Code for Life
Search…
Cluster Setup
Internal use only.

Reserving a static external IP address for a cluster

The load balancer IP needs to be static in order to be resolved to a single DNS address. The whole setup process won't have to be done again but for reference:
  • Go to VPC Networks -> External IP addresses in the Google Cloud Platform UI and reserve a static IP address with the name [env]-aimmo-ingress
  • In your appengine project, open the ingress.yaml file and make sure that the following complies:
    • In metadata:annotations kubernetes.io/ingress.global-static-ip-name: [env]-aimmo-ingress is set.
    • Ensure the spec:host entry is made for this domain in the ingress. For example - host: default-aimmo.codeforlife.education
  • Make a ANAME record in the DNS server to attatch it to that IP address that was reserved. Make sure this domain is [env]-aimmo.codeforlife.education.

Securing the cluster with SSL

When settings the above DNS, you should generate/obtain appropriate CA, cert and key files. To now secure your domain you should:
  • In file ingress.yaml on the appengine project, the section spec:rules should contain:
    1
    tls:
    2
    - hosts:
    3
    - [env]-aimmo.codeforlife.education
    4
    secretName: ssl-cert-secret
    Copied!
  • In your terminal, go to the directory that contains the above mentioned files and use the following to generate the secret: kubectl create secret tls foo-secret --key=/tmp/tls.key --cert=/tmp/tls.crt. This will require correct authentication which is described above.
  • The downtime between deleting the old ssl-cert-secret on a cluster and creating a new one will hang the game creator as it will not receive information since a certificate authority issue will occur. The solution for this is to delete the game creator pod which will reinstantiate all the games and workers from scratch.
Last modified 4mo ago