!! Make sure that the CIDRs dont overlap !!
- Read the following Cilium prerequisites
- Create or adapt the first clusters Cilium using the following HelmChartConfig
apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- kubeProxyReplacement: strict k8sServiceHost: 127.0.0.1 k8sServicePort: 6443 # Transparent Encryption l7Proxy: false encryption: enabled: true type: wireguard # Cluster-mesh cluster: name: cilium01 id: 1 externalWorkloads: enabled: true clustermesh: useAPIServer: true
- Extract the CA Certificate for the other cluster (reason)
- Connect the second cluster using the following HelmChartConfig
apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- kubeProxyReplacement: strict k8sServiceHost: 127.0.0.1 k8sServicePort: 6443 # Transparent Encryption l7Proxy: false encryption: enabled: true type: wireguard # Cluster-mesh cluster: name: cilium02 id: 2 externalWorkloads: enabled: true clustermesh: useAPIServer: true config: enabled: true clusters: - name: cilium01 ips: - x.x.x.x port: 32379 tls: cert: "Check clustermesh-apiserver-remote-cert in kube-system (cluster01)" key: "Check clustermesh-apiserver-remote-cert in kube-system (cluster01)" apiserver: tls: auto: method: cronJob schedule: "0 0 1 */4 *" ca: cert: "Check clustermesh-apiserver-ca-cert in kube-system (cluster01)" key: "Check clustermesh-apiserver-ca-cert in kube-system (cluster01)"
- Adapt the HelmChartConfig in Cluster01
apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- kubeProxyReplacement: strict k8sServiceHost: 127.0.0.1 k8sServicePort: 6443 # Transparent Encryption l7Proxy: false encryption: enabled: true type: wireguard # Cluster-mesh cluster: name: cilium01 id: 1 externalWorkloads: enabled: true clustermesh: useAPIServer: true config: enabled: true clusters: - name: cilium02 ips: - x.x.x.x port: 32379 tls: cert: "Check clustermesh-apiserver-remote-cert in kube-system (cluster02)" key: "Check clustermesh-apiserver-remote-cert in kube-system (cluster02)" apiserver: tls: ca: cert: "Check clustermesh-apiserver-ca-cert in kube-system (cluster01)"