Interview › Istio & Service Mesh
What is the difference between a primary-remote and a multi-primary multi-cluster setup?
Istio & Service Mesh · Intermediate level
Answer
In a primary-remote setup, one primary cluster runs the control plane and remote clusters run workloads connected to that control plane. In a multi-primary setup, each cluster has its own control plane, and the control planes share discovery and trust for cross-cluster mesh behavior.
Technical explanation
Primary-remote can centralize management but creates dependency on the primary control plane for remote workloads.
Multi-primary improves control-plane locality and autonomy but adds more operational complexity.
The right choice depends on cluster count, network latency, team ownership, failure domains, and compliance boundaries.
Hands-on example
Decision example:
Two clusters in one region managed by one platform team: primary-remote may be acceptable.
Many clusters across regions with local platform ownership: multi-primary is usually more resilient.
Test by losing the control plane in one cluster and observing config updates, certificate behavior, and traffic continuity.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Istio & Service Mesh interview questions
- What is Istio, and what are the core capabilities it provides?
- What is the difference between the Istio control plane and data plane?
- What is istiod, and what does it do?
- What is Envoy, and what role does it play in Istio?
- What is the sidecar pattern, and how does Istio inject the proxy?
- How does automatic sidecar injection work (namespace label, webhook)?
- What is the Istio ambient (sidecarless) mode, and how does it differ from sidecar mode?
- What is the difference between ztunnel and a waypoint proxy in ambient mode?