New with SAP BTP, Kyma Runtime: Seamlessly connect your website or microservice to a custom domain using Istio Service Mesh
With SAP BTP, Kyma Runtime, you can now connect your service to a custom domain using Istio Service Mesh in a breeze.
Steps to connect your custom domain
1. Register your domain name with a domain registrar
2. Create a Kubernetes Secret with the credentials of your DNS Provider
3. Create a DNS Provider custom resource
4. Create a DNS Entry custom resource
6. Create a Certificate with the Issuer
7. Create an Istio Ingress Gateway using the Certificate
8. Create an API Rule to expose your service with the Istio Ingress Gateway — that automatically creates an Istio Virtual Service bound to the Istio Ingress Gateway, which connects your Kubernetes service to the Istio Ingress Gateway
Register your domain name with a domain registrar
Currently, the DNS Providers listed below are supported.
- Alibaba Cloud
- Amazon Route 53
- Google Cloud
- OpenStack Designate
If your DNS Provider isn’t included in the above list, you can either transfer your domain to one of the above DNS Providers or you can add your domain to Cloudflare without having to transfer it.
Create a Kubernetes Secret with the credentials of your DNS Provider
After registering your domain, you’ll need to create a Kubernetes Secret that is required to create a DNS Provider custom resource for your DNS Provider.
The Secret needs to have the credentials required to allow the DNS controller manager used by Kyma to authenticate to your DNS Provider and to manage your DNS records.
The steps to create the Secret for each supported DNS Provider are described in the documentation pages listed below.
- AliCloud DNS Provider
- AWS Route 53 DNS Provider
- Azure DNS Provider
- Google Cloud DNS Provider
- OpenStack Designate Provider
- Cloudflare DNS Provider
- Infoblox Provider
- Netlify DNS Provider
An example demonstrating all the steps
Refer to the following example for the detailed steps along with screenshots to connect your service to a custom domain:
Note: This example is part of the following blog post: Going Jamstack with Kyma Runtime & building a high-performance web app
The user interface of the Kyma console makes it very easy to connect a custom domain to a website or microservice running on Kyma Runtime.
You also benefit from Istio security features that help fully secure your website. As per the Istio documentation, “The Istio security features provide strong identity, powerful policy, transparent TLS encryption, and authentication, authorization and audit (AAA) tools to protect your services and data.”
As a next step, you could start by connecting a domain to your service running on Kyma Runtime using a free SAP BTP Trial account by following the steps shared in the example shared above. After that, you could explore the features of Istio Ingress Gateway such as applying monitoring and route rules to traffic entering the cluster. You could also explore Istio service mesh further with reference to the resources listed in the Further Readings section below.
Kindly provide your feedback or feel free to ask clarifying questions related to this post in the comment section below. Additionally, I’d like to invite you to submit any broader Kyma related questions in the Q&A area of the SAP BTP, Kyma runtime topic.
If the SAP BTP, Kyma runtime topic interests you, here are some other links that you may like:
Lastly, if you liked this post, kindly hit the like icon, leave a comment below or share this post. Thank you!
- Kyma API Exposure: Use a custom domain to expose a service
- Gardener External DNS Management
- Gardener Certificate Management
- Istio service mesh
- Istio Ingress Gateway
- Istio Virtual Service
- Pluralsight course: Managing Apps on Kubernetes with Istio
- Getting Started with Istio Service Mesh: Manage Microservices in Kubernetes By Rahul Sharma , and Avinash Singh
- Mastering Service Mesh By Anjali Khatri, Vikram Khatri