XDCR between CB Servers on different namespaces of Kubernetes


Referring to doc https://docs.couchbase.com/operator/2.0/howto-xdcr.html, I am able to setup XDCR between 2 CB Servers within the same namespace. Can somebody please assist me on what additional steps do I need to follow to setup XDCR between CB Clusters of different namespaces ?

I am using CAO 2.0.2 using CB Server 6.0.4 on K8 1.15.


If you read this section about local cluster configuration https://docs.couchbase.com/operator/2.0/howto-xdcr.html#local-cluster then it’s a simple case of specifying the address as my-couchbase-cluster.my-namespace where my-couchbase-cluster is the XDCR target cluster’s name, and my-namespace is the namespace it is running in.

Hi Simon,

Thank for such a quick response. I believe you meant to set the parameter spec.xdcr.remoteClusters.hostname under the CouchbaseCluster yaml file to the value my-couchbase-cluster.my-namespace . Correct ?

I have already set this but I get the error message:
Error from server: error when creating “roamware-cluster.yaml”: admission webhook “couchbase-operator-admission.np1.svc” denied the request: validation failure list:
secret onenode-cb-auth referenced by spec.xdcr.remoteClusters[0].authenticationSecret must exist

The Operator needs a username and password to connect to the remote cluster, ensure the authentication secret, defined in the remote cluster exists in that namespace. For example does kubectl -n np500 get secret onenode-cb-auth actually work?

Thank you so much Simon! Your response helped to resolve my problem. So now I get it that a secret needs to be created on both the namespaces (‘np1’ and ‘np500’). Interesting! :slight_smile:

One more query. What will be additional parameters we need to use if we have CB Servers in 2 different K8 clusters. We are not using External DNS.

Not that interesting, the Operator can only see things in the namespace it’s deployed in. Heavily regulated industries wouldn’t allow us to look at all secrets in all namespaces!

How you configure XDCR across K8S clusters depends on what your networking looks like. Are you using an overlay or flat networking? See https://docs.couchbase.com/operator/2.0/concept-couchbase-networking.html if you can use inter-cluster networking do so, if not then you have to use generic, which is insecure and has other problems that make it bad for production environments.