Configuring DNS and TLS on EKS (optional)

2 minute read

If you require custom Domain Name Service (DNS) and/or Transport Layer Security (TLS) support, follow the steps in this document. If you do not require support for these services, continue to Creating an EKS cluster.

Configuring AWS Route 53

In order to configure you cluster to enable external DNS and TLS for its services and your applications, you must configure AWS Route53 appropriately.

Using the fictional Acme organization used in Creating an EKS cluster, an administrator should have the following domain name registered with a name registrar, for example www.acmecorp.example, before configuring Route 53’s Hosted Zone settings. For more information, refer to Getting Started with Amazon Route 53 from the Amazon documentation.

  1. Within the AWS Dashboard, navigate to the Region Selector dropdown and choose the region that you are going to work with.

  2. Configure the following settings as described in Creating a Public Hosted Zone from the Amazon documentation:

    1. Input a DNS suffix in DNS name, for example acmecorp.example.

    2. (Optional) input a Comment for your Hosted Zone.

    3. Choose Public as your Zone Type.

    4. Click Create.

Once created, the Hosted Zone Details page loads. NS (Name server) and SOA (Start of Authority) records are automatically created for your domain (for example acmecorp.example)

Configuring External DNS in CloudBees Jenkins X Distribution

Once you have configured AWS Route 53, you can browse the Hosted Zones page from the navigation pane for the selected region to set up your external domain.

External DNS will automatically update DNS records if you reuse the domain name, so if you delete an old cluster and create a new one it will preserve the same domain configuration for the new cluster.
  1. Choose a unique DNS name; you can use nested domains (for example, cluster1.acmecorp.example). Create a new Hosted Zone for this subdomain.

  2. In the newly created Hosted Zone details page, copy all the nameservers from the NS recordset and annotate the name of your subdomain.

  3. Go back to the Hosted Zone created for your apex domain, in this case acmecorp.example, and click on <create_record_set> to create a new record set.

    • Input the name of the subdomain in the Name field. In this case cluster1.acmecorp.example.

    • Select NS as the Type.

    • Input the nameservers that you copied from the subdomain Hosted Zone in the Value field.

  4. Click Create.

  5. Configure CloudBees Jenkins X Distribution for the new domain names:

    • From the directory where you extracted the CloudBees Jenkins X Distribution tarball archive open the jx-requirements-eks.yml file in a text editor (such as TextEdit for macOS or gedit for Linux) and edit the ingress section at the root level.

ingress:
  domain: cluster1.acmecorp.example
  ignoreLoadBalancer: true
  externalDNS: true
  namespaceSubDomain: -jx.
  tls:
    email: certifiable@acmecorp.example
    enabled: true
    production: true