In-cluster service communication between subsystems
Key points and limitations of in-cluster
inter-subsystem
communication.
- In-cluster communication is only possible between subsystems that are in the same cluster.
- In-cluster communication cannot be used in two data center disaster recovery deployments, Two data center warm-standby deployment on Kubernetes and OpenShift.
- If you are adding new subsystems to an upgraded deployment you can set the subsystems to use
in-cluster
communication, but you must use different certificates and secrets for the subsystem endpoints. The default certificate and secret names for the subsystem endpoints are:- Analytics:
ai-endpoint
. - Portal:
portal-admin
. - Gateway:
gwv6-manager-endpoint
orgw-gateway-manager
- Analytics:
- If you customize any TLS certificates used for inter-subsystem communication, then to use
in-cluster
communication the TLS certificates must include the service hostname in the DNS section of the SAN, for example:X509v3 Subject Alternative Name: critical DNS: ptladmin.mydomain.com, DNS: portal.apic.svc, DNS: portal.apic.svc.cluster.local
- On Cloud Pak for Integration, all subsystems are
registered automatically during deployment with
external
communication specified.