-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add troubleshooting section to pod-to-pod-multicluster for required metadata in secret #1705
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -305,3 +305,29 @@ default bb authorizationpolicy/bb-authz 0.0rps | |
default default:all-unauthenticated default/all-unauthenticated 0.0rps 100.00% 0.1rps 1ms 1ms 1ms | ||
probe default:all-unauthenticated default/probe 0.0rps 100.00% 0.2rps 1ms 1ms 1ms | ||
``` | ||
|
||
## Troubleshooting | ||
|
||
### `Failed to get remote cluster` | ||
|
||
Multicluster setup requires 2 secrets on the `source` cluster to function correctly. | ||
|
||
1. `cluster-credentials-<remote-cluster-name>` residing in `linkerd-multicluster` namespace (default, it may be different if you have changed it, during installation of `linkerd-multicluster` extension). | ||
2. `cluster-credentials-<remote-cluster-name>` residing in the LinkerD control-plane namespace -- usually `linkerd`. | ||
|
||
The second secret (in `linkerd` namespace) has a specific metadata requirements. Labels and annotations shown below are neccessary for the control plane, to be able to retrieve the remote cluster credentials. Assuming we are linking `east` cluster to `west` cluster, the secret would have to contain below metadata: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @Majkel1999, to @alpeb's point, I think it's very important to say here that these Secrets are meant to be managed by the |
||
|
||
``` | ||
metadata: | ||
labels: | ||
multicluster.linkerd.io/cluster-name: west | ||
annotations: | ||
multicluster.linkerd.io/trust-domain: cluster.local | ||
multicluster.linkerd.io/cluster-domain: cluster.local | ||
``` | ||
|
||
Failure to provide those labels and annotations, causes the `linkerd-destination` to have no way of finding the `kubeconfig` in the secret. It will result in error logs like below: | ||
|
||
``` | ||
Failed to get remote cluster <remote-cluster-name> addr=":8086" component=server remote="<ip>" | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Linkerd" instead of "LinkerD". 🙂