Title
j
Jake
01/06/2023, 7:07 PMp
Prchowdh
01/06/2023, 7:16 PMNo - I was actually trying this in EKS , not for local development. And I just tired locally getting this
prchowdh@prchowdh-ct:~/ecommerce/spicedb-operator/examples$ cp $MKCERTROOT/rootCA-key.pem ingress/tls.key
cp: cannot create regular file 'ingress/tls.key': No such file or directoryj
Jake
01/06/2023, 7:17 PMyou probably won't want to use mkcert with a local CA on EKS, though I can't say for certain what you're trying to accomplish
you'll probably want to use cert-manager, AWS certificate manager, or just buy some certs
p
Prchowdh
01/06/2023, 7:18 PMI have setup a eks cluster . Deployed spice db with operator . Trying to expose with ALB.
j
Jake
01/06/2023, 7:19 PMexpose to where? the internet or trusted clients?
p
Prchowdh
01/06/2023, 7:19 PMexpose to internet .
j
Jake
01/06/2023, 7:20 PMok then yeah you'll probably want real certs that map back to a widely trusted root CA
what are you using/planning to use for cluster ingress?
p
Prchowdh
01/06/2023, 7:20 PMAWS ALB
is this what are you asking ?
j
Jake
01/06/2023, 7:21 PMyeah that's probably the default ingress type for AKS clusters
we use contour + envoy and don't use the built-in ingress
so I think the AWS ingress should support configuring the LB and issuing certs for you, but i'm not really sure
p
Prchowdh
01/06/2023, 7:23 PMcontour + envoy - if I need to use this in EKS , then what would be the steps.
j
Jake
01/06/2023, 7:23 PMthis looks like the docs for trying to use ALB for ingress: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
Docs for getting started with contour: https://projectcontour.io/getting-started/
Guide for contour + LE + cert-manager: https://projectcontour.io/guides/cert-manager/
big thing to remember is that you're trying to expose a service of type GRPC, or HTTP/2 depending on the ingress type