Configuring DNS and TLS (optional)

If you require custom Domain Name Service (DNS) and/or Transport Layer Security (TLS) support, follow the steps in this document. If you do not require support for these services, continue to Creating a GKE cluster.

Configuring Google Cloud DNS

In order to configure Vault for the proper DNS and TLS access, you must configure Google Cloud DNS settings appropriately.

Using the fictional Acme organization used in Creating a GKE cluster, an administrator should have the following a domain name registered with a name registrar, for example www.acmecorp.example before configuring DNS Zone settings. For more information, refer to Creating a managed public zone from the Google documentation.

  1. Navigate via browser to the Project Selector page. and choose your Google Cloud Platform project.

  2. Create a DNS zone

    1. Choose Public as your Zone Type.

    2. Type a Zone Name for your zone.

    3. Input a DNS suffix in DNS name, for example acmecorp.example.

    4. Choose your DNSSEC or DNS Security state, which should be set to btn:[Off] for this configuration.

    5. (Optional) Input a Description for your DNS zone.

    6. Click btn:[Create].

Once created, the Zone Details page loads. NS (Name server) and SOA (Start of autority) records are automatically created for your domain (for example acmecorp.example)

Configuring External DNS in CloudBees Jenkins X Distribution

Once you have configured Google Cloud DNS, you can use browse the Zones page in your Google Cloud Platform project to setup your external domain.

External DNS will automatically updates DNS records if you reuse the domain name, so if you delete an old cluster and create a new one it will preserve the same domain configuration for the new cluster.
  1. Choose a unique DNS name; you can use nested domains (for example,  cluster1.acmecorp.example). Enter the name in the DNS Name field

  2. Run the jx create domain command against jx create domain gke --domain cluster1.acmecorp.example.

    1. The program prompts you to choose your Google Cloud Platform project from the available list.

    2. The program prompts you to update your existing managed servers to use the displayed list of Cloud DNS nameservers. Copy the list for use in the next steps.

  3. From the Google Cloud Platform Zones page, change the Resource Record Type to NS) and use the default values for your domain for for TTL (5) and TTL Unit (minutes).

  4. Add the first nameserver to the Name server field

  5. Click btn:[Add item] and add any subsequent nameservers.

  6. Click btn:[Create].

  7. Configure CloudBees Jenkins X Distribution for the new domain names:

    • From the directory where you extracted the CloudBees Jenkins X Distribution tarball archive open the jx-requirements-gke.yml file in a text editor (such as TextEdit for macOS or gedit for Linux) and edit the ingress section at the root level.

      ingress:
        domain: cluster1.acmecorp.example
        externalDNS: true
        namespaceSubDomain: -jx.
        tls:
          email: certifiable@acmecorp.example
          enabled: true
          production: true