istioctl multicluster check

Check a cluster’s multicluster ambient mesh support and status.

Synopsis

Verify multiple aspects of multicluster ambient mesh support and status. For example, you can use the ‘istioctl multicluster check’ command to check the individual readiness of each cluster before running ‘istioctl multicluster link’ to link them in a multicluster mesh, and run it again after linking to confirm that the connections were successful. The command checks the following. For more information, see the multicluster ambient mesh documentation.

  • Incompatible environment variables: Relevant environment variables on istiod are supported.
  • License validity: Multicluster capabilities require an Enterpise level license for Gloo Mesh.
  • Pod health: Istiod, ztunnel, and east-west gateway pods must be healthy and running.
  • East-west gateway status: The east-west gateway service is attached to the gateway and is assigned an address.
  • Peer gateway status: The peer gateway is configured to connect to the peered cluster’s remote network.
  • Shared services: Shows globally shared services (.mesh.internal and custom Segment domains) available across clusters.
  • Intermediate certificate compatibility: The root cert is compatible with all of the clusters’ intermediate certificate chains.
  • Network configuration: Each cluster has a unique, properly configured network.
  • Stale workload entries: In flat network topologies, checks for any outdated workload entries that must be removed.
  istioctl multicluster check [flags]

Examples 

  	# Check the readiness of three clusters (alpha, beta, and gamma) for multicluster with precheck mode before linking them
	istioctl multicluster check --contexts="alpha,beta,gamma" --precheck

	# Check the multicluster status of three linked clusters (alpha, beta, and gamma) with verbose output
	istioctl multicluster check --contexts="alpha,beta,gamma" --verbose

Options 

        --contexts strings  List of cluster contexts to check.
      -h, --help          help for check
      -p, --precheck      Check for multicluster readiness, ignoring missing multicluster resources. This is useful to check the readiness of each cluster before linking them in a multicluster mesh.
      -v, --verbose       Print extra information about each check. This is useful to diagnose any issues with the multicluster mesh.

Options inherited from parent commands 

        --as string                  Username to impersonate for the operation. User could be a regular user or a service account in a namespace
      --as-group stringArray       Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string              UID to impersonate for the operation.
      --context string             Kubernetes configuration context
      -i, --istioNamespace string  Istio system namespace (default "istio-system")
      --kubeclient-timeout string  Kubernetes client timeout as a time.Duration string, defaults to 15 seconds. (default "15s")
      -c, --kubeconfig string      Kubernetes configuration file
      -n, --namespace string       Kubernetes namespace
      --out string                 output directory (default "/tmp/istioctl-cli-docs/1.27")