Expose WGE/Gitops on a domain
AhmedSa-mir opened this issue · 2 comments
We need to:
- Expose the WGE/Gitops service on a domain using ingress. This would be easier for developers to deal with the cluster instead of port-forwarding the services.
- Estimate the cost for the domain.
- Think about how dex would be handled in this scenario.
Domain
We will manage subdomains on weave.works hosted zone which exists in the corp-fleet AWS account. Steve Fraser would setup this to work on all AWS accounts.
Dex
We can't automate registering dex domains with Google OIDC because Google does not expose an API to register a new Oauth callback in our Google account. That is done manually.
So the only solution is to have a centralized dex instance registered in our Google account Oauth and then we add dynamic dex clients whenever we create a new cluster. However, that means we need to create a kubernetes cluster for that centralized dex instance or we could run it on a ECS container.
We suggest that this should be implemented in the next phase of that provisioning tool, where we will have a centralized control plane that manages/monitors the provisioned clusters, so we can run the dex instance on it.
Currently, dex is working at localhost as mentioned in our docs and this does the job. We will tackle the domain feature in our next phase.
Domain is reserved in Weaveworks AWS account according to: https://github.com/weaveworks/corp/issues/3257. We should be good to go with the domain part.