meshctl cluster register

meshctl cluster register

Register a workload cluster with the Gloo management plane.

Synopsis

Registering a cluster installs the Gloo agent and creates resources, such as secrets, on the workload cluster. Provide the workload cluster's kubeconfig context in the –remote-context flag, and the management cluster's context in the –kubecontext flag.

To establish trust between the Gloo management server in the management plane and Gloo agent oin the data plane, mTLS is used. The Gloo agent can use a client certificate or a bootstrap token. If provided with a bootstrap token, the agent exchanges it for a client certificate, and save it as a secret in the cluster. Once the client certificate secret exists, the bootstrap token is no longer needed and can be discarded. For the Gloo relay to trust the Gloo management server, a root CA is needed. To make the registration process easy, this command attempts to copy the root CA and bootstrap token from the management cluster, if you do not specify them in command line arguments.

meshctl cluster register [flags]

Examples

meshctl cluster register --remote-context=<remote-cluster-1-context> cluster-1

Options

      --client-cert-secret-name string        Secret name in the remote cluster containing the client certificate for communication with the management server. Note that if a bootstrap token is provided, then the client certificate will be created automatically.
      --client-cert-secret-namespace string   Secret namespace in the remote cluster containing the client certificate for communication with management server.
      --crd-chart-file string                 Path to a local Helm chart for installing Gloo Platform CRDs.
                                              If unset, this command will install Gloo Platform CRDs from the publicly released Helm chart.
      --gloo-mesh-agent-chart-file string     Path to a local Helm chart for installing the Gloo agent.
                                              If unset, this command will install the Gloo agent from the publicly released Helm chart.
      --gloo-mesh-agent-chart-values string   Path to a Helm values.yaml file for customizing the installation of the Gloo agent.
                                              If unset, this command will install the Gloo agent with default Helm values.
  -h, --help                                  help for register
      --profiles strings                      Profile(s) to use for basic Helm values. Multiple can be applied in a comma-delimited list, in which merge priority is left to right, and any values specified in '--set' or '--gloo-mesh-agent-chart-values' flags have highest merge priority. (default [agent])
      --relay-server-address string           The address the Gloo agent uses to communicate with the Gloo management server.
      --relay-server-insecure                 Allow insecure communication with the management server.
      --release-name string                   Helm release name (default "gloo-platform")
      --remote-context string                 Name of the kubeconfig context to use for the workload cluster.
      --remote-kubeconfig string              Path to the kubeconfig file for the workload cluster.
      --remote-namespace string               Namespace in the workload cluster to install the Gloo agent in.
                                              If the namespace does not exist, it is created. (default "gloo-mesh")
      --root-ca-secret-name string            Secret name for the root CA for communication with management server.
      --root-ca-secret-namespace string       Secret namespace for the root CA for communication with management server.
      --telemetry-server-address string       The address the Gloo telemetry collector agent uses to communicate with the telemetry collector gateway.
      --token-secret-key string               Secret data entry key for the bootstrap token. (default "token")
      --token-secret-name string              Secret name for the bootstrap token. This token will be used to bootstrap a client certificate from management server. Not required if you have configured the agent to use a client certificate.
      --token-secret-namespace string         Secret namespace for the bootstrap token.
      --version string                        Version of Gloo for the agent to run. Defaults to the Gloo version that the management server runs.

Options inherited from parent commands

      --kubeconfig string    Path to the kubeconfig file for the cluster.
      --kubecontext string   Kubernetes context for the cluster to run the command in.
  -n, --namespace string     Namespace to run the command in. (default "gloo-mesh")
      --plain                Disable styling for terminal output.
  -v, --verbose              Enable verbose logging.

SEE ALSO