Tetrate Service BridgeVersion: 1.9.x

Configure TLS Origin for DNS based MultiCluster Communication

If you want to configure x-cluster communication for TLS endpoints exposed on other remote clusters by enabling the client to initiate TLS (https) origin requests using DNS hostnames. You can add a flag to XCP Edge so that a passthrough is created for such DNS hostnames based x-cluster communication through https.

What is the use-case?

Imagine a situation where sleep service from Cluster-1 needs to connect to https://foo.com which is exposed over a Gateway in another remote cluster i.e Cluster-2.

Enable TLS support for DNS hostnames in x-cluster communication

To enable DNS hostname based x-cluster communication at XCP edge, you will need to edit xcp component in ControlPlane CR or Helm values and add an environment variable ENABLE_MULTICLUSTER_HTTPS_CLIENT with value true:

spec:
  components:
    xcp:
      ...
      kubeSpec:
        overlays:
          - apiVersion: install.xcp.tetrate.io/v1alpha1
            kind: EdgeXcp
            name: edge-xcp
            patches:
              ...
              - path: spec.components.edgeServer.kubeSpec.deployment.env[-1]
                value:
                  name: ENABLE_MULTICLUSTER_HTTPS_CLIENT
                  value: "true"
  ...

Refer to Multi-cluster traffic routing using EastWest Gateways for how to enable EastWest routing .

What is the use-case?​

Enable TLS support for DNS hostnames in x-cluster communication​

What is the use-case?

Enable TLS support for DNS hostnames in x-cluster communication