Add Remote on Same Network

#!/bin/bash

set -euo pipefail

HUB=gcr.io/istio-testing
TAG=latest
echo "HUB=${HUB}"
echo "TAG=${TAG}"

# Delete Istio in this cluster
#kubectl delete ns istio-system sample --context=${CTX2} --ignore-not-found

# Configure trust
echo "Configuring trust..."
function configure_trust
{
  # Keeps the certs under a separate directory.
  mkdir -p certs
  pushd certs || exit

  # Create the root and intermediate certs.
  make -f ../tools/certs/Makefile.selfsigned.mk root-ca
  make -f ../tools/certs/Makefile.selfsigned.mk cluster2-cacerts

  # Create the istio-system namespace in each cluster so that we can create the secrets.
  kubectl --context="$CTX2" create namespace istio-system || true

  # Deploy secret
  kubectl --context="$CTX2" create secret generic cacerts -n istio-system \
      --from-file=cluster2/ca-cert.pem \
      --from-file=cluster2/ca-key.pem \
      --from-file=cluster2/root-cert.pem \
      --from-file=cluster2/cert-chain.pem || true

  popd || exit # Return to the previous directory.
}
configure_trust

echo "Generating east-west gateway on cluster1..."
# Wait for the given gateway to be allocated an external IP.
# usage: _wait_for_gateway_ip <namespace> <service name> <optional: context>
_wait_for_gateway_ip() {
    local namespace="$1"
    local service="$2"
    local context="${3:-}"

    local max_time=${MAX_SECONDS:-300} # Default to 5 min.
    local delay=5

    local start_time=$(date +%s)
    local current_time=$start_time
    local end_time=$((start_time + max_time))

    while true; do
        local ip=$(kubectl --context="${context}" get svc "${service}" -n "${namespace}" -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

        # Verify that the IP is set.
        if [[ -n "${ip}" ]]; then
            echo "IP Assigned for $service.$namespace: ${ip}"
            return
        fi

        current_time=$(date +%s)
        if (( current_time > end_time )); then
            echo "Failed waiting for $service.$namespace: ${ip}"
            exit 1
        fi

        sleep "${delay}"
    done
}
MESH=mesh1 CLUSTER=cluster1 NETWORK=${NETWORK1} \
    samples/multicluster/gen-eastwest-gateway.sh | \
    istioctl manifest generate \
    --charts manifests \
    --set values.global.hub=${HUB} \
    --set values.global.tag=${TAG} \
    --set values.global.imagePullPolicy=Always -f - | \
    kubectl apply --context="${CTX1}" -f -
_wait_for_gateway_ip istio-system istio-eastwestgateway "${CTX1}"

echo "Exposing istiod on cluster1..."
kubectl apply --context="${CTX1}" -f \
    samples/multicluster/expose-istiod.yaml

echo "Installing remote configuration on cluster2..."
export DISCOVERY_ADDRESS=$(kubectl \
    --context="${CTX1}" \
    -n istio-system get svc istio-eastwestgateway \
    -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
cat <<EOF > cluster2.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      meshID: mesh1
      multiCluster:
        clusterName: cluster2
      network: network1
      remotePilotAddress: ${DISCOVERY_ADDRESS}
EOF
echo y | istioctl install --context="${CTX2}" -f cluster2.yaml \
  --charts manifests \
  --set values.global.hub=${HUB} \
  --set values.global.tag=${TAG} \
  --set values.global.imagePullPolicy=Always

echo "Configuring cross-cluster load balancing..."
istioctl x create-remote-secret \
    --context="${CTX2}" \
    --name=cluster2 | \
    kubectl apply -f - --context="${CTX1}"