This is a part of the Spire setup that installs Spire to the first cluster in a multi-cluster scenarios.
This example assumes interdomain scenario. If your cluster setup differs from these scenarios you may need to adjust spire configs (rename trust domains, change URLS, etc.).
Check that we have config for the cluster:
[[ ! -z $KUBECONFIG1 ]]Apply spire deployments:
kubectl --kubeconfig=$KUBECONFIG1 apply -k https://github.com/networkservicemesh/deployments-k8s/examples/spire/cluster1?ref=7a2735f6f8c8ed02d058c1a6a2f04846a3d88cadWait for PODs status ready:
kubectl --kubeconfig=$KUBECONFIG1 wait -n spire --timeout=3m --for=condition=ready pod -l app=spire-serverkubectl --kubeconfig=$KUBECONFIG1 wait -n spire --timeout=1m --for=condition=ready pod -l app=spire-agentApply the ClusterSPIFFEID CR for the cluster:
kubectl --kubeconfig=$KUBECONFIG1 apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/7a2735f6f8c8ed02d058c1a6a2f04846a3d88cad/examples/spire/cluster1/clusterspiffeid-template.yamlkubectl --kubeconfig=$KUBECONFIG1 apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/7a2735f6f8c8ed02d058c1a6a2f04846a3d88cad/examples/spire/base/clusterspiffeid-webhook-template.yamlDelete ns:
kubectl --kubeconfig=$KUBECONFIG1 delete crd clusterspiffeids.spire.spiffe.io
kubectl --kubeconfig=$KUBECONFIG1 delete crd clusterfederatedtrustdomains.spire.spiffe.io
kubectl --kubeconfig=$KUBECONFIG1 delete validatingwebhookconfiguration.admissionregistration.k8s.io/spire-controller-manager-webhook
kubectl --kubeconfig=$KUBECONFIG1 delete ns spire