Skip to main content
logoTetrate Service BridgeVersion: 1.10.x

Configure TLS Origin for DNS based MultiCluster Communication

If you want to configure x-cluster communication for TLS endpoints exposed on other remote clusters by enabling the client to initiate TLS (https) origin requests using DNS hostnames. You can add a flag to XCP Edge so that a passthrough is created for such DNS hostnames based x-cluster communication through https.

What is the use-case?

Imagine a situation where sleep service from Cluster-1 needs to connect to https://foo.com which is exposed over a Gateway in another remote cluster i.e Cluster-2.

Enable TLS support for DNS hostnames in x-cluster communication

To enable DNS hostname based x-cluster communication at XCP edge, you will need to edit xcp component in ControlPlane CR or Helm values and add an environment variable ENABLE_MULTICLUSTER_HTTPS_CLIENT with value true:

spec:
components:
xcp:
...
kubeSpec:
overlays:
- apiVersion: install.xcp.tetrate.io/v1alpha1
kind: EdgeXcp
name: edge-xcp
patches:
...
- path: spec.components.edgeServer.kubeSpec.deployment.env[-1]
value:
name: ENABLE_MULTICLUSTER_HTTPS_CLIENT
value: "true"
...

Refer to Multi-cluster traffic routing using EastWest Gateways for how to enable EastWest routing .