I have the following setup. Where I manually add new DNS records when adding new services.
Route53 ------> AWS ALB -----> Ingress-Nginx in EKS ---> Ingress-Rules -------> Service
(app|api).ex.de | A record target | Target group of listener | Pointing to service
Now I want to “duplicate” my environment using namespaces. To do that, I need subdomains and automatic wiring of domains. So for example, I want to have
dev-namespace -> (app|api).dev.ex.de and
pr-1-namespace -> (app|api).pr-1.ex.de
The twist is, that the domains should be automatically wired and setup when I spin up a new environment.
Has anyone an idea how to do this in Kubernetes and AWS? Any help would be appreciated.
Related
I'm following https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md to setup AWS EKS cluster and managed to successfully setup cluster and a test nginx service running.
My domain is configured on Cloudflare and is used for different things i.e. domain.com lands static website, api.domain.com, app.domain.com, xyz.domain.com all are currently pointing to an IP address (LoadBalancer) on DigitalOcean Kubernetes that then handles everything and serves api and other requests accordingly.
How can I point multiple sub-domains to AWS using IP or some other way. Do I need to deploy external-dns multiple times (per sub domain)? or can I just deploy it once and use that for all sub domains? The problem here is part of external-dns config is to mention Route 53 ZoneID that is currently a subdomain
- --txt-owner-id=my-hostedzone-identifier
Okay, got the answer. First as documented in the external-dns documentation, run the command:
$ aws route53 create-hosted-zone --name "my-domain-here.com." --caller-reference "external-dns-mydomain-$(date +%s)"
Then I copied the NS records from Route53 for this new domain and added to cloudflare NS records in the DNS section. After that my K8s foo.my-domain-here.com started working!!
So moving forward, I won't need to register anything in the Route53 and just add NS record for bar.my-domain-here.com to point subdomains to EKS applications
although the domain is registered on cloudflare and is being used for marketing and other sub domains,
I managed to run successfully
multiple applications in different namespaces with http
one application with https (using cert-manager and letsencrypt)
But I need to run multiple https apps.
I tried two paths:
Using multiple dedicated ingress controllers+cert-managers
Using only one controller+cert and route traffic with ingress rules
Is there an open source (complete) example of a working solution for this configuration? Also one based on Azure Application Gateway Ingress Controller (AGIC) would do.
How can we create application load balancer in aws eks fargate manually instead of using alb ingress controller?
I was able to create and associate the Application Load balancer with fargate pods. However, is there a way to automatically register new pods as targets in ALB.
When using targets as IP in the target groups, I cannot find a way to define an IP range. It only takes individual IP's, in which case I need to manually add the targets every time a new pod comes up.
What you are trying to achieve is usually done using the ingress object. Sorry if I ask but is there a reason for which you can't use the ALB ingress which would give you that out of the box? Note that there were some limitations in the past (e.g. one ALB per ingress object etc) but we have just made available a new version of the ALB ingress that overcomes some of those limitations: https://aws.amazon.com/blogs/containers/introducing-aws-load-balancer-controller/
Currently I have an app (myapp) that deploys as a Java web app running on top of a "raw" (Ubuntu) VM. In production there are essentially 5 - 10 VMs running at any given time, all load balanced behind an nginx load balancer. Each VM is managed by Chef, which injects the correct env vars and provides the app with runtime arguments that make sense for production. So again: load balancing via nginx and configuration via Chef.
I am now interested in containerizing my future workloads, and porting this app over to Docker/Kubernetes. I'm trying to see what features Kubernetes offers that could replace my app's dependency on nginx and Chef.
So my concerns:
Does Kube-Proxy (or any other Kubernetes tools) provide subdomains or otherwise-loadbalanced URLs that could load balance to any number of pod replicas. In other words, if I "push" my newly-containerized app/image to Kubernetes API, is there a way for Kubernetes to make image available as, say, 10 pod replicas all load balanced behind myapp.example.com? If not what integration between Kubernetes and networking software (DNS/DHCP) is available?
Does Kubernetes (say, perhas via etc?) offer any sort of key-value basec configuration? It would be nice to send a command to Kubernetes API and give it labels like myapp:nonprod or myapp:prod and have Kubernetes "inject" the correct KV pairs into the running containers. For instance perhaps in the "nonprod" environment, the app connects to a MySQL database named mydb-nonprod.example.com, but in prod it connects to an RDS cluster. Or something.
Does Kubernetes offer service registry like features that could replace Consul/ZooKeeper?
Answers:
1) DNS subdomains in Kubernetes:
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns
Additionally, each Service loadbalancer gets a static IP address, so you can also program other DNS names if you want to target that IP address.
2) Key/Value pairs
At creation time you can inject arbitrary key/value environment variables and then use those in your scripts/config. e.g. you could connect to ${DB_HOST}
Though for your concrete example, we suggest using Namespaces (http://kubernetes.io/v1.0/docs/admin/namespaces/README.html) you can have a "prod" namespace and a "dev" namespace, and the DNS names of services resolve within those namespaces (e.g. mysql.prod.cluster.internal and mysql.dev.cluster.internal)
3) Yes, this is what the DNS and Service object provide (http://kubernetes.io/v1.0/docs/user-guide/walkthrough/k8s201.html#services)
We want to use Amazon Elastic BeanStalk service for deployment in EC2 Boxes.
We want to deploy our Ruby on Rails Application in such a way that we can do sub-domain based routing to different rails app.
And we want to use single SSL Certificate for our load balancer and want to configure our load balancer in susch a away tha subdomain based routing takes place.
HA Proxy does this work well but when we are trying to use Amazon Elastic BeanStalk service for our deployment, aws creates a load balancer but didn't associate it with any Key-Pair.
So we are not able to ssh in load balancer and add our configuration for subdomain based routing.
Can someone please point me to some solution ?
Thanks,
Ankit.
You don't SSH into AWS load balancers, they are basically a black box that you have only a limited set of configuration options for. You probably need to look at the Route 53 services for DNS routing.
Your configuration would have routing based on domain DNS to different load balancers, one for each separate service you need. You can't have a single ELB route traffic to different EC2 instances based on domain or URI fragments.