Tensorkube enables you to attach custom domains to your deployments and secure them with HTTPS using AWS Certificate Manager (ACM). Follow the steps below to configure your custom domain with TLS.

Overview

Setting up custom domains with TLS involves three main steps:

  1. Configuring a domain with AWS ACM.
  2. Adding the required DNS records to your domain name service.
  3. Attaching the configured domain to your deployment in Tensorkube.

Step 1: Configure Domain with AWS ACM

Run the following command to provision a wildcard SSL certificate for your domain using AWS ACM:

tensorkube domain configure --domain-name sub.example.org

This will set up a wildcard certificate for *.sub.example.org. You will receive a set of CNAME records that you need to add to your domain name service to validate your domain. This enables you to use all the subdomains under *.sub.example.org for your deployments. service.sub.example.org will be a valid example for your deployment.

Step 2: Add DNS Records

Once you run the above command, you will see a table of DNS records that need to be configured in your DNS provider (e.g., Cloudflare). Here’s an example of what the output might look like:

                                                            Required DNS Records
┏━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Type  ┃ Name                                            ┃ Value                                                                   ┃
┡━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CNAME │ _82cee38bc876e83ad58ac438.sub.example.org       │ _55d01e7ad23302sssss70274c2ae1d1b.ssyfvmchrl.acm-validations.aws        │
│ CNAME │ *.sub.example.org                               │ aade77bced52bsssss951b8a8b640a8f-1513ssw419.us-east-1.elb.amazonaws.com │
└───────┴─────────────────────────────────────────────────┴─────────────────────────────────────────────────────────────────────────┘

Make sure to add these DNS records to your domain registrar. If you’re using a service like Cloudflare, ensure that the proxy option is turned off to allow proper DNS resolution.

DNS Validation

To retrieve the required DNS records in case you need them later, use:

tensorkube domain get-validation-records --domain-name sub.example.org

Step 3: Attach Domain to Cluster

After setting up your DNS records, you need to connect your domain to the ACM certificate for TLS termination. Run:

tensorkube domain attach --domain-name sub.example.org

This step binds your load balancer to the ACM certificate, enabling HTTPS for connections.

Deploy with Custom Domain

Finally, to deploy your application with the configured domain:

tensorkube deploy --domain-name service.sub.example.org

By specifying —domain-name, you instruct Tensorkube to use the custom domain for your deployment. This also replaces the default subpath URL access with the specified subdomain, providing a cleaner, more professional endpoint secured with HTTPS.

Notes

  • Make sure your DNS changes are propagated. This can take some time, depending on your DNS provider.
  • Cloudflare users: Ensure the DNS records use “DNS Only” mode instead of “Proxied” to prevent any conflicts during verification. By following these steps, you’ll successfully set up a custom domain with HTTPS for your Tensorkube deployments, enhancing security and branding for your applications.
Job QueuesFinetuning