Skip to Content
Product Information
Author's profile photo Saatae Issa

New with SAP BTP, Kyma Runtime: Seamlessly connect your website or microservice to a custom domain using Istio Service Mesh

With SAP BTP, Kyma Runtime, you can now connect your service to a custom domain using Istio Service Mesh in a breeze.

Steps to connect your custom domain

1. Register your domain name with a domain registrar

2. Create a Kubernetes Secret with the credentials of your DNS Provider

3. Create a DNS Provider custom resource

4. Create a DNS Entry custom resource

5. Create an Issuer — For example, Let’s Encrypt (using ACME protocol) — “a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG)[1]

6. Create a Certificate with the Issuer

7. Create an Istio Ingress Gateway using the Certificate

8. Create an API Rule to expose your service with the Istio Ingress Gateway — that automatically creates an Istio Virtual Service bound to the Istio Ingress Gateway, which connects your Kubernetes service to the Istio Ingress Gateway

Register your domain name with a domain registrar

Currently, the DNS Providers listed below are supported.

  • Alibaba Cloud
  • Amazon Route 53
  • Azure
  • Google Cloud
  • OpenStack Designate
  • Cloudflare
  • Infoblox
  • Netlify

If your DNS Provider isn’t included in the above list, you can either transfer your domain to one of the above DNS Providers or you can add your domain to Cloudflare without having to transfer it.

Create a Kubernetes Secret with the credentials of your DNS Provider

After registering your domain, you’ll need to create a Kubernetes Secret that is required to create a DNS Provider custom resource for your DNS Provider.

The Secret needs to have the credentials required to allow the DNS controller manager used by Kyma to authenticate to your DNS Provider and to manage your DNS records.

The steps to create the Secret for each supported DNS Provider are described in the documentation pages listed below.

An example demonstrating all the steps

Refer to the following example for the detailed steps along with screenshots to connect your service to a custom domain:

Connect your web app running on Kyma Runtime to a domain via Cloudflare

Note: This example is part of the following blog post: Going Jamstack with Kyma Runtime & building a high-performance web app

Conclusion

The user interface of the Kyma console makes it very easy to connect a custom domain to a website or microservice running on Kyma Runtime.

You also benefit from Istio security features that help fully secure your website. As per the Istio documentation, “The Istio security features provide strong identity, powerful policy, transparent TLS encryption, and authentication, authorization and audit (AAA) tools to protect your services and data.”[2]

As a next step, you could start by connecting a domain to your service running on Kyma Runtime using a free SAP BTP Trial account by following the steps shared in the example shared above. After that, you could explore the features of Istio Ingress Gateway such as applying monitoring and route rules to traffic entering the cluster. You could also explore Istio service mesh further with reference to the resources listed in the Further Readings section below.

Kindly provide your feedback or feel free to ask clarifying questions related to this post in the comment section below. Additionally, I’d like to invite you to submit any broader Kyma related questions in the Q&A area of the SAP BTP, Kyma runtime topic.

If the SAP BTP, Kyma runtime topic interests you, here are some other links that you may like:

Lastly, if you liked this post, kindly hit the like icon, leave a comment below or share this post. Thank you!

References

  1. Let’s Encrypt
  2. Istio / Security

Further Readings

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.