cerc-io/snowballtools-base
11
0
Fork 3
Code Issues 11 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Support custom domains for deployments #47

New Issue
Open
opened 2025-01-29 12:07:32 +00:00 by prathamesh · 0 comments
prathamesh commented 2025-01-29 12:07:32 +00:00
Member
Copy Link

Current behaviour:

  • The deployer supports passing a custom domain for a deployment in the dns field in ApplicationDeploymentRequest record. The working was confirmed by performing a deployment with a custom domain with steps:
    • Pointed a domain to a selected deployer's IP (A record)
    • Published an ApplicationDeploymentRequest with dns set to the required domain: 
      {
  "id": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi",
  "names": null,
  "owners": [
    "B38CA96F4C86051383E4E4980D6E1C96EC7FC45D"
  ],
  "bondId": "5d82586d156fb6671a9170d92f930a72a49a29afb45e30e16fff2100e30776e2",
  "createTime": "2025-01-29T09:15:51Z",
  "expiryTime": "2026-01-29T09:15:51Z",
  "attributes": {
    "application": "lrn://laconic-deploy/applications/test-progressive-web-app@0.1.53",
    "config": {
      "env": {
        "CERC_WEBAPP_DEBUG": "0.1.53"
      }
    },
    "deployer": "lrn://vaasl-provider/deployers/webapp-deployer-api.apps.vaasl.io",
    "dns": "test-pwa.laconic.wireitin.com",
    "meta": {
      "note": "Added by Prathamesh @ Wednesday 29 January 2025 02:45:49 PM IST",
      "repository": "https://git.vdb.to/cerc-io/test-progressive-web-app",
      "repository_ref": "f06f0ce2844091a968fd0eda5d0b78dbaf929681"
    },
    "name": "@cerc-io/test-progressive-web-app@0.1.53",
    "payment": "F9DAFA60667417F425F0C2CC9EE221B432599920D98AEDF0528D793DE337B973",
    "type": "ApplicationDeploymentRequest",
    "version": "1.0.0"
  }
}
    • The deployer performed a deployment which worked out of the box.
  • The Laconic deploy app doesn't support specifying a custom domain when deploying an app. There is a non-functional Domains tab in the project settings (only in UI)

Proposed approach for supporting this feature:

  • Scenario: User wants to deploy an app to a custom domain through one of the deployers
  • User selects a deployer and performs the deployment as is being done currently
  • First deployment is done without custom domain
  • User goes into project settings and adds a domain:
    image
  • In the next step, user is instructed to create required records (A) for the domain:
    image
  • To determine the "value" (IP of SP), we add a new value field to DnsRecords that are being published on each deployment
  • In project Domains setting, we show the value/IP from DnsRecord corresponding to the latest deployment
  • A DNS record currently looks like this: 
    {
  "id": "bafyreicgf67whaovyzy3wge2zrpk5cbqsh4pd5xy6wli7w7ejeznswuxx4",
  "names": [
    "lrn://vaasl-provider/dns/test-pwa.laconic.wireitin.com"
  ],
  "owners": [
    "46FE04DA0600B6783F33BAEC0CBF4F967EF6A874"
  ],
  "bondId": "ddd8262fbfd682b7995af536ebcdff9e7a60ba68e481997e59cb85db20383004",
  "createTime": "2025-01-29T09:17:09Z",
  "expiryTime": "2026-01-29T09:17:09Z",
  "attributes": {
    "meta": {
      "so": "3b5846e6d52b4560a7d0900c20508c6c"
    },
    "name": "test-pwa.laconic.wireitin.com",
    "request": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi",
    "resource_type": "A",
    "type": "DnsRecord",
    "version": "0.0.1"
  }
}
  • On deployer side, the value field can be determined from the deployer config to set in all DnsRecords
  • Once a domain entry has been created, we will pass the configured domain as dns for further deployments in the project

Related findings:
If we perform a deployment with a custom domain before it has been pointed to the SP's IP, the TLS/certs setup doesn't seem to work and the URL never comes up.
Related logs from the SP server:

$ kubectl get pods
NAME                                                   READY   STATUS             RESTARTS            AGE
cm-acme-http-solver-j4tmv                              1/1     Running            0                   7m48s
...

---
$ kubectl logs -f cm-acme-http-solver-j4tmv
I0129 10:35:05.113712       1 solver.go:51] "starting listener" logger="cert-manager.acmesolver" expected_domain="test2-pwa.laconic.wireitin.com" expected_token="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw" expected_key="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw.6qQpkQLF5y323gsoQlOxZoIH6A1nIFjWY_3qdClEBzo" listen_port=8089

---
$ kubectl logs -l app=cert-manager -n cert-manager
...
I0129 11:00:24.508152       1 pod.go:59] "found one existing HTTP01 solver pod" logger="cert-manager.controller.http01.selfCheck.http01.ensurePod" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-j4tmv" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
I0129 11:00:24.508195       1 service.go:45] "found one existing HTTP01 solver Service for challenge resource" logger="cert-manager.controller.http01.selfCheck.http01.ensureService" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-ssgb7" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
I0129 11:00:24.508248       1 ingress.go:99] "found one existing HTTP01 solver ingress" logger="cert-manager.controller.http01.selfCheck.http01.ensureIngress" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-98pkt" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
...
Current behaviour: - The deployer supports passing a custom domain for a deployment in the `dns` field in `ApplicationDeploymentRequest` record. The working was confirmed by performing a deployment with a custom domain with steps: - Pointed a domain to a selected deployer's IP (`A` record) - Published an `ApplicationDeploymentRequest` with `dns` set to the required domain: ```bash { "id": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi", "names": null, "owners": [ "B38CA96F4C86051383E4E4980D6E1C96EC7FC45D" ], "bondId": "5d82586d156fb6671a9170d92f930a72a49a29afb45e30e16fff2100e30776e2", "createTime": "2025-01-29T09:15:51Z", "expiryTime": "2026-01-29T09:15:51Z", "attributes": { "application": "lrn://laconic-deploy/applications/test-progressive-web-app@0.1.53", "config": { "env": { "CERC_WEBAPP_DEBUG": "0.1.53" } }, "deployer": "lrn://vaasl-provider/deployers/webapp-deployer-api.apps.vaasl.io", "dns": "test-pwa.laconic.wireitin.com", "meta": { "note": "Added by Prathamesh @ Wednesday 29 January 2025 02:45:49 PM IST", "repository": "https://git.vdb.to/cerc-io/test-progressive-web-app", "repository_ref": "f06f0ce2844091a968fd0eda5d0b78dbaf929681" }, "name": "@cerc-io/test-progressive-web-app@0.1.53", "payment": "F9DAFA60667417F425F0C2CC9EE221B432599920D98AEDF0528D793DE337B973", "type": "ApplicationDeploymentRequest", "version": "1.0.0" } } ``` - The deployer performed a deployment which worked out of the box. - The [Laconic deploy app](https://deploy.laconic.com/) doesn't support specifying a custom domain when deploying an app. There is a non-functional `Domains` tab in the project settings (only in UI) --- Proposed approach for supporting this feature: - Scenario: User wants to deploy an app to a custom domain through one of the deployers - User selects a deployer and performs the deployment as is being done currently - First deployment is done without custom domain - User goes into project settings and adds a domain: ![image](/attachments/61b67388-22bf-4942-9c0f-dfd720107d37) - In the next step, user is instructed to create required records (`A`) for the domain: ![image](/attachments/13051d4a-174f-4f27-8b10-2e07e23cc6be) - To determine the "value" (IP of SP), we add a new `value` field to `DnsRecord`s that are being published on each deployment - In project Domains setting, we show the value/IP from `DnsRecord` corresponding to the latest deployment - A DNS record currently looks like this: ```bash { "id": "bafyreicgf67whaovyzy3wge2zrpk5cbqsh4pd5xy6wli7w7ejeznswuxx4", "names": [ "lrn://vaasl-provider/dns/test-pwa.laconic.wireitin.com" ], "owners": [ "46FE04DA0600B6783F33BAEC0CBF4F967EF6A874" ], "bondId": "ddd8262fbfd682b7995af536ebcdff9e7a60ba68e481997e59cb85db20383004", "createTime": "2025-01-29T09:17:09Z", "expiryTime": "2026-01-29T09:17:09Z", "attributes": { "meta": { "so": "3b5846e6d52b4560a7d0900c20508c6c" }, "name": "test-pwa.laconic.wireitin.com", "request": "bafyreihajytyofr3zadpuo27hd6hsbbdwu6umn5ri3gsfdsf7ma6mxdayi", "resource_type": "A", "type": "DnsRecord", "version": "0.0.1" } } ``` - On deployer side, the `value` field can be determined from the deployer config to set in all `DnsRecord`s - Once a domain entry has been created, we will pass the configured domain as `dns` for further deployments in the project --- Related findings: If we perform a deployment with a custom domain before it has been pointed to the SP's IP, the TLS/certs setup doesn't seem to work and the URL never comes up. Related logs from the SP server: ```bash $ kubectl get pods NAME READY STATUS RESTARTS AGE cm-acme-http-solver-j4tmv 1/1 Running 0 7m48s ... --- $ kubectl logs -f cm-acme-http-solver-j4tmv I0129 10:35:05.113712 1 solver.go:51] "starting listener" logger="cert-manager.acmesolver" expected_domain="test2-pwa.laconic.wireitin.com" expected_token="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw" expected_key="hemppk0781yTU4PEybIO4SGPve_R7WJYBACi5Q-XXqw.6qQpkQLF5y323gsoQlOxZoIH6A1nIFjWY_3qdClEBzo" listen_port=8089 --- $ kubectl logs -l app=cert-manager -n cert-manager ... I0129 11:00:24.508152 1 pod.go:59] "found one existing HTTP01 solver pod" logger="cert-manager.controller.http01.selfCheck.http01.ensurePod" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-j4tmv" related_resource_namespace="default" related_resource_kind="" related_resource_version="" I0129 11:00:24.508195 1 service.go:45] "found one existing HTTP01 solver Service for challenge resource" logger="cert-manager.controller.http01.selfCheck.http01.ensureService" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-ssgb7" related_resource_namespace="default" related_resource_kind="" related_resource_version="" I0129 11:00:24.508248 1 ingress.go:99] "found one existing HTTP01 solver ingress" logger="cert-manager.controller.http01.selfCheck.http01.ensureIngress" resource_name="laconic-e9cca71f179e7770-tls-1-1900169094-782279233" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="test2-pwa.laconic.wireitin.com" type="HTTP-01" related_resource_name="cm-acme-http-solver-98pkt" related_resource_namespace="default" related_resource_kind="" related_resource_version="" ... ```
image.png
107 KiB
image.png
159 KiB
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
  
Copied from Github

An issue or PR manually copied from GitHub.

  
Kind/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No Label
Copied from Github
Kind/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cerc-io/snowballtools-base#47
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?