You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Integration of dns, ssl, and ingress in crossplane. I've added these as one ticket as they are often related.
If I configure the dns, I can provision certs with a major provider, and by extension I can associate those certs with a load balancer.
Although this can be supported somewhat with self-service by applying externaldns, and cert-manager to a kubernetes target cluster with workload, it moves this out of the control of Crossplane and has downsides. Cert-manager can be less than ideal in some cases like a zero downtime migration to a different cluster, you don't get certs on cluster until the dns resolves to the new cluster, which is whatever the delay is for the dns migration.
As part of this story, full automation makes for a great demo, but we would likely also want to allow users to set a private key and ca and allow crossplane to associate this cert to any load balancer in the major providers.
How could Crossplane help solve your problem?
Example flow with GCP cloud DNS + AWS EKS to setup SSL, DNS, Ingress:
Want to deploy app in a target EKS cluster behind https://myhost.com
What problem are you facing?
Integration of dns, ssl, and ingress in crossplane. I've added these as one ticket as they are often related.
If I configure the dns, I can provision certs with a major provider, and by extension I can associate those certs with a load balancer.
Although this can be supported somewhat with self-service by applying externaldns, and cert-manager to a kubernetes target cluster with workload, it moves this out of the control of Crossplane and has downsides. Cert-manager can be less than ideal in some cases like a zero downtime migration to a different cluster, you don't get certs on cluster until the dns resolves to the new cluster, which is whatever the delay is for the dns migration.
As part of this story, full automation makes for a great demo, but we would likely also want to allow users to set a private key and ca and allow crossplane to associate this cert to any load balancer in the major providers.
How could Crossplane help solve your problem?
Example flow with GCP cloud DNS + AWS EKS to setup SSL, DNS, Ingress:
https://myhost.com
Further related reading:
GCP K8s multi-cluster ingress
google managed certs
google pre-shared certs
Import external cert to AWS ACM
Static IPs for ALBs
The text was updated successfully, but these errors were encountered: