Hi,
I’m trying to monitor two distant clusters in one LightHouse instance (two different subnets, reachable via a gateway).
I exposed all portworx-services ports as NodePort on my first cluster. On the second cluster, I installed PX-backup and opened LightHouse (local Portworx instance checks correctly). When I try to add my remote (exposed) cluster, I get the following error: «sent an HTTP request to an HTTPS server.» in the pxcentral-backend Pod.
I was able to verify that the query was indeed sent to a remote node (load-balanced via Haproxy on port 9001) on NodePort 30001 (routed to the px-api Pod on port 9001).
Port 9001 was the only one opened, ports 9019, 9020 and 9021 all seem closed.
Are some additional (TLS?) steps required to add remote clusters (on different subnets) in LightHouse?
Hi
On the fist cluster, can you expose the portworx services as load balancer
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
name: portworx-api-lb
name: portworx-api-lb
namespace: kube-system
spec:
ports:
- name: px-api
port: 9001
protocol: TCP
targetPort: 9001
- name: px-sdk
port: 9020
protocol: TCP
targetPort: 9020
- name: px-rest-gateway
port: 9021
protocol: TCP
targetPort: 9021
selector:
name: portworx-api
sessionAffinity: None
type: LoadBalancer
Copy above contents to a yaml file, (portworx-api-lb.yaml) and apply the same using
kubectl apply -f portworx-api-lb.yaml -n kube-system
Assuming portworx is provisioned on kube-system namespace. Now if you describe the above service, you will get the load balancer endpoint (node ip incase of on Prem clusters, and loadbalancer ip if you are on a hosted cluster), now you can add the loadbalancer ip on to LightHouse.
Ports 9001-9021 has to be opened on firewall, if you are using any.
We can not use nodeport in the above case, because the sequence of ports 9001-9021 has to be exposed sequentially, when nodeport will expose them as random individual ports.
Please let us know, if the above information fixed your issue.
Regards
Binu