The code can be found in https://github.com/cilium/cilium/tree/master/clustermesh-apiserver
-
Adjust
install/deployment.yamland modify the service type to eitherLoadBalancerorNodePortdepending on your needs. -
Enable SSL transport security features in the etcd container as needed. See the etcd documentation for details.
-
Deploy the
clustermesh-apiserverinto the same namespace where Cilium is running:kubectl -n kube-system create -f install/
-
Extract the IP and port of the
clustermesh-apiserverservice (Adjust the example based on the service type you are using):IP=$(kubectl -n kube-system get svc clustermesh-apiserver -o json | jq -r '.spec.clusterIP') PORT=$(kubectl -n kube-system get svc clustermesh-apiserver -o json | jq -r '.spec.ports[0].port') -
Generate the configuration file to access the remote cluster. The file name
remotemust refer to the name of the remote cluster:cat > remote << EOF endpoints: - http://${IP}:${PORT} EOFIf you have enabled SSL transport security, also refer to the certificates and keys:
cat > remote << EOF endpoints: - https://${IP}:${PORT} trusted-ca-file: '/var/lib/cilium/clustermesh/remote-ca.crt' key-file: '/var/lib/cilium/clustermesh/remote.key' cert-file: '/var/lib/cilium/clustermesh/remote.crt' EOF -
Create a Kubernetes secret in the same namespace as Cilium is running in to package the comfiguration file. If you are connecting to multiple clusters, repeat
--from-filefor each cluster. if you have referred to certificates and keys in the previous step, include these files as well:kubectl -n kube-system create secret generic cilium-clustermesh --from-file=remote -o yaml > clustermesh-secret.yaml
-
Modify
test/mock.jsonas neeeded -
Add the following to the
Dockerfileto the final stage:ADD test/mock.json /mock.json -
Add the following to the
args:ininstall/deployment.yaml:- --mock-file=/mock.json -
Build & deploy
kubectl exec -ti clustermesh-apiserver -c etcd -- etcdctl get --prefix=true cilium/