Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable external dns certificate automation docs #316

Merged
merged 1 commit into from
Feb 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 2 additions & 23 deletions public-site/docs/src/guides/external-alias/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,12 @@ title: Configure External DNS Alias
---
# Configure External DNS Alias

<!--
An application can be configured to use external DNS aliases, in addition to the automatically generated [domain names](../../docs/topic-domain-names), provided you register the DNS record and optionally bring the corresponding TLS certificate into Radix. Traffic routing is configured in [`dnsExternalAlias`](../../references/reference-radix-config/#dnsexternalalias) in `radixconfig.yaml`.
-->
An application can be configured to use external DNS aliases, in addition to the automatically generated [domain names](../../docs/topic-domain-names), provided you register the DNS record and bring the corresponding TLS certificate into Radix. Traffic routing is configured in [`dnsExternalAlias`](../../references/reference-radix-config/#dnsexternalalias) in `radixconfig.yaml`.

The external DNS record must point to the [public name](../../docs/topic-domain-names/#public-name) of a component, to the [app default alias](../../docs/topic-domain-names/#app-default-alias) or to the [app alias](../../docs/topic-domain-names/#app-alias).

<!--
`useCertificateAutomation` in [`dnsExternalAlias`](../../references/reference-radix-config/#dnsexternalalias) controls if the TLS certificate is automatically managed by Radix, or manually by you.
-->

## Acquire a DNS record in the equinor.com zone

The process for setting up the DNS record depends on the service used to register and manage the DNS zone. This guide assumes registration of a DNS record in the `equinor.com` zone, but you should be able to adapt the instructions to a third-party provider.
Expand Down Expand Up @@ -49,11 +45,8 @@ frontend-myapp-prod.radix.equinor.com

Add the alias to `dnsExternalAlias` in radixconfig.yaml. You can add multiple entries as long as the `alias` value is unique. The referenced environment must be re-deployed in order for the changes to take effect.

<!--
If `useCertificateAutomation` is `true`, the external DNS record must be already created in order for Radix to start the automatic certificate issuing process.
-->

<!--
``` yaml
apiVersion: radix.equinor.com/v1
kind: RadixApplication
Expand All @@ -67,27 +60,13 @@ spec:
environment: prod
useCertificateAutomation: false|true
```
-->
``` yaml
apiVersion: radix.equinor.com/v1
kind: RadixApplication
metadata:
name: myapp
spec:
...
dnsExternalAlias:
- alias: myapp.equinor.com
component: frontend
environment: prod
```

## Acquire an Equinor TLS certificate

<!--
This step is only required when `useCertificateAutomation` in `dnsExternalAlias` is omitted or set to `false`.

### How to get it
-->

1. Start by getting familiar with the appropriate procedures about handling keys and certificates in Equinor, as they are considered to be sensitive information.
1. Create a _Certificate Signing Request_ on you local pc using the [openssl](https://www.openssl.org/) command:
```sh
Expand Down
15 changes: 0 additions & 15 deletions public-site/docs/src/references/reference-radix-config/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -1060,7 +1060,6 @@ In the example above, the component **frontend** hosted in environment **prod**

## `dnsExternalAlias`

<!--
```yaml
spec:
dnsExternalAlias:
Expand All @@ -1073,26 +1072,12 @@ spec:
component: frontend
useCertificateAutomation: [false|true]
```
-->
```yaml
spec:
dnsExternalAlias:
- alias: some.alias.com
environment: prod
component: frontend
- alias: another.alias.com
environment: prod
component: frontend
```


It is possible to have multiple custom DNS aliases (i.e. to choose your own custom domains) for the application. The `dnsExternalAlias` needs to point to a component marked as public. It can be any domain name, which can in turn be used for public URLs to access the application.

In the example above, the component **frontend** hosted in environment **prod** will be accessible from both `some.alias.com` and `another.alias.com`, as long as the correct certificate has been set.

<!--
The `useCertificateAutomation` property defines how the TLS certificate for the alias is issued. When set to `true`, certificate issuing and renewal is automatically handled by Radix, and when set to `false`, the application administrator is responsible for providing a valid certificate and private key. If the value is toggled, Radix deletes the existing certificate and private key. This will cause a TLS error when accessing the external DNS alias until a new certificate and private key is set.
-->

There is a [detailed guide](../../guides/external-alias/) on how to set up external aliases.

Expand Down
Loading