Support custom domains for deployments #47

Open
opened 2025-01-29 12:07:32 +00:00 by prathamesh · 0 comments
Member

Current behaviour:

  • The deployer supports passing a custom domain for a deployment in the dns field in ApplicationDeploymentRequest record. The working was confirmed by performing a deployment with a custom domain with steps:
    • Pointed a domain to a selected deployer's IP (A record)
    • Published an ApplicationDeploymentRequest with dns set to the required domain:
      {
        "id": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi",
        "names": null,
        "owners": [
          "B38CA96F4C86051383E4E4980D6E1C96EC7FC45D"
        ],
        "bondId": "5d82586d156fb6671a9170d92f930a72a49a29afb45e30e16fff2100e30776e2",
        "createTime": "2025-01-29T09:15:51Z",
        "expiryTime": "2026-01-29T09:15:51Z",
        "attributes": {
          "application": "lrn://laconic-deploy/applications/test-progressive-web-app@0.1.53",
          "config": {
            "env": {
              "CERC_WEBAPP_DEBUG": "0.1.53"
            }
          },
          "deployer": "lrn://vaasl-provider/deployers/webapp-deployer-api.apps.vaasl.io",
          "dns": "test-pwa.laconic.wireitin.com",
          "meta": {
            "note": "Added by Prathamesh @ Wednesday 29 January 2025 02:45:49 PM IST",
            "repository": "https://git.vdb.to/cerc-io/test-progressive-web-app",
            "repository_ref": "f06f0ce2844091a968fd0eda5d0b78dbaf929681"
          },
          "name": "@cerc-io/test-progressive-web-app@0.1.53",
          "payment": "F9DAFA60667417F425F0C2CC9EE221B432599920D98AEDF0528D793DE337B973",
          "type": "ApplicationDeploymentRequest",
          "version": "1.0.0"
        }
      }
      
    • The deployer performed a deployment which worked out of the box.
  • The Laconic deploy app doesn't support specifying a custom domain when deploying an app. There is a non-functional Domains tab in the project settings (only in UI)

Proposed approach for supporting this feature:

  • Scenario: User wants to deploy an app to a custom domain through one of the deployers
  • User selects a deployer and performs the deployment as is being done currently
  • First deployment is done without custom domain
  • User goes into project settings and adds a domain:
    image
  • In the next step, user is instructed to create required records (A) for the domain:
    image
  • To determine the "value" (IP of SP), we add a new value field to DnsRecords that are being published on each deployment
  • In project Domains setting, we show the value/IP from DnsRecord corresponding to the latest deployment
  • A DNS record currently looks like this:
    {
      "id": "bafyreicgf67whaovyzy3wge2zrpk5cbqsh4pd5xy6wli7w7ejeznswuxx4",
      "names": [
        "lrn://vaasl-provider/dns/test-pwa.laconic.wireitin.com"
      ],
      "owners": [
        "46FE04DA0600B6783F33BAEC0CBF4F967EF6A874"
      ],
      "bondId": "ddd8262fbfd682b7995af536ebcdff9e7a60ba68e481997e59cb85db20383004",
      "createTime": "2025-01-29T09:17:09Z",
      "expiryTime": "2026-01-29T09:17:09Z",
      "attributes": {
        "meta": {
          "so": "3b5846e6d52b4560a7d0900c20508c6c"
        },
        "name": "test-pwa.laconic.wireitin.com",
        "request": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi",
        "resource_type": "A",
        "type": "DnsRecord",
        "version": "0.0.1"
      }
    }
    
  • On deployer side, the value field can be determined from the deployer config to set in all DnsRecords
  • Once a domain entry has been created, we will pass the configured domain as dns for further deployments in the project

Related findings:
If we perform a deployment with a custom domain before it has been pointed to the SP's IP, the TLS/certs setup doesn't seem to work and the URL never comes up.
Related logs from the SP server:

$ kubectl get pods
NAME                                                   READY   STATUS             RESTARTS            AGE
cm-acme-http-solver-j4tmv                              1/1     Running            0                   7m48s
...

---
$ kubectl logs -f cm-acme-http-solver-j4tmv
I0129 10:35:05.113712       1 solver.go:51] "starting listener" logger="cert-manager.acmesolver" expected_domain="test2-pwa.laconic.wireitin.com" expected_token="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw" expected_key="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw.6qQpkQLF5y323gsoQlOxZoIH6A1nIFjWY_3qdClEBzo" listen_port=8089

---
$ kubectl logs -l app=cert-manager -n cert-manager
...
I0129 11:00:24.508152       1 pod.go:59] "found one existing HTTP01 solver pod" logger="cert-manager.controller.http01.selfCheck.http01.ensurePod" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-j4tmv" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
I0129 11:00:24.508195       1 service.go:45] "found one existing HTTP01 solver Service for challenge resource" logger="cert-manager.controller.http01.selfCheck.http01.ensureService" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-ssgb7" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
I0129 11:00:24.508248       1 ingress.go:99] "found one existing HTTP01 solver ingress" logger="cert-manager.controller.http01.selfCheck.http01.ensureIngress" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-98pkt" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
...
Current behaviour: - The deployer supports passing a custom domain for a deployment in the `dns` field in `ApplicationDeploymentRequest` record. The working was confirmed by performing a deployment with a custom domain with steps: - Pointed a domain to a selected deployer's IP (`A` record) - Published an `ApplicationDeploymentRequest` with `dns` set to the required domain: ```bash { "id": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi", "names": null, "owners": [ "B38CA96F4C86051383E4E4980D6E1C96EC7FC45D" ], "bondId": "5d82586d156fb6671a9170d92f930a72a49a29afb45e30e16fff2100e30776e2", "createTime": "2025-01-29T09:15:51Z", "expiryTime": "2026-01-29T09:15:51Z", "attributes": { "application": "lrn://laconic-deploy/applications/test-progressive-web-app@0.1.53", "config": { "env": { "CERC_WEBAPP_DEBUG": "0.1.53" } }, "deployer": "lrn://vaasl-provider/deployers/webapp-deployer-api.apps.vaasl.io", "dns": "test-pwa.laconic.wireitin.com", "meta": { "note": "Added by Prathamesh @ Wednesday 29 January 2025 02:45:49 PM IST", "repository": "https://git.vdb.to/cerc-io/test-progressive-web-app", "repository_ref": "f06f0ce2844091a968fd0eda5d0b78dbaf929681" }, "name": "@cerc-io/test-progressive-web-app@0.1.53", "payment": "F9DAFA60667417F425F0C2CC9EE221B432599920D98AEDF0528D793DE337B973", "type": "ApplicationDeploymentRequest", "version": "1.0.0" } } ``` - The deployer performed a deployment which worked out of the box. - The [Laconic deploy app](https://deploy.laconic.com/) doesn't support specifying a custom domain when deploying an app. There is a non-functional `Domains` tab in the project settings (only in UI) --- Proposed approach for supporting this feature: - Scenario: User wants to deploy an app to a custom domain through one of the deployers - User selects a deployer and performs the deployment as is being done currently - First deployment is done without custom domain - User goes into project settings and adds a domain: ![image](/attachments/61b67388-22bf-4942-9c0f-dfd720107d37) - In the next step, user is instructed to create required records (`A`) for the domain: ![image](/attachments/13051d4a-174f-4f27-8b10-2e07e23cc6be) - To determine the "value" (IP of SP), we add a new `value` field to `DnsRecord`s that are being published on each deployment - In project Domains setting, we show the value/IP from `DnsRecord` corresponding to the latest deployment - A DNS record currently looks like this: ```bash { "id": "bafyreicgf67whaovyzy3wge2zrpk5cbqsh4pd5xy6wli7w7ejeznswuxx4", "names": [ "lrn://vaasl-provider/dns/test-pwa.laconic.wireitin.com" ], "owners": [ "46FE04DA0600B6783F33BAEC0CBF4F967EF6A874" ], "bondId": "ddd8262fbfd682b7995af536ebcdff9e7a60ba68e481997e59cb85db20383004", "createTime": "2025-01-29T09:17:09Z", "expiryTime": "2026-01-29T09:17:09Z", "attributes": { "meta": { "so": "3b5846e6d52b4560a7d0900c20508c6c" }, "name": "test-pwa.laconic.wireitin.com", "request": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi", "resource_type": "A", "type": "DnsRecord", "version": "0.0.1" } } ``` - On deployer side, the `value` field can be determined from the deployer config to set in all `DnsRecord`s - Once a domain entry has been created, we will pass the configured domain as `dns` for further deployments in the project --- Related findings: If we perform a deployment with a custom domain before it has been pointed to the SP's IP, the TLS/certs setup doesn't seem to work and the URL never comes up. Related logs from the SP server: ```bash $ kubectl get pods NAME READY STATUS RESTARTS AGE cm-acme-http-solver-j4tmv 1/1 Running 0 7m48s ... --- $ kubectl logs -f cm-acme-http-solver-j4tmv I0129 10:35:05.113712 1 solver.go:51] "starting listener" logger="cert-manager.acmesolver" expected_domain="test2-pwa.laconic.wireitin.com" expected_token="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw" expected_key="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw.6qQpkQLF5y323gsoQlOxZoIH6A1nIFjWY_3qdClEBzo" listen_port=8089 --- $ kubectl logs -l app=cert-manager -n cert-manager ... I0129 11:00:24.508152 1 pod.go:59] "found one existing HTTP01 solver pod" logger="cert-manager.controller.http01.selfCheck.http01.ensurePod" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-j4tmv" related_resource_namespace="default" related_resource_kind="" related_resource_version="" I0129 11:00:24.508195 1 service.go:45] "found one existing HTTP01 solver Service for challenge resource" logger="cert-manager.controller.http01.selfCheck.http01.ensureService" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-ssgb7" related_resource_namespace="default" related_resource_kind="" related_resource_version="" I0129 11:00:24.508248 1 ingress.go:99] "found one existing HTTP01 solver ingress" logger="cert-manager.controller.http01.selfCheck.http01.ensureIngress" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-98pkt" related_resource_namespace="default" related_resource_kind="" related_resource_version="" ... ```
107 KiB
159 KiB
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cerc-io/snowballtools-base#47
No description provided.