HTTP Primary Ingress Connection

When joining a secondary cluster to a multi-cluster system, the ingress used to connect to the primary cluster requires a secure scheme (https) by default.

Warning

Using an insecure primary ingress is not recommended for security reasons.

If an insecure scheme (http) is required for the primary cluster ingress, an additional flag in Join ConfigMap is needed. Follow the steps in Adding a Secondary Cluster and ensure that the option allow-insecure-primary-ingress in Join ConfigMap is set to true.

Note

The flag is required whether the primary is set up with an insecure ingress, or if the ingress used for the primary cluster was overridden to an insecure scheme.

apiVersion: v1
kind: ConfigMap
metadata:
 name: mc-join-config
 namespace: kasten-io
data:
 allow-insecure-primary-ingress: true

If a Join ConfigMap is already present on the secondary cluster, use the following command to add the allow-insecure-primary-ingress flag.

$ kubectl patch configmap mc-join-config -n kasten-io --type merge -p '{"data":{"allow-insecure-primary-ingress":"true"}}'