HTTP Primary Ingress Connection
When joining a secondary cluster to a multi-cluster system, the ingress
used to connect to the primary cluster requires a secure scheme (https
)
by default.
Warning
Using an insecure primary ingress is not recommended for security reasons.
If an insecure scheme (http
) is required for the primary cluster ingress,
an additional flag in Join ConfigMap is needed. Follow the steps in
Adding a Secondary Cluster within the
Setting Up Via CLI flow and ensure that the
option allow-insecure-primary-ingress
in
Join ConfigMap is set to "true"
with the
following command.
$ kubectl patch configmap mc-join-config -n kasten-io --type merge -p '{"data":{"allow-insecure-primary-ingress":"true"}}'
Note
Usage of an insecure primary ingress scheme is not supported in the
UI, regardless of the allow-insecure-primary-ingress
flag.
Note
The flag is required whether the primary is set up with an insecure ingress, or if the ingress used for the primary cluster was overridden to an insecure scheme.