meshctl cluster register
meshctl cluster register
Register a Kubernetes cluster with Gloo Mesh
Registering a cluster installs the Gloo Mesh agent as well as creates resources such as secrets on the target cluster in order to start managing the service mesh(es) on it.
The name of the context of the target cluster must be provided via the –remote-context flag.
If the management cluster is different than the one that the current context points to then it can be provided via the –kubecontext flag.
In the process of registering a cluster, an agent (called the relay agent) will be installed on the remote cluster. To establish trust between the relay agent and the Gloo Mesh control plane, mTLS is used.
The relay agent can either be provided with a client certificate, or a bootstrap token. If provided with a bootstrap token, the relay agent will then exchange it for a client certificate and save it as a secret in the cluster. Once the client certificate secret exists, the bootstrap token is no longer needed and can be discarded.
For the relay agent to trust Gloo Mesh a root CA is needed.
To make the registration process easy, this command will try to copy the root CA and bootstrap token from the management cluster, if you do not specify them in command line arguments.
meshctl cluster register [flags]
meshctl cluster register --remote-context=<remote-cluster-1-context> cluster-1
--client-cert-secret-name string Secret name in the remote cluster containing the client certificate for communication with the relay server. Note that if a bootstrap token is provided, then the client certificate will be created automatically. --client-cert-secret-namespace string Secret namespace in the remote cluster containing the client certificate for communication with relay server. --gloo-mesh-agent-chart-file string Path to a local Helm chart for installing the Gloo Mesh agent. If unset, this command will install the Gloo Mesh agent from the publicly released Helm chart. --gloo-mesh-agent-chart-values string Path to a Helm values.yaml file for customizing the installation of the Gloo Mesh agent. If unset, this command will install the Gloo Mesh agent with default Helm values. -h, --help help for register --relay-server-address string The address used by the Gloo Mesh agent to communicate with the relay server. --relay-server-insecure Allow insecure communication with the relay server. --remote-context string Name of the kubernetes context to use for the remote cluster --remote-kubeconfig string Path to the kubeconfig file for the remote cluster --remote-namespace string Namespace in the target cluster to install the Gloo Mesh agent to. If the namespace does not exist it will be created. (default "gloo-mesh") --root-ca-secret-name string Secret name for the root CA for communication with relay server. --root-ca-secret-namespace string Secret namespace for the root CA for communication with relay server. --token-secret-key string Secret data entry key for the bootstrap token. (default "token") --token-secret-name string Secret name for the bootstrap token. This token will be used to bootstrap a client certificate from relay server. Not required if you have configured the agent to use a client certificate. --token-secret-namespace string Secret namespace for the bootstrap token. --version string Version of Gloo Mesh agent to install. Defaults to the version of the Gloo Mesh server.
Options inherited from parent commands
--kubeconfig string Path to the kubeconfig file for the cluster --kubecontext string Name of the Kubernetes context for the management cluster -n, --namespace string Namespace where Gloo Mesh should be installed (default "gloo-mesh") -v, --verbose Enable verbose logging
- meshctl cluster - Manage Gloo Mesh Kubernetes clusters.