DNS

Overview #

DNS names provide a standard way to make services accessible on the public internet. In Kubernetes applications, DNS names are most often used with Ingress objects  to map incoming requests to an external Load Balancer  to workloads running inside the cluster.

A DNS name is represented as a Resource of type dns. A TLS certificate is represented by a Resource of type tls-cert.

By default, Humanitec will automatically generate dynamic DNS name under the .newapp.io domain along with a valid SSL certificate. However, it is possible to configure different DNS names that will get picked up in different environments.

DNS names #

A Resource Definition can be used to define how new DNS names should be generated. In most cases, this involves creating a subdomain to an existing domain. Humanitec provides 3 drivers which can be used to dynamically generate DNS names as required on existing domains:

DNS - Wildcard #

This Driver assumes that a wildcard record exists in the appropriate zone file resolving all DNS requests on any subdomain to be directed to the cluster Load Balancer. The Driver will generate new unique subdomains and requires a static wildcard TLS certificate.

By definition, this Driver can only be used for environments in a single cluster as the wildcard Zonefile record can only point to a single IP.

For more information, see DNS Wildcard

DNS - Cloudflare #

This Driver adds records to a Cloudflare Zonefile pointing at the Load Balancer for the relevant cluster. The Driver will generate new unique subdomains.

This Driver can be used with environments running on different clusters.

For more information, see DNS Cloudflare

DNS - Route53 #

This Driver adds records to a Route53 Hosted Zone pointing at the Load Balancer for the relevant cluster. The Driver will generate new unique subdomains.

This Driver can be used with environments running on different clusters.

For more information, see Route53

Static DNS #

The echo Driver type can be used to define static DNS names to be used for ingress.

As each workload that needs to be exposed requires a different DNS name the resource matching criteria used must exactly match the relevant workload.

Here is an example of the API call to create a Static Resource Definition where a workload called frontend-service in the production environment and will be exposed with the DNS name app.topicshare.com:

• CLI
• API

cat << EOF > fe-dns-name.yaml
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: fe-dns-name
entity:
  name: fe-dns-name
  type: dns
  driver_type: humanitec/echo
  driver_inputs:
    values:
      host: app.topicshare.com
  criteria:
  - app_id: topic-share
    env_id: production
    res_id: workloads.frontend-service
EOF

humctl create -f fe-dns-name.yaml
rm fe-dns-name.yaml

curl https://api.humanitec.io/orgs/${HUMANITEC_ORG}/resources/defs \
  -X POST \
  -H "Authorization: Bearer ${HUMANITEC_TOKEN}" \
  -H "Content-Type: application/json" \
  --data-binary '
{
  "id": "fe-dns-name",
  "type": "dns",
  "driver_type": "humanitec/echo",
  "driver_inputs": {
    "values": {
      "host": "app.topicshare.com"
    }
  },
  "criteria": [
    {
      "app_id": "topic-share",
      "env_id": "production",
      "res_id": "workloads.frontend-service"
    }
  ]
}'

where ${HUMANITEC_TOKEN} is an appropriate authentication token .

For information on TLS, see the TLS Certificates in the Security section.

Obtain the DNS name for a Deployment #

Use these commands to obtain the effective DNS name for a Deployment:

• Portal
• CLI

humctl get active-resources \
  --org ${HUMANITEC_ORG} \
  --app ${APP_ID} \
  --env ${ENV_ID} -o yaml \
  | yq -r '.[] | select(.metadata.type == "dns") | .status.resource.host'

humctl get active-resources \
  --org ${HUMANITEC_ORG} \
  --app ${APP_ID} \
  --env ${ENV_ID} -o json \
  | jq -r '.[] | select(.metadata.type == "dns") | .status.resource.host'

randomappname.newapp.io

For more information about implement Ingress in your Score file, see Routes.