Sebastian, Do you know if OpenShift has or plans to have some VPN or VPN like capabilities to bridge two "cross site" projects?
It would probably be a faster and more generic solution than going through HTTP. Emmanuel On Tue 17-04-25 13:04, Sebastian Laskawiec wrote: >Hey Bela! > >I've been thinking about Cross Site Replication using Relay protocol on >Kubernetes/OpenShift. Most of the installations should use Federation [1] >but I can also imagine a custom installation with two sites (let's call >them X and Y) and totally separate networks. In that case, the flow through >Kubernetes/OpenShift might look like the following: > >Site X, Pod 1 (sending relay message) ---> sending packets ---> the >Internet ---> Site Y, Ingress/Route ---> Service ---> Site Y, Pod 1 > >Ingress/Routes and Services are Kubernetes/OpenShift "things". The former >acts as a reverse proxy and the latter as a load balancer. > >Unfortunately Ingress/Routes don't have good support for custom protocols >using TCP (they were designed with HTTP in mind). The only way to make it >work is to use TLS with SNI [2][3]. So we would need to encrypt all traffic >with TLS and use Application FQDN (a fully qualified application name, so >something like this: infinispan-app-2-myproject.*site-x*.com) as SNI >Hostname. Note that FQDN for both sites might be slightly different - >Infinispan on site X might want to use FQDN containing site Y in its name >and vice versa. > >I was wondering if it is possible to configure JGroups this way. If not, >are there any plans to do so? > >Thanks, >Sebastian > >[1] https://kubernetes.io/docs/concepts/cluster-administration/federation/ >[2] https://www.ietf.org/rfc/rfc3546.txt >[3] Look for "Passthrough Termination" >https://docs.openshift.com/enterprise/3.2/architecture/core_concepts/routes.html#secured-routes >-- > >SEBASTIAN ĆASKAWIEC > >INFINISPAN DEVELOPER > >Red Hat EMEA <https://www.redhat.com/> ><https://red.ht/sig> >_______________________________________________ >infinispan-dev mailing list >infinispan-dev@lists.jboss.org >https://lists.jboss.org/mailman/listinfo/infinispan-dev _______________________________________________ infinispan-dev mailing list infinispan-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/infinispan-dev