Discovery API

About the Discovery API

The Discovery API provides client applications and distributors with the endpoint information of the cluster to connect to and regularly checks the availability of the target clusters.

The Discovery API can be installed on multiple clusters, each with its own settings, but all installations will check all clusters in the instance.

Enabling required authentication with a client certificate

The Discovery API has support for authentication with Mutual TLS. In this approach each connection to the SSL endpoint must provide a client certificate signed by a certificate authority trusted in the instance. This is disabled by default, but can be activated per cluster.

See the Deployment page for more information about the different service types, like cluster and instance services.

Using Axual CLI

Add or modify the following configuration in the Discovery API config file for the tenant instance. The configuration is usually located in platform-config/tenants/{tenant-name}/instances/{instance-name}/discovery-api.sh.

# Disables mTLS for clusters cluster1 and enables it for the cluster2 cluster. These clusters are defined in this config as well
DISCOVERYAPI_SERVER_SSL_CLIENT_AUTH=cluster1:false,cluster2:true

Using Axual Helm Charts

Open the values.yaml for your instance and add the following configuration and update

instance:
  discoveryapi:
    tls:
      clientAuth: true