Configure External DNS Alias and automatically get Equinor certificate
An application can be configured to use external DNS aliases, in addition to the automatically generated domain names, provided you register the DNS record and optionally bring the corresponding TLS certificate into Radix. Traffic routing is configured in dnsExternalAlias
in radixconfig.yaml
.
An application can be configured to use external DNS aliases, in addition to the automatically generated domain names, provided you register the DNS record and bring the corresponding TLS certificate into Radix. Traffic routing is configured in dnsExternalAlias
in radixconfig.yaml
.
The external DNS record must point to the public name of a component, to the app default alias or to the app alias.
useCertificateAutomation
in dnsExternalAlias
controls if the TLS certificate is automatically managed by Radix, or manually by you.
Acquire a DNS record in the equinor.com zone
The process for setting up the DNS record depends on the service used to register and manage the DNS zone. This guide assumes registration of a DNS record in the equinor.com
zone, but you should be able to adapt the instructions to a third-party provider.
- Open the Services@Equinor portal and find the service "Domain name system (DNS)"
- Select option
New
inSelect service
- In
Where should the DNS record be added, changed or deleted?
, select if you only needInternal DNS Service
(accessible only from Equinor internal network) orInternal and external DNS service
(accessible from both Equinor internal network and Internet). - Enter the host name in
Host name
(exclude.equinor.com
suffix). - Select
CNAME
in theType
drop down. - In the
Data (IP or FQDN)
field, enter the public name, app default alias or app alias for which the new DNS record should point to.
Select service:
New
Where should the DNS record be added, changed or deleted?:
Internal and external DNS service
Host name:
myapp
Type:
CNAME
Data (IP or FQDN):
frontend-myapp-prod.radix.equinor.com
Configure certificate automation service
Configure dnsExternalAlias
in radixonfig.yaml
Add the alias to dnsExternalAlias
in radixconfig.yaml. You can add multiple entries as long as the alias
value is unique. The referenced environment must be re-deployed in order for the changes to take effect.
If useCertificateAutomation
is true
, the external DNS record must be created in order for Radix to start the automatic certificate issuing process. digicert.com
must also be authorized (from CAA records) to issue certificates to the alias
. You can use an online tool like Entrust CAA Lookup to check this.
apiVersion: radix.equinor.com/v1
kind: RadixApplication
metadata:
name: myapp
spec:
...
dnsExternalAlias:
- alias: myapp.equinor.com
component: frontend
environment: prod
useCertificateAutomation: false|true
You can also add and maintain the certificates manually