-
-
Deploy Secure Developer Spaces in Multiple Regions
-
How to install and use JetBrains IntelliJ Gateway as a Citrix published application
-
Use Citrix Secure Access and Citrix Secure Developer Spaces with VS Code
-
Configure AI Gateway routing in Citrix Secure Developer Spaces
-
Configure external MongoDB with X.509 authentication in Citrix Secure Developer Spaces
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Deploy Secure Developer Spaces™ in multiple regions
This guide describes how to deploy Citrix Secure Developer Spaces™ across multiple Kubernetes clusters or regions. A multi-region setup improves developer experience by reducing latency and improving performance by routing users to the closest regional cluster.
Core concept
A multi-region deployment consists of:
- Primary (central) deployment – Hosts the main database and services.
- Regional deployments – Stateless deployments that connect to the primary deployment’s database and services.
To ensure seamless operation, critical configuration values (especially secrets for authentication and encryption) must be synchronized from the primary deployment to each regional deployment. This synchronization is done by copying specific values from the primary Helm deployment to the regional Helm chart.
How to deploy to additional regions
Like the primary deployment, regions are managed through Helm charts.
While the regional Helm charts are similar to those of the primary deployment, the main difference is that several values that are usually auto-generated during the first deployment must be manually copied from the primary deployment to the regional Helm charts.
These values include:
- Database authentication credentials and connection parameters
- Secrets for signing cookies and tokens
- Secrets for encrypting stored values
Populate the Helm charts
- Copy the values from the primary deployment’s
platformsection. - Add a
regionsection and setisExternalRegiontotrue.
Example values.yaml:
platform:
imageTag: "" # Image tag for services
hostName: "" # Main domain used to access the platform, e.g. strong-network.example.com
centralProxyHostname: "" # Wildcard domain for workspaces, e.g. proxy.strong-network.example.com
jwtSecret: "" # Use the same jwtSecret as in the main deployment
secretKeyReposB64: "" # Example: openssl rand -base64 16
# Include all other values from the primary deployment's platform section
# ...
region:
isExternalRegion: true # For regional deployments, set this to true
<!--NeedCopy-->
Note:
When
isExternalRegionis set totrue, setplatform.internalMongodbtofalse.
Required fields and their mappings
The following fields must match between the primary and regional deployments:
| Field name | Description |
|---|---|
| hostName | Domain name of the deployment (used by users and API). |
| centralProxyHostname | Workspace sub-domain of the main deployment (usually proxy.<hostName>) |
| jwtSecret | Secret for signing tokens and cookies. |
| secretKeyReposB64 | Secret for encrypting values. |
Retrieve secrets from the primary deployment
Run the following commands in the namespace of the primary deployment cluster to extract the required values.
Get the hostName value
kubectl get secrets strong-network-secret -o yaml
<!--NeedCopy-->
Copy the hostName value from the output.
Get the secretKeyReposB64 value
kubectl get secrets strong-network-secret -o yaml
<!--NeedCopy-->
Copy the secretKeyReposB64 value, then base64 decode it before pasting it into the regional Helm charts.
For example:
echo "<base64-encoded-value>" | base64 --decode
<!--NeedCopy-->
Next steps
- Verify that all required secrets and configuration values are synchronized between the primary and regional deployments.
- Deploy the Helm chart for the regional cluster.
- Confirm that developers can connect to the nearest regional deployment with minimal latency.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.