I’ve been following this guide on setting https on my deployed instance (on Kubernetes). Do I have to buy and setup a domain before the Set up automatic HTTPS stage?
What if I want HTTPS without getting a domain?
I did try using the IP and domain name of the load balancer but that produced an
- I’m running my cluster on AWS, I first deployed it without any https and then tried to add my IP as the domain but without success.
With keys that I’ve generated locally with openssl it works but stating it’s not secure.
You’ll need a domain that points to the IP of your cluster before you can setup a https certificate.
I have a subdomain: Cluster.mydomain.io and I’ve put a dns record pointing to the dynamic IP of the public-proxy, I’ve also checked it propogated via dig +trace and I can see the A record to the IP.
When I’m updating this block:
I’m getting an error:
I didn’t see anything on the hub/P.proxy logs while running on debugging.
PS, I’ve allocated an EIP in my AWS account and allocated it within the cluster’s vpc (which the EKS sits), and the A record I created is routing to this IP. I’ve also attached the configuration in the yaml:
Where are you seeing this error?
When I’m trying to load the subdomain in a firefox browser.
I did try running get events on the cluster and found out this:
Error syncing load balancer: failed to ensure load balancer: LoadBalancerIP cannot be specified for AWS ELB
13m Normal LoadbalancerIP service/proxy-public -> 52.44.some_IP
13m Normal ScalingReplicaSet deployment/proxy Scaled down replica set proxy-665d98df47 to 0
13m Normal ScalingReplicaSet deployment/proxy Scaled up replica set proxy-7f4585474 to 1
2m47s Normal NoPods poddisruptionbudget/user-placeholder No matching pods found
Alright, I was able to solve it.
here’s what I had to do if someone hits the same issue:
I was running on EKS within a VPC + an elastic IP.
I configured first the ip within the config.yaml like the docs says.
I then moved the dns into Route 53.
I had to create an A record to map from my subdomain to the ELB that was deployed through an alias. Once that propagated (I’ve waited ~10 minutes), I’ve added the subdomain on the https section and updated the chart, it worked fine!
Thanks for the help!