K
Q

Best way to handle DNS and SSL with EKS, external-dns (or something similar), ACM and an ELB

6/12/2019

I have a hosted zone, let's call it foobar.com and I will be deploying a number of microservices on EKS which will all be accessed via subdomains of foobar.com e.g. whammyjammy.foobar.com, omfgwtf.foobar.com, etc.

I do not want these services to be publicly exposed (not now, eventually I may replicate this environment where the services will need to be exposed).

I am happy to use ACM and a wildcard cert should suffice. I would like to use an ELB and I can probably terminate SSL at the load balancer (not sure on this yet).

I'd like a system which automatically discovers the new hostnames for each Ingress/microservice and updates Route53 automatically, really it could just point a new record to the ELB but also uses the ACM cert. My current setup uses a classic load balancer with external-dns along with an nginx ingress controller, which cannot access an ACM certificate.

Oh, regarding the VPN/select access to the cluster, I was planning to manage that through inbound security group rules on the ELB.

I've been googling around a bit, wondering if someone here has set up something to their liking, something simple ideally. :)

Any and all help is appreciated.

-- matthewcummings516
amazon-elb
amazon-web-services
aws-certificate-manager
eks
kubernetes

Similar Questions

How do I get Kerberos authentication working in k8s
helm and kubectl context mismatch
How to access from outside a RabbitMQ Kubernetes cluster using rabbitmqctl?
SpringBoot could not access ElasticSearch on kubernetes
NGINX ingress loads only html on Kubernetes AKS
Laravel websocket on kubernetes - some calls are being dropped

0 Answers