I have a hosted zone, let's call it foobar.com and I will be deploying a number of microservices on EKS which will all be accessed via subdomains of foobar.com e.g. whammyjammy.foobar.com, omfgwtf.foobar.com, etc.
I do not want these services to be publicly exposed (not now, eventually I may replicate this environment where the services will need to be exposed).
I am happy to use ACM and a wildcard cert should suffice. I would like to use an ELB and I can probably terminate SSL at the load balancer (not sure on this yet).
I'd like a system which automatically discovers the new hostnames for each Ingress/microservice and updates Route53 automatically, really it could just point a new record to the ELB but also uses the ACM cert. My current setup uses a classic load balancer with external-dns along with an nginx ingress controller, which cannot access an ACM certificate.
Oh, regarding the VPN/select access to the cluster, I was planning to manage that through inbound security group rules on the ELB.
I've been googling around a bit, wondering if someone here has set up something to their liking, something simple ideally. :)
Any and all help is appreciated.