Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

talk about using the operator to create the remote cluster resources #831

Merged

Conversation

jmazzitelli
Copy link
Contributor

@jmazzitelli jmazzitelli commented Oct 31, 2024

@jmazzitelli jmazzitelli self-assigned this Oct 31, 2024

3. Optional - **Configure tracing with cluster ID.** By default, traces do not include their cluster name in the trace tags however this can be added using the istio telemetry API.
3. Optional - **Configure tracing with cluster ID.** By default, traces do not include their cluster name in the trace tags; however, this can be added using the Istio telemetry API.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually no longer true as of some recent Istio verison. Will you remove this section?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was just changing the punctuation and capitalization of an already existing section. If this is no longer accurate, I can remove this line entirely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this section has been removed

- Create a Kiali Service Account in the remote cluster.
- Create a role/role-binding for this service account in the remote cluster.
- Create a kubeconfig file and save this as a secret in the namespace where Kiali is deployed.
2. **Create a remote cluster secret.** In order for Kiali to access a remote cluster, you must provide a kubeconfig to Kiali via a Kubernetes secret. This requires you to obtain a token for the remote cluster's SA created in step 1. It is up to you how you want to create and manage this token, however, you can use the [kiali-prepare-remote-cluster.sh script](https://github.com/kiali/kiali/blob/master/hack/istio/multicluster/kiali-prepare-remote-cluster.sh) to simplify this process for you.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know the script can run helm template | kubectl apply but I think we should recommend that people only use the script for creating the remote secret. For creating the remote resources, users can run helm install kiali-server --set remote-resources-only=true on their own or if they are using the operator then creating the Kiali CR with that option.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now, the default for the script is to create both the secret and remote resources. Now that we have support for remote resources in operator and helm charts, and now that we'll recommend using the script only to create the secret, maybe we should make the default behavior to only create the secret? So we'd change it to:

DEFAULT_PROCESS_KIALI_SECRET="true"
DEFAULT_PROCESS_REMOTE_RESOURCES="false"

The user could use the script to create both, they would just have to pass in --process-remote-resources=true explicitly. But this way for the documented/recommended way to use the script, they wouldn't have to pass either of the --process-xyz options, the defaults would just create the secret.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm good with either way.

@jmazzitelli jmazzitelli merged commit b46da7f into kiali:staging Nov 7, 2024
5 checks passed
@jmazzitelli jmazzitelli deleted the 7861-remote-cluster-resources branch November 7, 2024 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

Successfully merging this pull request may close these issues.

2 participants