_cluster/tools/install_istio_central.sh @@ -10,4 +10,4 @@ source multi_cluster/tools/download_istio.sh cd istio-${VERSION} bin/istioctl x uninstall --context="${CTX_CLUSTER}" --purge --skip-confirmation -bin/istioctl install --context="${CTX_CLUSTER}" --set profile=default --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY --skip-confirmation +bin/istioctl install --context="${CTX_CLUSTER}" --set components.cni.enabled=true --set profile=default --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY --skip-confirmation diff --git a/public/architectures/setup-multi-cluster/ra-03-setup-istio/install_istio_separate_network.sh b/public/architectures/setup-multi-cluster/ra-03-setup-istio/install_istio_separate_network.sh index 12f063bc1..e385bd707 100755 --- a/public/architectures/setup-multi-cluster/ra-03-setup-istio/install_istio_separate_network.sh +++ b/public/architectures/setup-multi-cluster/ra-03-setup-istio/install_istio_separate_network.sh @@ -94,6 +94,7 @@ spec: network: network1 EOF bin/istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml -y + samples/multicluster/gen-eastwest-gateway.sh \ --mesh mesh1 --cluster cluster1 --network network1 | \ bin/istioctl --context="${CTX_CLUSTER1}" install -y -f - diff --git a/public/samples/ops-manager/ops-manager-remote-mode.yaml b/public/samples/ops-manager/ops-manager-remote-mode.yaml index 80c5fa253..4b50ba4fc 100644 --- a/public/samples/ops-manager/ops-manager-remote-mode.yaml +++ b/public/samples/ops-manager/ops-manager-remote-mode.yaml @@ -73,7 +73,6 @@ spec: volumeMounts: - name: mongodb-versions mountPath: /mongodb-ops-manager/mongodb-releases/linux - - name: setting-up-rhel-mongodb-4-4-ent image: curlimages/curl:latest command: diff --git a/scripts/release/kubectl-mongodb/install_istio_separate_network.sh b/scripts/release/kubectl-mongodb/install_istio_separate_network.sh deleted file mode 100755 index adda0ff92..000000000 --- a/scripts/release/kubectl-mongodb/install_istio_separate_network.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/usr/bin/env bash - -set -eux - -# define here or provide the cluster names externally -export CTX_CLUSTER1=${CTX_CLUSTER1} -export CTX_CLUSTER2=${CTX_CLUSTER2} -export CTX_CLUSTER3=${CTX_CLUSTER3} -export ISTIO_VERSION=${ISTIO_VERSION} - -# download Istio under the path -curl -L https://istio.io/downloadIstio | sh - - -# checks if external IP has been assigned to a service object, in our case we are interested in east-west gateway -function_check_external_ip_assigned() { - while : ; do - ip=$(kubectl --context="$1" get svc istio-eastwestgateway -n istio-system --output jsonpath='{.status.loadBalancer.ingress[0].ip}') - if [ -n "${ip}" ] - then - echo "external ip assigned ${ip}" - break - else - echo "waiting for external ip to be assigned" - fi -done -} - -cd "istio-${ISTIO_VERSION}" -mkdir -p certs -pushd certs - -# create root trust for the clusters -make -f ../tools/certs/Makefile.selfsigned.mk root-ca -make -f ../tools/certs/Makefile.selfsigned.mk "${CTX_CLUSTER1}-cacerts" -make -f ../tools/certs/Makefile.selfsigned.mk "${CTX_CLUSTER2}-cacerts" -make -f ../tools/certs/Makefile.selfsigned.mk "${CTX_CLUSTER3}-cacerts" - -kubectl --context="${CTX_CLUSTER1}" create ns istio-system -kubectl --context="${CTX_CLUSTER1}" create secret generic cacerts -n istio-system \ - --from-file="${CTX_CLUSTER1}/ca-cert.pem" \ - --from-file="${CTX_CLUSTER1}/ca-key.pem" \ - --from-file="${CTX_CLUSTER1}/root-cert.pem" \ - --from-file="${CTX_CLUSTER1}/cert-chain.pem" - -kubectl --context="${CTX_CLUSTER2}" create ns istio-system -kubectl --context="${CTX_CLUSTER2}" create secret generic cacerts -n istio-system \ - --from-file="${CTX_CLUSTER2}/ca-cert.pem" \ - --from-file="${CTX_CLUSTER2}/ca-key.pem" \ - --from-file="${CTX_CLUSTER2}/root-cert.pem" \ - --from-file="${CTX_CLUSTER2}/cert-chain.pem" - -kubectl --context="${CTX_CLUSTER3}" create ns istio-system -kubectl --context="${CTX_CLUSTER3}" create secret generic cacerts -n istio-system \ - --from-file="${CTX_CLUSTER3}/ca-cert.pem" \ - --from-file="${CTX_CLUSTER3}/ca-key.pem" \ - --from-file="${CTX_CLUSTER3}/root-cert.pem" \ - --from-file="${CTX_CLUSTER3}/cert-chain.pem" -popd - -# label namespace in cluster1 -kubectl --context="${CTX_CLUSTER1}" get namespace istio-system && \ - kubectl --context="${CTX_CLUSTER1}" label namespace istio-system topology.istio.io/network=network1 - -cat < cluster1.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster1 - network: network1 -EOF -bin/istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml -samples/multicluster/gen-eastwest-gateway.sh \ - --mesh mesh1 --cluster cluster1 --network network1 | \ - bin/istioctl --context="${CTX_CLUSTER1}" install -y -f - - - -# check if external IP is assigned to east-west gateway in cluster1 -function_check_external_ip_assigned "${CTX_CLUSTER1}" - - -# expose services in cluster1 -kubectl --context="${CTX_CLUSTER1}" apply -n istio-system -f \ - samples/multicluster/expose-services.yaml - - -kubectl --context="${CTX_CLUSTER2}" get namespace istio-system && \ - kubectl --context="${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2 - - -cat < cluster2.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster2 - network: network2 -EOF - -bin/istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml - -samples/multicluster/gen-eastwest-gateway.sh \ - --mesh mesh1 --cluster cluster2 --network network2 | \ - bin/istioctl --context="${CTX_CLUSTER2}" install -y -f - - -# check if external IP is assigned to east-west gateway in cluster2 -function_check_external_ip_assigned "${CTX_CLUSTER2}" - -kubectl --context="${CTX_CLUSTER2}" apply -n istio-system -f \ - samples/multicluster/expose-services.yaml - -# cluster3 -kubectl --context="${CTX_CLUSTER3}" get namespace istio-system && \ - kubectl --context="${CTX_CLUSTER3}" label namespace istio-system topology.istio.io/network=network3 - -cat < cluster3.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster3 - network: network3 -EOF - -bin/istioctl install --context="${CTX_CLUSTER3}" -f cluster3.yaml - -samples/multicluster/gen-eastwest-gateway.sh \ - --mesh mesh1 --cluster cluster3 --network network3 | \ - bin/istioctl --context="${CTX_CLUSTER3}" install -y -f - - - -# check if external IP is assigned to east-west gateway in cluster3 -function_check_external_ip_assigned "${CTX_CLUSTER3}" - -kubectl --context="${CTX_CLUSTER3}" apply -n istio-system -f \ - samples/multicluster/expose-services.yaml - - -# enable endpoint discovery -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER1}" \ - -n istio-system \ - --name=cluster1 | \ - kubectl apply -f - --context="${CTX_CLUSTER2}" - -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER1}" \ - -n istio-system \ - --name=cluster1 | \ - kubectl apply -f - --context="${CTX_CLUSTER3}" - -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER2}" \ - -n istio-system \ - --name=cluster2 | \ - kubectl apply -f - --context="${CTX_CLUSTER1}" - -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER2}" \ - -n istio-system \ - --name=cluster2 | \ - kubectl apply -f - --context="${CTX_CLUSTER3}" - -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER3}" \ - -n istio-system \ - --name=cluster3 | \ - kubectl apply -f - --context="${CTX_CLUSTER1}" - -bin/istioctl x create-remote-secret \ - --context="${CTX_CLUSTER3}" \ - -n istio-system \ - --name=cluster3 | \ - kubectl apply -f - --context="${CTX_CLUSTER2}" - - # cleanup: delete the istio repo at the end -cd .. -rm -r "istio-${ISTIO_VERSION}" -rm -f cluster1.yaml cluster2.yaml cluster3.yaml