In-cluster service communication between subsystems

Key points and limitations of in-cluster inter-subsystem communication.

  • In-cluster communication is only possible between subsystems that are in the same cluster.
  • In-cluster communication cannot be used in two data center disaster recovery deployments, Two data center warm-standby deployment on Kubernetes and OpenShift.
  • If you are adding new subsystems to an upgraded deployment you can set the subsystems to use in-cluster communication, but you must use different certificates and secrets for the subsystem endpoints. The default certificate and secret names for the subsystem endpoints are:
    • Analytics: ai-endpoint.
    • Portal: portal-admin.
    • Gateway: gwv6-manager-endpoint or gw-gateway-manager
    Do not use these same certificate and secret names if your additional subsystems are in the same namespace.
  • If you customize any TLS certificates used for inter-subsystem communication, then to use in-cluster communication the TLS certificates must include the service hostname in the DNS section of the SAN, for example:
    X509v3 Subject Alternative Name: critical
                    DNS: ptladmin.mydomain.com, DNS: portal.apic.svc, DNS: portal.apic.svc.cluster.local
  • On Cloud Pak for Integration, all subsystems are registered automatically during deployment with external communication specified.