Can't add remote cluster to Lighthouse

I’m trying to monitor two distant clusters in one LightHouse instance (two different subnets, reachable via a gateway).

I exposed all portworx-services ports as NodePort on my first cluster. On the second cluster, I installed PX-backup and opened LightHouse (local Portworx instance checks correctly). When I try to add my remote (exposed) cluster, I get the following error: «sent an HTTP request to an HTTPS server.» in the pxcentral-backend Pod.

I was able to verify that the query was indeed sent to a remote node (load-balanced via Haproxy on port 9001) on NodePort 30001 (routed to the px-api Pod on port 9001).

Port 9001 was the only one opened, ports 9019, 9020 and 9021 all seem closed.

Are some additional (TLS?) steps required to add remote clusters (on different subnets) in LightHouse?


On the fist cluster, can you expose the portworx services as load balancer

apiVersion: v1
kind: Service
    name: portworx-api-lb
  name: portworx-api-lb
  namespace: kube-system
  - name: px-api
    port: 9001
    protocol: TCP
    targetPort: 9001
  - name: px-sdk
    port: 9020
    protocol: TCP
    targetPort: 9020
  - name: px-rest-gateway
    port: 9021
    protocol: TCP
    targetPort: 9021
    name: portworx-api
  sessionAffinity: None
  type: LoadBalancer

Copy above contents to a yaml file, (portworx-api-lb.yaml) and apply the same using
kubectl apply -f portworx-api-lb.yaml -n kube-system

Assuming portworx is provisioned on kube-system namespace. Now if you describe the above service, you will get the load balancer endpoint (node ip incase of on Prem clusters, and loadbalancer ip if you are on a hosted cluster), now you can add the loadbalancer ip on to LightHouse.
Ports 9001-9021 has to be opened on firewall, if you are using any.

We can not use nodeport in the above case, because the sequence of ports 9001-9021 has to be exposed sequentially, when nodeport will expose them as random individual ports.

Please let us know, if the above information fixed your issue.