github.com/cilium/cilium@v1.16.2/Documentation/network/clustermesh/eks-clustermesh-prep.rst (about) 1 .. _gs_clustermesh_eks_prep: 2 3 ********************************** 4 EKS-to-EKS Clustermesh Preparation 5 ********************************** 6 7 This is a step-by-step guide on how to install and prepare AWS EKS (AWS Elastic Kubernetes Service) clusters to meet the requirements for the clustermesh feature. 8 9 In this guide you will install two EKS clusters and connect them together via clustermesh. 10 11 Install cluster one 12 ################### 13 14 1. Create environmental variables that will be appended to each resource name. 15 16 .. code:: bash 17 18 export NAME="$(whoami)-$RANDOM" 19 export AWS_REGION="eu-west-2" 20 21 2. Create a VPC 22 23 .. note:: 24 Avoid using the ``172.17.0.0/16`` CIDR range for your VPC to prevent potential issues since certain `AWS services <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html>`__ utilize this range. 25 26 .. code:: bash 27 28 Cluster_1_VPC=$(aws ec2 create-vpc \ 29 --cidr-block 10.0.0.0/16 \ 30 --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=Cluster_1_VPC}]" \ 31 --region ${AWS_REGION} \ 32 --query 'Vpc.{VpcId:VpcId}' \ 33 --output text 34 ) 35 36 3. Create Subnets. 37 38 .. code:: bash 39 40 # Create public subnets 41 export Cluster_1_Public_Subnet_1=$(aws ec2 create-subnet \ 42 --vpc-id ${Cluster_1_VPC} \ 43 --cidr-block 10.0.1.0/24 \ 44 --availability-zone ${AWS_REGION}a \ 45 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_1_Public_Subnet_1}]" \ 46 --query 'Subnet.{SubnetId:SubnetId}' \ 47 --output text 48 ) 49 50 export Cluster_1_Public_Subnet_2=$(aws ec2 create-subnet \ 51 --vpc-id ${Cluster_1_VPC} \ 52 --cidr-block 10.0.2.0/24 \ 53 --availability-zone ${AWS_REGION}b \ 54 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_1_Public_Subnet_2}]" \ 55 --query 'Subnet.{SubnetId:SubnetId}' \ 56 --output text 57 ) 58 59 # Create private subnets 60 export Cluster_1_Private_Subnet_1=$(aws ec2 create-subnet \ 61 --vpc-id ${Cluster_1_VPC} \ 62 --cidr-block 10.0.3.0/24 \ 63 --availability-zone ${AWS_REGION}a \ 64 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_1_Private_Subnet_1}]" \ 65 --query 'Subnet.{SubnetId:SubnetId}' \ 66 --output text 67 ) 68 69 export Cluster_1_Private_Subnet_2=$(aws ec2 create-subnet \ 70 --vpc-id ${Cluster_1_VPC} \ 71 --cidr-block 10.0.4.0/24 \ 72 --availability-zone ${AWS_REGION}b \ 73 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_1_Private_Subnet_2}]" \ 74 --query 'Subnet.{SubnetId:SubnetId}' \ 75 --output text 76 ) 77 78 4. Create an internet gateway and NAT then attach it to the VPC. 79 80 .. code:: bash 81 82 # Create internet gateway 83 export Cluster_1_IGW=$(aws ec2 create-internet-gateway \ 84 --tag-specifications "ResourceType=internet-gateway, Tags=[{Key=Name,Value=Cluster_1_IGW}]" \ 85 --query 'InternetGateway.InternetGatewayId' \ 86 --region ${AWS_REGION} \ 87 --output text 88 ) 89 90 # Attach the internet gateway to the VPC 91 aws ec2 attach-internet-gateway \ 92 --internet-gateway-id ${Cluster_1_IGW} \ 93 --vpc-id ${Cluster_1_VPC} 94 95 # Create NAT gateway 96 Cluster_1_EIP_1=$(aws ec2 allocate-address \ 97 --domain vpc \ 98 --tag-specifications "ResourceType=elastic-ip, Tags=[{Key=Name,Value=Cluster_1_EIP_1}]" \ 99 --query 'AllocationId' \ 100 --output text \ 101 --region ${AWS_REGION} 102 ) 103 104 Cluster_1_EIP_2=$(aws ec2 allocate-address \ 105 --domain vpc \ 106 --tag-specifications "ResourceType=elastic-ip, Tags=[{Key=Name,Value=Cluster_1_EIP_2}]" \ 107 --query 'AllocationId' \ 108 --output text \ 109 --region ${AWS_REGION} 110 ) 111 112 Cluster_1_NGW_1=$(aws ec2 create-nat-gateway \ 113 --subnet-id $Cluster_1_Public_Subnet_1 \ 114 --allocation-id ${Cluster_1_EIP_1} \ 115 --tag-specifications "ResourceType=natgateway, Tags=[{Key=Name,Value=Cluster_1_NGW_1}]" \ 116 --query 'NatGateway.{NatGatewayId:NatGatewayId}' \ 117 --output text 118 ) 119 120 Cluster_1_NGW_2=$(aws ec2 create-nat-gateway \ 121 --subnet-id $Cluster_1_Public_Subnet_2 \ 122 --allocation-id ${EIP_ALLOCATION_ID_2} \ 123 --tag-specifications "ResourceType=natgateway, Tags=[{Key=Name,Value=Cluster_1_NGW_2}]" \ 124 --query 'NatGateway.{NatGatewayId:NatGatewayId}' \ 125 --output text 126 ) 127 128 5. Create route tables, routes, and route table associations. 129 130 .. code:: bash 131 132 # Create a public route table 133 export Cluster_1_Public_RT=$(aws ec2 create-route-table \ 134 --vpc-id ${Cluster_1_VPC} \ 135 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_1_Public_RT}]" \ 136 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 137 --output text \ 138 --region ${AWS_REGION} 139 ) 140 141 # Add a route to the internet gateway 142 aws ec2 create-route \ 143 --route-table-id ${Cluster_1_Public_RT} \ 144 --destination-cidr-block 0.0.0.0/0 \ 145 --gateway-id ${Cluster_1_IGW} 146 147 # Associate public subnets with the public route table 148 aws ec2 associate-route-table \ 149 --subnet-id ${Cluster_1_Public_Subnet_1} \ 150 --route-table-id ${Cluster_1_Public_RT} 151 152 aws ec2 associate-route-table \ 153 --subnet-id ${Cluster_1_Public_Subnet_2} \ 154 --route-table-id ${ROUTE_TABLE_ID_1} 155 156 # Create private route tables 157 export Cluster_1_Private_RT_1=$(aws ec2 create-route-table \ 158 --vpc-id ${Cluster_1_VPC} \ 159 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_1_Private_RT_1}]" \ 160 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 161 --output text \ 162 --region ${AWS_REGION} 163 ) 164 165 export Cluster_1_Private_RT_2=$(aws ec2 create-route-table \ 166 --vpc-id ${Cluster_1_VPC} \ 167 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_1_Private_RT_2}]" \ 168 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 169 --output text \ 170 --region ${AWS_REGION} 171 ) 172 173 # Add routes to the NAT gateway 174 aws ec2 create-route \ 175 --route-table-id ${Cluster_1_Private_RT_1} \ 176 --destination-cidr-block 0.0.0.0/0 \ 177 --gateway-id ${Cluster_1_NGW_1} 178 179 aws ec2 create-route \ 180 --route-table-id ${Cluster_1_Private_RT_2} \ 181 --destination-cidr-block 0.0.0.0/0 \ 182 --gateway-id ${Cluster_1_NGW_2} 183 184 # Associate each private subnet with their respective private route table 185 aws ec2 associate-route-table \ 186 --subnet-id ${Cluster_1_Private_Subnet_1} \ 187 --route-table-id ${Cluster_1_Private_RT_1} 188 189 aws ec2 associate-route-table \ 190 --subnet-id ${Cluster_1_Private_Subnet_2} \ 191 --route-table-id ${Cluster_1_Private_RT_2} 192 193 6. Create a custom security group for the VPC. The default security group created with the EKS cluster only allows originating ingress traffic from the control-plane and other nodes within the cluster. 194 195 .. code:: bash 196 197 # Create a security group 198 export Cluster_1_SG=$(aws ec2 create-security-group \ 199 --group-name Cluster_1_Security_Group \ 200 --description "Security group for Cluster 1" \ 201 --vpc-id ${Cluster_1_VPC} \ 202 --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=Cluster_1_SG}]" \ 203 --region ${AWS_REGION} \ 204 --output text \ 205 --query 'GroupId' 206 ) 207 208 # Add an inbound rule for all ingress traffic from the control-plane and other worker nodes within the cluster. An inbound rule for all ingress traffic from Cluster 2 will be added in the next section. 209 aws ec2 authorize-security-group-ingress \ 210 --group-id ${Cluster_1_SG} \ 211 --protocol all \ 212 --port 0 \ 213 --source-group ${Cluster_1_SG}\ 214 --region ${AWS_REGION} 215 216 7. You now have a virtual private cloud, subnets, nat gateway, internet gateway, and a route table. You can create an EKS cluster without a CNI and request to use our custom VNet and subnet. 217 218 .. code:: bash 219 220 cat <<EOF >eks-cluster-1.yaml 221 apiVersion: eksctl.io/v1alpha5 222 kind: ClusterConfig 223 224 metadata: 225 name: ${NAME} 226 region: ${AWS_REGION} 227 vpc: 228 subnets: 229 private: 230 ${AWS_REGION}a: 231 id: ${Cluster_1_Private_Subnet_1} 232 ${AWS_REGION}b: 233 id: ${Cluster_1_Private_Subnet_2} 234 235 managedNodeGroups: 236 - name: ng-1 237 instanceType: t3.small 238 securityGroups: 239 attachIDs: ["${Cluster_1_SG}"] 240 desiredCapacity: 2 241 privateNetworking: true 242 # Taint nodes so that application pods are 243 # not scheduled/executed until Cilium is deployed. 244 # Alternatively, see the note below. 245 taints: 246 - key: "node.cilium.io/agent-not-ready" 247 value: "true" 248 effect: "NoExecute" 249 EOF 250 251 eksctl create cluster -f ./eks-cluster-1.yaml 252 253 Install cluster two 254 ################### 255 256 1. Create environmental variables that will be appended to each resource name. 257 258 .. code:: bash 259 260 export NAME="$(whoami)-$RANDOM" 261 export AWS_REGION="eu-west-2" 262 263 2. Create a VPC 264 265 .. note:: 266 Avoid using the ``172.17.0.0/16`` CIDR range for your VPC to prevent potential issues since certain `AWS services <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html>`__ utilize this range. 267 268 .. code:: bash 269 270 Cluster_2_VPC=$(aws ec2 create-vpc \ 271 --cidr-block 10.1.0.0/16 \ 272 --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=Cluster_2_VPC}]" \ 273 --region ${AWS_REGION} \ 274 --query 'Vpc.{VpcId:VpcId}' \ 275 --output text 276 ) 277 278 3. Create Subnets. 279 280 .. code:: bash 281 282 # Create public subnets 283 export Cluster_2_Public_Subnet_1=$(aws ec2 create-subnet \ 284 --vpc-id ${Cluster_2_VPC} \ 285 --cidr-block 10.1.1.0/24 \ 286 --availability-zone ${AWS_REGION}a \ 287 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_2_Public_Subnet_1}]" \ 288 --query 'Subnet.{SubnetId:SubnetId}' \ 289 --output text 290 ) 291 292 export Cluster_2_Public_Subnet_2=$(aws ec2 create-subnet \ 293 --vpc-id ${Cluster_2_VPC} \ 294 --cidr-block 10.1.2.0/24 \ 295 --availability-zone ${AWS_REGION}b \ 296 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_2_Public_Subnet_2}]" \ 297 --query 'Subnet.{SubnetId:SubnetId}' \ 298 --output text 299 ) 300 301 # Create private subnets 302 export Cluster_2_Private_Subnet_1=$(aws ec2 create-subnet \ 303 --vpc-id ${Cluster_2_VPC} \ 304 --cidr-block 10.1.3.0/24 \ 305 --availability-zone ${AWS_REGION}a \ 306 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_2_Private_Subnet_1}]" \ 307 --query 'Subnet.{SubnetId:SubnetId}' \ 308 --output text 309 ) 310 311 export Cluster_2_Private_Subnet_2=$(aws ec2 create-subnet \ 312 --vpc-id ${Cluster_2_VPC} \ 313 --cidr-block 10.1.4.0/24 \ 314 --availability-zone ${AWS_REGION}b \ 315 --tag-specifications "ResourceType=subnet, Tags=[{Key=Name,Value=Cluster_2_Private_Subnet_2}]" \ 316 --query 'Subnet.{SubnetId:SubnetId}' \ 317 --output text 318 ) 319 320 4. Create an internet and NAT gateway, then attach it to the VPC. 321 322 .. code:: bash 323 324 # Create an internet gateway 325 export Cluster_2_IGW=$(aws ec2 create-internet-gateway \ 326 --tag-specifications "ResourceType=internet-gateway, Tags=[{Key=Name,Value=Cluster_2_IGW}]" \ 327 --query 'InternetGateway.InternetGatewayId' \ 328 --region ${AWS_REGION} \ 329 --output text 330 ) 331 332 # Attach the internet gateway to the VPC 333 aws ec2 attach-internet-gateway \ 334 --internet-gateway-id ${Cluster_2_IGW} \ 335 --vpc-id ${Cluster_2_VPC} 336 337 # Create elastic IP addresses 338 Cluster_2_EIP_1=$(aws ec2 allocate-address \ 339 --domain vpc \ 340 --tag-specifications "ResourceType=elastic-ip, Tags=[{Key=Name,Value=Cluster_2_EIP_1}]" \ 341 --query 'AllocationId' \ 342 --output text \ 343 --region ${AWS_REGION} 344 ) 345 346 Cluster_2_EIP_2=$(aws ec2 allocate-address \ 347 --domain vpc \ 348 --tag-specifications "ResourceType=elastic-ip, Tags=[{Key=Name,Value=Cluster_2_EIP_2}]" \ 349 --query 'AllocationId' \ 350 --output text \ 351 --region ${AWS_REGION} 352 ) 353 354 # Create NAT gateways 355 Cluster_2_NGW_1=$(aws ec2 create-nat-gateway \ 356 --subnet-id ${Cluster_2_Public_Subnet_1} \ 357 --allocation-id ${Cluster_2_EIP_1} \ 358 --tag-specifications "ResourceType=natgateway, Tags=[{Key=Name,Value=Cluster_2_NGW_1}]" \ 359 --query 'NatGateway.{NatGatewayId:NatGatewayId}' \ 360 --output text 361 ) 362 363 Cluster_2_NGW_2=$(aws ec2 create-nat-gateway \ 364 --subnet-id ${Cluster_2_Public_Subnet_2} \ 365 --allocation-id ${Cluster_2_EIP_2} \ 366 --tag-specifications "ResourceType=natgateway, Tags=[{Key=Name,Value=Cluster_2_NGW_2}]" \ 367 --query 'NatGateway.{NatGatewayId:NatGatewayId}' \ 368 --output text 369 ) 370 371 5. Create route tables, routes, and route table associations. 372 373 .. code:: bash 374 375 # Create a public route table 376 export Cluster_2_Public_RT=$(aws ec2 create-route-table \ 377 --vpc-id ${Cluster_2_VPC} \ 378 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_2_Public_RT}]" \ 379 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 380 --output text \ 381 --region ${AWS_REGION} 382 ) 383 384 # Add a route to the internet gateway 385 aws ec2 create-route \ 386 --route-table-id ${Cluster_2_Public_RT} \ 387 --destination-cidr-block 0.0.0.0/0 \ 388 --gateway-id ${Cluster_2_IGW} 389 390 # Associate public subnets with the public route table 391 aws ec2 associate-route-table \ 392 --subnet-id ${Cluster_2_Public_Subnet_1} \ 393 --route-table-id ${Cluster_2_Public_RT} 394 395 aws ec2 associate-route-table \ 396 --subnet-id ${Cluster_2_Public_Subnet_2} \ 397 --route-table-id ${Cluster_2_Public_RT} 398 399 # Create private route tables for each private subnet 400 export Cluster_2_Private_RT_1=$(aws ec2 create-route-table \ 401 --vpc-id ${Cluster_2_VPC} \ 402 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_2_Private_RT_1}]" \ 403 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 404 --output text \ 405 --region ${AWS_REGION} 406 ) 407 408 export Cluster_2_Private_RT_2=$(aws ec2 create-route-table \ 409 --vpc-id ${Cluster_2_VPC} \ 410 --tag-specifications "ResourceType=route-table, Tags=[{Key=Name,Value=Cluster_2_Private_RT_2}]" \ 411 --query 'RouteTable.{RouteTableId:RouteTableId}' \ 412 --output text \ 413 --region ${AWS_REGION} 414 ) 415 416 # Add routes to the NAT gateway 417 aws ec2 create-route \ 418 --route-table-id ${Cluster_2_Private_RT_1} \ 419 --destination-cidr-block 0.0.0.0/0 \ 420 --gateway-id ${Cluster_2_NGW_1} 421 422 aws ec2 create-route \ 423 --route-table-id ${Cluster_2_Private_RT_2} \ 424 --destination-cidr-block 0.0.0.0/0 \ 425 --gateway-id ${Cluster_2_NGW_2} 426 427 # Associate each private subnet with their respective private route table 428 aws ec2 associate-route-table \ 429 --subnet-id ${Cluster_2_Private_Subnet_1} \ 430 --route-table-id ${Cluster_2_Private_RT_1} 431 432 aws ec2 associate-route-table \ 433 --subnet-id ${Cluster_2_Private_Subnet_2} \ 434 --route-table-id ${Cluster_2_Private_RT_2} 435 436 6. Create a custom security group for the VPC. The default security group created with the EKS cluster only allows originating ingress traffic from the control-plane and other nodes within the cluster. 437 438 .. code:: bash 439 440 # Create Security Group 441 export Cluster_2_SG=$(aws ec2 create-security-group \ 442 --group-name Cluster_2_Security_Group \ 443 --description "Security group for Cluster 2" \ 444 --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=Cluster_2_SG}]" \ 445 --vpc-id ${Cluster_2_VPC} \ 446 --region ${AWS_REGION} \ 447 --output text \ 448 --query 'GroupId' 449 ) 450 451 # Add an inbound rule for all ingress traffic from the control-plane and other worker nodes within the cluster. 452 aws ec2 authorize-security-group-ingress \ 453 --group-id ${Cluster_2_SG} \ 454 --protocol all \ 455 --port 0 \ 456 --source-group ${Cluster_2_SG}\ 457 --region ${AWS_REGION} 458 459 # Add an inbound rule for all ingress traffic from Cluster 1 460 aws ec2 authorize-security-group-ingress \ 461 --group-id ${Cluster_2_SG} \ 462 --protocol all \ 463 --port 0 \ 464 --source-group ${Cluster_1_SG}\ 465 --region ${AWS_REGION} 466 467 # In Cluster 1's security group, add an inbound rule for all ingress traffic from cluster 2. 468 aws ec2 authorize-security-group-ingress \ 469 --group-id ${Cluster_1_SG} \ 470 --protocol all \ 471 --port 0 \ 472 --source-group ${Cluster_2_SG}\ 473 --region ${AWS_REGION} 474 475 7. You now have a virtual private cloud, subnets, NAT gateway, internet gateway, and a route table. You can create an EKS cluster without a CNI and request to use our custom VNet and subnet. 476 477 .. code:: bash 478 479 cat <<EOF >eks-cluster-2.yaml 480 apiVersion: eksctl.io/v1alpha5 481 kind: ClusterConfig 482 483 metadata: 484 name: ${NAME} 485 region: ${AWS_REGION} 486 vpc: 487 subnets: 488 private: 489 ${AWS_REGION}a: 490 id: ${Cluster_2_Private_Subnet_1} 491 ${AWS_REGION}b: 492 id: ${Cluster_2_Private_Subnet_2} 493 494 managedNodeGroups: 495 - name: ng-2 496 instanceType: t3.small 497 securityGroups: 498 attachIDs: [${Cluster_2_SG}] 499 desiredCapacity: 2 500 privateNetworking: true 501 taints: 502 - key: "node.cilium.io/agent-not-ready" 503 value: "true" 504 effect: "NoExecute" 505 EOF 506 eksctl create cluster -f ./eks-cluster-2.yaml 507 508 Peering virtual networks 509 ######################## 510 511 1. Create VPC peering between the two VPCs. 512 513 .. code:: bash 514 515 # Create VPC peering connection 516 export PEERING_CONNECTION_ID=$(aws ec2 create-vpc-peering-connection \ 517 --vpc-id ${Cluster_1_VPC} \ 518 --peer-vpc-id ${Cluster_2_VPC} \ 519 --peer-region ${AWS_REGION} \ 520 --output text \ 521 --query 'VpcPeeringConnection.VpcPeeringConnectionId' 522 ) 523 524 # Grab the first VPC peering 525 export PEERING_REQUEST_ID=$(aws ec2 describe-vpc-peering-connections \ 526 --filters "Name=requester-vpc-info.vpc-id,Values=${Cluster_1_VPC}" \ 527 --query "VpcPeeringConnections[0].VpcPeeringConnectionId" \ 528 --output text 529 ) 530 531 # Accept VPC peering request 532 aws ec2 accept-vpc-peering-connection \ 533 --vpc-peering-connection-id ${PEERING_REQUEST_ID} \ 534 --region ${AWS_REGION} 535 536 2. Forward traffic from Cluster 1 VPC to Cluster 2 VPC. 537 538 .. code:: bash 539 540 # Cluster 1 541 # Add route to Private Route Table 1 542 aws ec2 create-route \ 543 --route-table-id ${Cluster_1_Private_RT_1} \ 544 --destination-cidr-block 10.1.0.0/16 \ 545 --vpc-peering-connection-id ${PEERING_CONNECTION_ID} \ 546 --region ${AWS_REGION} 547 548 # Add route to Private Route Table 2 549 aws ec2 create-route \ 550 --route-table-id ${Cluster_1_Private_RT_2} \ 551 --destination-cidr-block 10.1.0.0/16 \ 552 --vpc-peering-connection-id ${PEERING_CONNECTION_ID} \ 553 --region ${AWS_REGION} 554 555 3. Forward traffic from Cluster 2 VPC to Cluster 1 VPC. 556 557 .. code:: bash 558 559 # Cluster 2 560 # Add route to Private Route Table 1 561 aws ec2 create-route \ 562 --route-table-id ${Cluster_2_Private_RT_1} \ 563 --destination-cidr-block 10.0.0.0/16 \ 564 --vpc-peering-connection-id ${PEERING_CONNECTION_ID} \ 565 --region ${AWS_REGION} 566 567 # Add route to Private Route Table 2 568 aws ec2 create-route \ 569 --route-table-id ${Cluster_2_Private_RT_2} \ 570 --destination-cidr-block 10.0.0.0/16 \ 571 --vpc-peering-connection-id ${PEERING_CONNECTION_ID} \ 572 --region ${AWS_REGION} 573 574 Nodes in different clusters can now communicate directly. All clustermesh requirements are fulfilled. 575 Instructions for enabling clustermesh are detailed in the :ref:`gs_clustermesh` section.