HOLD FOR RELEASE Custom domains for EC #3116
Conversation
replicated-ci
added
type::docs
✅ Deploy Preview for replicated-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for replicated-docs-upgrade ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
|
||
| Configure the `domains` key so that Embedded Cluster uses your custom domains for the Replicated proxy registry and Replicated app service. | ||
|
|
||
| When `domains.proxyRegistryDomain` and `domains.replicatedAppDomain` are set, Embedded Cluster uses the custom domains specified when making requests to the given service. Embedded Cluster also passes the values to KOTS to ensure that KOTS uses the same domains for these services. |
There was a problem hiding this comment.
Embedded Cluster also passes these values to KOTS
Saw this in the custom domains for ec google doc. Not sure if there's more to add here (I guess it's self-explanatory why you'd want them to use the same custom domains for these services?).
I also left out the details about how exactly they are passed to KOTS (values in the helmchart resource), but can add that in if you think vendors would want to know
There was a problem hiding this comment.
how it's passed isn't important. what KOTS does with it could be, depending on how much detail we want to go into. KOTS makes calls to replicated.app to check for updates, so that one is more self-explanatory. proxy.registry.com is a bit more confusing because different things happen. image names are automatically rewritten with the custom domain for k8s manifests and v1beta1 helm charts. for v1beta2, the vendor should have used the custom domain themselves. and then the custom domain is always used in the image pull secret(s) that is created by KOTS.
not saying any or all of that is necessary, but just filling you in.
There was a problem hiding this comment.
Yeah that's good to know. We could consider (maybe as a different PR) updating the overview of the custom domains feature to make sure we have a good explanation of how/when the different endpoints are hit
|
|
||
| The TXT records can be removed after the verification is complete. |
There was a problem hiding this comment.
^ this info about TXT records seemed a little random/in the weeds for an Overview. I also wasn't entirely sure if creating TXT records is still required or if the automatic http verification takes care of it, so I just removed this content
I did move the "The TXT records can be removed after the verification is complete" part over to be an optional step in the relevant procedure in Using Custom Domains
|
|
||
| Configure the `domains` key so that Embedded Cluster uses your custom domains for the Replicated proxy registry and Replicated app service. | ||
|
|
||
| When `domains.proxyRegistryDomain` and `domains.replicatedAppDomain` are set, Embedded Cluster uses the custom domains specified when making requests to the given service. Embedded Cluster also passes the values to KOTS to ensure that KOTS uses the same domains for these services. |
There was a problem hiding this comment.
how it's passed isn't important. what KOTS does with it could be, depending on how much detail we want to go into. KOTS makes calls to replicated.app to check for updates, so that one is more self-explanatory. proxy.registry.com is a bit more confusing because different things happen. image names are automatically rewritten with the custom domain for k8s manifests and v1beta1 helm charts. for v1beta2, the vendor should have used the custom domain themselves. and then the custom domain is always used in the image pull secret(s) that is created by KOTS.
not saying any or all of that is necessary, but just filling you in.
| The Vendor Portal marks the domain as **Configured** after the verification checks for ownership and TLS certificate creation are complete. | ||
| After the verification checks for ownership and TLS certificate creation are complete, the Vendor Portal marks the domain as **Configured**. | ||
|
|
||
| 1. (Optional) After a domain is marked as **Configured**, you can remove any TXT records that you created in your DNS account. |
There was a problem hiding this comment.
when i configure a custom domain now, i don't have to do the txt records anymore. separate from this pr, but would be worth asking VP about that. those steps still show in the configure a custom domain modal, but i don't think you really need the txt records now.
There was a problem hiding this comment.
Yeah I had a similar thought. Asked here https://replicated.slack.com/archives/CEEFDQURM/p1742315489907039
There was a problem hiding this comment.
confirmed the txt record thing is still the backup option if http validation doesn't work. reworded this a bit to flip it around
Just kidding. There's a new response from Dmitriy that I missed. Reworking again
success
paigecalvert
changed the title
| @@ -34,6 +30,9 @@ spec: | |||
| - name: app | |||
| labels: | |||
| app: "true" | |||
| domains: | |||
| proxyRegistryDomain: proxy.yourcompany.com | |||
There was a problem hiding this comment.
This is what we suggest and show as a placeholder in the vendor portal
| proxyRegistryDomain: proxy.yourcompany.com | |
| proxyRegistryDomain: images.yourcompany.com |
|
|
||
| - Domain ownership: Domain ownership is verified when you initially add a record. | ||
| - TLS certificate creation: Each new domain must have a new TLS certificate to be verified. | ||
| - **Proxy registry:** Images can be proxied from external private registries using the Replicated proxy registry. By default, the proxy registry uses the domain `proxy.replicated.com`. Replicated recommends using a CNAME such as `proxy.{your app name}.com`. |
There was a problem hiding this comment.
| - **Proxy registry:** Images can be proxied from external private registries using the Replicated proxy registry. By default, the proxy registry uses the domain `proxy.replicated.com`. Replicated recommends using a CNAME such as `proxy.{your app name}.com`. | |
| - **Proxy registry:** Images can be proxied from external private registries using the Replicated proxy registry. By default, the proxy registry uses the domain `proxy.replicated.com`. Replicated recommends using a CNAME such as `images.{your company name}.com`. |
There was a problem hiding this comment.
your company throughout too (i assume most people's domain is their company name, not their app name
Embedded Cluster Config reference: https://deploy-preview-3116--replicated-docs.netlify.app/reference/embedded-config#domains
Configure EC to Use Custom Domains in Using Custom Domains: https://deploy-preview-3116--replicated-docs.netlify.app/vendor/custom-domains-using#ec