Skip to content

Commit 13eeb68

Browse files
ShaunaDiazShaunaDiaz
authored
Merge pull request #93475 from rh-tokeefe/OSSM-9369A
OSSM-9369: add instructions to Create Istio reader ServiceAccount
2 parents d10485a + bbb5402 commit 13eeb68

File tree

1 file changed

+34
-4
lines changed

1 file changed

+34
-4
lines changed

modules/ossm-installing-multi-primary-multi-network-mesh.adoc

Lines changed: 34 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -123,14 +123,43 @@ $ oc --context "${CTX_CLUSTER2}" apply -f https://raw.githubusercontent.com/isti
123123
$ oc --context "${CTX_CLUSTER2}" apply -n istio-system -f https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/docs/multicluster/expose-services.yaml
124124
----
125125

126+
. Create the `istio-reader-service-account` service account for the East cluster by running the following command:
127+
+
128+
[source,terminal]
129+
----
130+
$ oc --context="${CTX_CLUSTER1}" create serviceaccount istio-reader-service-account -n istio-system
131+
----
132+
133+
. Create the `istio-reader-service-account` service account for the West cluster by running the following command:
134+
+
135+
[source,terminal]
136+
----
137+
$ oc --context="${CTX_CLUSTER2}" create serviceaccount istio-reader-service-account -n istio-system
138+
----
139+
140+
. Add the `cluster-reader` role to the East cluster by running the following command:
141+
+
142+
[source,terminal]
143+
----
144+
$ oc --context="${CTX_CLUSTER1}" adm policy add-cluster-role-to-user cluster-reader -z istio-reader-service-account -n istio-system
145+
----
146+
147+
. Add the `cluster-reader` role to the West cluster by running the following command:
148+
+
149+
[source,terminal]
150+
----
151+
$ oc --context="${CTX_CLUSTER2}" adm policy add-cluster-role-to-user cluster-reader -z istio-reader-service-account -n istio-system
152+
----
153+
126154
. Install a remote secret on the East cluster that provides access to the API server on the West cluster by running the following command:
127155
+
128156
[source,terminal]
129157
----
130158
$ istioctl create-remote-secret \
131159
--context="${CTX_CLUSTER2}" \
132-
--name=cluster2 | \
133-
oc --context="${CTX_CLUSTER1}" apply -f -
160+
--name=cluster2 \
161+
--create-service-account=false | \
162+
oc --context="${CTX_CLUSTER1}" apply -f -
134163
----
135164

136165
. Install a remote secret on the West cluster that provides access to the API server on the East cluster by running the following command:
@@ -139,6 +168,7 @@ $ istioctl create-remote-secret \
139168
----
140169
$ istioctl create-remote-secret \
141170
--context="${CTX_CLUSTER1}" \
142-
--name=cluster1 | \
143-
oc --context="${CTX_CLUSTER2}" apply -f -
171+
--name=cluster1 \
172+
--create-service-account=false | \
173+
oc --context="${CTX_CLUSTER2}" apply -f -
144174
----

0 commit comments

Comments
 (0)