K
Q

Allowing users to add SSL verified domains to my kubernetes service

3/1/2020

I am currently creating a kubernetes-based service on EKS and using route53 for my DNS. When a new deployment is created (individualized for the client), a subdomain of my service (ie. servername.myservice.com) is created.

This is done relatively easily, and I have an ssl certificate for the my service domain in route53... However, if a client wants to add their own custom domain to the service via a CNAME I am only able to access it via http..... This is because it is still using the cert from MY domain and not theirs (ERR_CERT_COMMON_NAME_INVALID).... All traffic is flowing through an ELB that is made on AWS...

In short I would like users to be able to add their own domain somehow while retaining the same https cert from my service domain. I have also tried creating an alias via a route53 hosted zone which I had created for the client's domain.

-- Dylan
amazon-route53
amazon-web-services
dns
kubernetes
ssl-certificate

Similar Questions

Minikube volume write permissions?
How to handle a stream response using the Kubernetes API?
Docker/Kubernetes - failed to pull image from local repository
Single GIT Repositiory for Microservices and Deployments

1 Answer

3/1/2020

The thing you want is a wildcard certificate, which Amazon Certificate Manager will happily issue to you, and then you can bind to the ELB that you described.

You would want to issue the certificate for *.myservice.com which will make it valid for servername.myservice.com but will not make it valid for www.servername.myservice.com since the * only covers one dns dot level

-- mdaniel
Source: StackOverflow