Routing Incoming HTTPS Connections
Pods are not directly exposed to the internet by default. Instead they are connected to each other using a wireguard mesh network we call the vpc.
If you're familiar with docker networks or kubernetes, this will feel natural. The network is managed for you by the kraud control plane but does not intersect with other tenants networks. You cannot directly access a pod in a different account without going through a gateway.
Similarly you cannot directly acess pods from the internet. Instead we manage an ingress controller that routes traffics to your pods based on rules such as hostname and path or raw tcp port.
discovering your ingress
your cluster comes with a default ingress and domain managed by kraud.
routing your first service
docker compose does not have ingresses or services natively, so we generate them from tags.
the syntax is kr.ingress.{container-port}=https://{domain}/{path}
to use a subdomain of your default assigned ingress domain, use sub.* , i.e.
docker-compose.yaml | |
---|---|
docker does not have ingresses or services natively, so we generate them from tags.
the syntax is kr.ingress.{container-port}=https://{domain}/{path}
to use a subdomain of your default assigned ingress domain, use sub.* , i.e.
will make your container available at https://nginx.123123.1d.pt
using your own custom domain
A domain must be bound to an ingress before it is routed and it can only be bound to one ingress.
To bind add your own domain, use:
then add a CNAME record "web" to your "example.com" domain with the content being your ingress address, in this example "123123.1d.pt."
depending on your DNS provider, if you want to use the bare "example.com" on your ingress, you might have to use an ALIAS record.
Info
there may be a significant delay between adding the domain and it being available in routing. we first have to verify the cname was set correctly before routing traffic to avoid domain takeover attacks.
using a custom wildcard domain
adding a wildcard domain such as "*.example.com" allows routing in kraud ingress based on any subdomain of that wildcard without having to set a cname each time.
a host may then pick any subdomain