Setting up DNS and TLS in AWS
To host any service/model endpoints a domain has to be used to expose them to the external world or to an internal network. Below document will help you to set the same in your AWS EKS cluster. Any number of domains can be setup for your cluster.
Setting up DNS
There are two kind of domains that you can setup for TrueFoundry workloads
- Wild card domains - *.example.com, *.tfy.example.com, *.ml.example.com
- Non wild card domains - tfy.example.com, dev.example.com, prod.example.com
Wild card domains (recommended)
In wild card domains a subdomain wildcard is dedicatedly used to resolve endpoints in the EKS cluster. Some of the samples are given below where example.com is your domain. The services will be exposed like
- service1.tfy.example.com
- service2.tfy.example.com
Non wild card domains
In non-wild card domains a dedicated domain is used to resolve endpoints. Some of the samples for service endpoints will look like
- tfy.example.com/service1
- tfy.example.com/service2
Load balancer IP address
Once a domain name is decided a DNS record is to be mapped with the load balancer in the EKS cluster. To get the load balancer's IP address run the following command in your EKS cluster
kubectl get svc tfy-istio-ingress -n istio-system -ojsonpath='{.status.loadBalancer.ingress[0].hostname}'
Create a DNS record in your route 53 or your DNS provider with the following details
| Record Type | Record Name | Record value |
|---|---|---|
| CNAME | *.tfy.example.com | LOADBALANCER_IP_ADDRESS |
Setting up TLS
There are two ways primarily through we can add TLS to the load balancer in AWS
- Using AWS certificate manager (recommended) - Through this certs get renewed automatically
- Using Certificate and key files - Through this pre-created certs are added to istio
Updated about 2 months ago