With
SAP BTP, Kyma Runtime, you can now connect your service to a custom domain using
Istio Service Mesh in a breeze.
Steps to connect your custom domain
1. Register your domain name with a domain registrar
2. Create a Kubernetes Secret with the credentials of your DNS Provider
3. Create a DNS Provider custom resource
4. Create a DNS Entry custom resource
5. Create an Issuer — For example,
Let's Encrypt (using
ACME protocol) —
"a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG)"[1]
6. Create a Certificate with the Issuer
7. Create an Istio Ingress Gateway using the Certificate
8. Create an API Rule to expose your service with the Istio Ingress Gateway — that automatically creates an Istio Virtual Service bound to the Istio Ingress Gateway, which connects your Kubernetes service to the Istio Ingress Gateway
Register your domain name with a domain registrar
Currently, the DNS Providers listed below are supported.
- Alibaba Cloud
- Amazon Route 53
- Azure
- Google Cloud
- OpenStack Designate
- Cloudflare
- Infoblox
- Netlify
If your DNS Provider isn't included in the above list, you can either
transfer your domain to one of the above DNS Providers or you can
add your domain to Cloudflare without having to transfer it.
Create a Kubernetes Secret with the credentials of your DNS Provider
After registering your domain, you'll need to create a Kubernetes Secret that is required to create a DNS Provider custom resource for your DNS Provider.
The Secret needs to have the credentials required to allow the DNS controller manager used by Kyma to authenticate to your DNS Provider and to manage your DNS records.
The steps to create the Secret for each supported DNS Provider are described in the documentation pages listed below.
An example demonstrating all the steps
Refer to the following example for the detailed steps along with screenshots to connect your service to a custom domain:
Note: This example is part of the following blog post: Going Jamstack with Kyma Runtime & building a high-performance web app
Conclusion
The user interface of the Kyma console makes it very easy to connect a custom domain to a website or microservice running on Kyma Runtime.
You also benefit from Istio security features that help fully secure your website. As per the Istio documentation,
“The Istio security features provide strong identity, powerful policy, transparent TLS encryption, and authentication, authorization and audit (AAA) tools to protect your services and data.”[2]
As a next step, you could start by connecting a domain to your service running on Kyma Runtime using a
free SAP BTP Trial account by following the steps shared in the example shared above. After that, you could explore the features of Istio Ingress Gateway such as
applying monitoring and route rules to traffic entering the cluster. You could also explore Istio service mesh further with reference to the resources listed in the
Further Readings section below.
Kindly provide your feedback or feel free to ask clarifying questions related to this post in the comment section below. Additionally, I’d like to invite you to submit any broader Kyma related questions in the
Q&A area of the SAP BTP, Kyma runtime topic.
If the
SAP BTP, Kyma runtime topic interests you, here are some other links that you may like:
Lastly, if you liked this post, kindly hit the like icon, leave a comment below or share this post. Thank you!
References
- Let's Encrypt
- Istio / Security
Further Readings
