Did you generate certs: https://github.com/authzed...
# spicedb
p
No - I was actually trying this in EKS , not for local development. And I just tired locally getting this
Copy code
prchowdh@prchowdh-ct:~/ecommerce/spicedb-operator/examples$ cp $MKCERTROOT/rootCA-key.pem ingress/tls.key
cp: cannot create regular file 'ingress/tls.key': No such file or directory
NB : K8 newbie
j
you probably won't want to use mkcert with a local CA on EKS, though I can't say for certain what you're trying to accomplish
you'll probably want to use cert-manager, AWS certificate manager, or just buy some certs
p
I have setup a eks cluster . Deployed spice db with operator . Trying to expose with ALB.
j
expose to where? the internet or trusted clients?
p
expose to internet .
j
ok then yeah you'll probably want real certs that map back to a widely trusted root CA
what are you using/planning to use for cluster ingress?
p
AWS ALB
is this what are you asking ?
j
yeah that's probably the default ingress type for AKS clusters
we use contour + envoy and don't use the built-in ingress
so I think the AWS ingress should support configuring the LB and issuing certs for you, but i'm not really sure
p
contour + envoy - if I need to use this in EKS , then what would be the steps.
j
this looks like the docs for trying to use ALB for ingress: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
Docs for getting started with contour: https://projectcontour.io/getting-started/
Guide for contour + LE + cert-manager: https://projectcontour.io/guides/cert-manager/
big thing to remember is that you're trying to expose a service of type GRPC, or HTTP/2 depending on the ingress type
2 Views