I've been thinking about Cross Site Replication using Relay protocol on Kubernetes/OpenShift. Most of the installations should use Federation [1] but I can also imagine a custom installation with two sites (let's call them X and Y) and totally separate networks. In that case, the flow through Kubernetes/OpenShift might look like the following:

Site X, Pod 1 (sending relay message) ---> sending packets ---> the Internet ---> Site Y, Ingress/Route ---> Service ---> Site Y, Pod 1

Ingress/Routes and Services are Kubernetes/OpenShift "things". The former acts as a reverse proxy and the latter as a load balancer. 

Unfortunately Ingress/Routes don't have good support for custom protocols using TCP (they were designed with HTTP in mind). The only way to make it work is to use TLS with SNI [2][3]. So we would need to encrypt all traffic with TLS and use Application FQDN (a fully qualified application name, so something like this: infinispan-app-2-myproject.site-x.com) as SNI Hostname. Note that FQDN for both sites might be slightly different - Infinispan on site X might want to use FQDN containing site Y in its name and vice versa. 

I was wondering if it is possible to configure JGroups this way. If not, are there any plans to do so?

Thanks,

Sebastian

[1] https://kubernetes.io/docs/concepts/cluster-administration/federation/

[2] https://www.ietf.org/rfc/rfc3546.txt

[3] Look for "Passthrough Termination" https://docs.openshift.com/enterprise/3.2/architecture/core_concepts/routes.html#secured-routes