HTTP Primary Ingress Connection
When joining a secondary cluster to a Multi-Cluster system, the ingress
used to connect to the primary cluster requires a secure scheme
(https
) by default.
Using an insecure primary ingress is not recommended for security reasons.
If an insecure scheme (http
) is required for the primary cluster
ingress, an additional flag in Join ConfigMap is needed. Follow the
steps in
Adding a Secondary Cluster within the
Setting Up Via CLI
flow and ensure that the option allow-insecure-primary-ingress
in
Join ConfigMap is set
to "true"
with the following command.
$ kubectl patch configmap mc-join-config -n kasten-io --type merge -p '{"data":{"allow-insecure-primary-ingress":"true"}}'
Usage of an insecure primary ingress scheme is not supported in the UI,
regardless of the allow-insecure-primary-ingress
flag.
The flag is required whether the primary is set up with an insecure ingress, or if the ingress used for the primary cluster was overridden to an insecure scheme.