https://authzed.com logo
Title
p

Prchowdh

01/06/2023, 7:16 PM
No - I was actually trying this in EKS , not for local development. And I just tired locally getting this
prchowdh@prchowdh-ct:~/ecommerce/spicedb-operator/examples$ cp $MKCERTROOT/rootCA-key.pem ingress/tls.key
cp: cannot create regular file 'ingress/tls.key': No such file or directory
NB : K8 newbie
j

Jake

01/06/2023, 7:17 PM
you probably won't want to use mkcert with a local CA on EKS, though I can't say for certain what you're trying to accomplish
you'll probably want to use cert-manager, AWS certificate manager, or just buy some certs
p

Prchowdh

01/06/2023, 7:18 PM
I have setup a eks cluster . Deployed spice db with operator . Trying to expose with ALB.
j

Jake

01/06/2023, 7:19 PM
expose to where? the internet or trusted clients?
p

Prchowdh

01/06/2023, 7:19 PM
expose to internet .
j

Jake

01/06/2023, 7:20 PM
ok then yeah you'll probably want real certs that map back to a widely trusted root CA
what are you using/planning to use for cluster ingress?
p

Prchowdh

01/06/2023, 7:20 PM
AWS ALB
is this what are you asking ?
j

Jake

01/06/2023, 7:21 PM
yeah that's probably the default ingress type for AKS clusters
we use contour + envoy and don't use the built-in ingress
so I think the AWS ingress should support configuring the LB and issuing certs for you, but i'm not really sure
p

Prchowdh

01/06/2023, 7:23 PM
contour + envoy - if I need to use this in EKS , then what would be the steps.
j

Jake

01/06/2023, 7:23 PM
this looks like the docs for trying to use ALB for ingress: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
Docs for getting started with contour: https://projectcontour.io/getting-started/
Guide for contour + LE + cert-manager: https://projectcontour.io/guides/cert-manager/
big thing to remember is that you're trying to expose a service of type GRPC, or HTTP/2 depending on the ingress type