First Primary Cluster

#!/bin/bash

set -euo pipefail

HUB=gcr.io/istio-testing
TAG=latest
echo "HUB=${HUB}"
echo "TAG=${TAG}"

# Delete Istio in this cluster
kubectl delete ns istio-system sample --context=${CTX1} --ignore-not-found

# Configure trust
echo "Configuring trust..."
function configure_trust
{
  # Keeps the certs under a separate directory.
  mkdir -p certs
  pushd certs || exit

  # Create the root and intermediate certs.
  make -f ../tools/certs/Makefile.selfsigned.mk root-ca
  make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts

  # Create the istio-system namespace in each cluster so that we can create the secrets.
  kubectl --context="$CTX1" create namespace istio-system

  # Deploy secret
  kubectl --context="$CTX1" create secret generic cacerts -n istio-system \
      --from-file=cluster1/ca-cert.pem \
      --from-file=cluster1/ca-key.pem \
      --from-file=cluster1/root-cert.pem \
      --from-file=cluster1/cert-chain.pem

  popd || exit # Return to the previous directory.
}
configure_trust

# Install Istio
echo "Installing Istio on the first primary cluster..."
cat <<EOF > cluster1.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      meshID: mesh1
      multiCluster:
        clusterName: cluster1
      network: ${NETWORK1}
EOF
echo y | istioctl install --context="${CTX1}" -f cluster1.yaml  \
  --charts manifests \
  --set values.global.hub=${HUB} \
  --set values.global.tag=${TAG} \
  --set values.global.imagePullPolicy=Always