HTTP Primary Ingress Connection

When joining a secondary cluster to a multi-cluster system, the ingress used to connect to the primary cluster requires a secure scheme (https) by default.

Warning

Using an insecure primary ingress is not recommended for security reasons.

If an insecure scheme (http) is required for the primary cluster ingress, an additional flag in Join ConfigMap is needed. Follow the steps in Adding a Secondary Cluster within the Setting Up Via CLI flow and ensure that the option allow-insecure-primary-ingress in Join ConfigMap is set to "true" with the following command.

$ kubectl patch configmap mc-join-config -n kasten-io --type merge -p '{"data":{"allow-insecure-primary-ingress":"true"}}'

Note

Usage of an insecure primary ingress scheme is not supported in the UI, regardless of the allow-insecure-primary-ingress flag.

Note

The flag is required whether the primary is set up with an insecure ingress, or if the ingress used for the primary cluster was overridden to an insecure scheme.