refined-bear-62276
01/30/2021, 11:52 PMbillowy-army-68599
01/31/2021, 12:04 AMnpm install
and then pass the service ip to a route53 record
https://www.pulumi.com/docs/reference/pkg/aws/route53/record/
and an ACM certificate
https://www.pulumi.com/docs/reference/pkg/aws/acm/certificate/refined-bear-62276
01/31/2021, 12:08 AMbillowy-army-68599
02/01/2021, 3:42 AMrefined-bear-62276
02/01/2021, 8:03 AMconst repository = new awsx.ecr.Repository(`${pkg.name}-repo`);
// // Invoke 'docker' to actually build the DockerFile that is in the 'app' folder relative to
// // this program. Once built, push that image up to our personal ECR repo.
const image = repository.buildAndPushImage({
dockerfile: "../apps/dedicated-game-server/Dockerfile",
context: "../",
cacheFrom: true,
});
// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("vpc", { numberOfAvailabilityZones: 2 });
// Create the EKS cluster itself and a deployment of the Kubernetes dashboard.
const cluster = new eks.Cluster("cluster", {
vpcId: vpc.id,
subnetIds: vpc.publicSubnetIds,
desiredCapacity: 1,
minSize: 1,
maxSize: 1,
});
// Create a NGINX Deployment and load balanced Service, running our app.
const appName = "kennywtf";
const appLabels = { appClass: appName };
const deployment = new k8s.apps.v1.Deployment(
`${appName}-dep`,
{
metadata: { labels: appLabels },
spec: {
replicas: 1,
selector: { matchLabels: appLabels },
template: {
metadata: { labels: appLabels },
spec: {
containers: [
{
name: appName,
image,
ports: [{ name: "http", containerPort: 8999 }],
},
],
},
},
},
},
{ provider: cluster.provider }
);
const service = new k8s.core.v1.Service(
`${appName}-svc`,
{
metadata: { labels: appLabels },
spec: {
type: "LoadBalancer",
ports: [
{ port: 80, targetPort: "http", name: "http" },
{ port: 443, targetPort: "http", name: "https" },
],
selector: appLabels,
},
},
{ provider: cluster.provider }
);
const certificate = new aws.acm.Certificate("sslCert", {
domainName,
subjectAlternativeNames: [],
validationMethod: "DNS",
});
// Create the necessary DNS records for ACM to validate ownership, and wait for it.
const sslCertValidationRecord = new aws.route53.Record(
"sslCertValidationRecord",
{
zoneId: hostedZoneId,
name: certificate.domainValidationOptions[0].resourceRecordName,
type: certificate.domainValidationOptions[0].resourceRecordType,
records: [certificate.domainValidationOptions[0].resourceRecordValue],
ttl: 10 * 60 /* 10 minutes */,
}
);
const sslCertValidationIssued = new aws.acm.CertificateValidation(
"sslCertValidationIssued",
{
certificateArn: certificate.arn,
validationRecordFqdns: [sslCertValidationRecord.fqdn],
}
);
const main = aws.elb.getHostedZoneId({});
const webDnsRecord = new aws.route53.Record(
"webDnsRecord",
{
name: domainName,
type: "A",
zoneId: hostedZoneId,
aliases: [
{
evaluateTargetHealth: true,
name: service.status.loadBalancer.ingress[0].hostname,
zoneId: main.then((main) => main.id),
},
],
},
{ dependsOn: sslCertValidationIssued }
);
// // Export the URL for the load balanced service.
export const url = service.status.loadBalancer.ingress[0].hostname;
export const ip = service.status.loadBalancer.ingress[0].ip;
in use: no
which is strange to mebillowy-army-68599
02/01/2021, 10:45 PMdomainName
from?refined-bear-62276
02/01/2021, 10:48 PMin use: yes
billowy-army-68599
02/01/2021, 11:00 PM<http://amazonaws.com|amazonaws.com>
name your ELB has?refined-bear-62276
02/01/2021, 11:04 PMbillowy-army-68599
02/01/2021, 11:32 PMconst webDnsRecord = new aws.route53.Record(
"webDnsRecord",
{
name: domainName,
type: "A",
zoneId: hostedZoneId,
aliases: [
{
evaluateTargetHealth: true,
name: service.status.loadBalancer.ingress[0].hostname,
zoneId: main.then((main) => main.id),
},
],
},
{ dependsOn: sslCertValidationIssued }
);
you're creating an A record to your service.status.loadBalancer.ingress[0].hostname
- make this a CNAME
, not an A
recordvalidationRecordFqdns: sslCertValidationRecord.apply(r => r.map(record => record.fqdn))