Hi team
I purchased a domain name in godaddy. I deployed a web application in Kubernetes cluster. To open that web application in browser with service nodeport or external load balancer.
I want to route that host name or ip address with port in aws route53.
but I am messed to route in aws
There are quite a few moving parts to getting this set up.
- You should never use nodeport to serve an externally visible service, always use a load balancer, and your cluster nodes should never ever have public IPs.
- You will need a certificate matching your domain name to serve HTTPS. You can create one in AWS ACM.
- If you are using EKS for your cluster, and it is properly set up (too in depth to go through here), then it will auto-provision Application Load Balancer (ALB) for the kubernetes ingress you create for the service.
- You’ll need to associate the certificate with the ALB
- You’ll need to create a CNAME record for e.g.
www.yourdomainname
in the Godaddy control panel to point to the DNS name of your ALB.
- If you are not using EKS, then the service should be fronted by a regular nginx kubenetes ingress, and you manually provision a Network Load Balancer (NLB) in front of it.
- You will need to associate the certificate with the nginx ingress resource.
- You’ll need to create a A record for e.g.
www.yourdomainname
in the Godaddy control panel to point to the static IPs of your NLB.
I think it is possible to install the ALB into a non-EKS cluster to auto-provision ALBs for ingress resources. GitHub - kubernetes-sigs/aws-load-balancer-controller: A Kubernetes controller for Elastic Load Balancers
Can you help me in creating
You will need a certificate matching your domain name to serve HTTPS. You can create one in AWS ACM
- Go to the AWS Certificate Manager (ACM) console
- Request a new certificate (certificate type - public)
- In the form that follows, enter the fully qualified domain name. Here it is probably easier to create a wildcard certificate for the entire domain, so if you purchased e.g.
my-new-domain.com
then enter*.my-new-domain.com
here. That will make the cert valid for all services e.g.www.my-new-domain.com
,www2.my-new-domain.com
etc. - Select DNS validation
- Press Request.
It will then give you a record you must enter into DNS, which you will do via the GoDaddy control panel for the domain. I can’t tell you exactly how to do that as I don’t have any GoDaddy domains myself.
However, what this does is to prove to AWS that you own the domain name. AWS will for a period of time do a DNS lookup for the record it told you to add. When it finds it, it will issue the certificate.
It may take an hour or two after you have correctly added the DNS record. Should it give up trying, then you have made a mistake in entering the DNS record.