meshctl cluster register

Register a Kubernetes cluster with Gloo Network

Synopsis

Registering a cluster installs the Gloo Network agent as well as creates resources such as secrets on the target cluster in order to start managing the service mesh(es) on it.

The name of the context of the target cluster must be provided via the –remote-context flag.

If the management cluster is different than the one that the current context points to then it can be provided via the –kubecontext flag.

In the process of registering a cluster, an agent (called the relay agent) will be installed on the remote cluster. To establish trust between the relay agent and the Gloo Network control plane, mTLS is used.

The relay agent can either be provided with a client certificate, or a bootstrap token. If provided with a bootstrap token, the relay agent will then exchange it for a client certificate and save it as a secret in the cluster. Once the client certificate secret exists, the bootstrap token is no longer needed and can be discarded.

For the relay agent to trust Gloo Network a root CA is needed.

To make the registration process easy, this command will try to copy the root CA and bootstrap token from the management cluster, if you do not specify them in command line arguments.

  meshctl cluster register [flags]
  

Examples

  meshctl cluster register --remote-context=<remote-cluster-1-context> cluster-1
  

Options

        --client-cert-secret-name string        Secret name in the remote cluster containing the client certificate for communication with the relay server. Note that if a bootstrap token is provided, then the client certificate will be created automatically.
      --client-cert-secret-namespace string   Secret namespace in the remote cluster containing the client certificate for communication with relay server.
      --crd-chart-file string                 Path to a local Helm chart for installing Gloo Platform CRDs.
                                              If unset, this command will install Gloo Platform CRDs from the publicly released Helm chart.
      --gloo-mesh-agent-chart-file string     Path to a local Helm chart for installing the Gloo Network agent.
                                              If unset, this command will install the Gloo Network agent from the publicly released Helm chart.
      --gloo-mesh-agent-chart-values string   Path to a Helm values.yaml file for customizing the installation of the Gloo Network agent.
                                              If unset, this command will install the Gloo Network agent with default Helm values.
  -h, --help                                  help for register
      --profiles strings                      Profile(s) to use for basic Helm values. Multiple can be applied in a comma-delimited list, in which merge priority is left to right, and any values specified in '--set' or '--gloo-mesh-agent-chart-values' flags have highest merge priority. (default [agent])
      --relay-server-address string           The address used by the Gloo Network agent to communicate with the relay server.
      --relay-server-insecure                 Allow insecure communication with the relay server.
      --release-name string                   Helm release name (default "gloo-platform")
      --remote-context string                 Name of the kubernetes context to use for the remote cluster
      --remote-kubeconfig string              Path to the kubeconfig file for the remote cluster
      --remote-namespace string               Namespace in the target cluster to install the Gloo Network agent to.
                                              If the namespace does not exist it will be created. (default "gloo-mesh")
      --root-ca-secret-name string            Secret name for the root CA for communication with relay server.
      --root-ca-secret-namespace string       Secret namespace for the root CA for communication with relay server.
      --telemetry-server-address string       The address used by the Gloo Telemetry Collector to communicate with the Telemetry Gateway server.
      --token-secret-key string               Secret data entry key for the bootstrap token. (default "token")
      --token-secret-name string              Secret name for the bootstrap token. This token will be used to bootstrap a client certificate from relay server. Not required if you have configured the agent to use a client certificate.
      --token-secret-namespace string         Secret namespace for the bootstrap token.
      --version string                        Version of Gloo Network agent to install. Defaults to the version of the Gloo Network server.
  

Options inherited from parent commands

        --kubeconfig string    Path to the kubeconfig file for the cluster.
      --kubecontext string   Kubernetes context for the cluster to run the command in.
  -n, --namespace string     Namespace to run the command in. (default "gloo-mesh")
      --plain                Disable styling for terminal output.
  -v, --verbose              Enable verbose logging.
  

SEE ALSO