An Octelium Cluster requires public DNS to receive requests publicly over the internet for its public Services (read more here) and public anonymous Services (read more here). Since the Octelium Cluster uses a Kubernetes ingress to receive requests from the internet, all you need to do is to point your Services to that Kubernetes ingress public IP address.
You can get that public IP address once the Cluster is installed. The Cluster installs its own ingress during installation via an LoadBalancer kubernetes service that is used by a component called Ingress.
Managed Kubernetes deployments (e.g. AWS EKS, Linode LKE, etc...) automatically initialize a managed load balancer with a public IP address within seconds after the creation of LoadBalancer services.
Once the Cluster is installed, you will be able to obtain that IP address by using the kubectl get svc -n octelium octelium-ingress-dataplane command as follows:
# We obtain the public IP address used by the ingress service `octelium-ingress-dataplane`# in the `octelium` namespacekubectl get svc -n octelium octelium-ingress-dataplane# The IP address is located in the `EXTERNAL-IP` fieldNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEoctelium-ingress-dataplane LoadBalancer 1.2.3.4 <IP_ADDRESS_HERE> 443:32180/TCP 8h
Once you obtain that IP address value, you can use it in your DNS provider (e.g. Cloudflare, GoDaddy, Namecheap, etc...) to set public DNS entries to point all of your Cluster's public Services to that public IP address. You need to add 2 DNS entries to be able to use the Cluster after installation:
- An
Aentry to resolve<DOMAIN>to the VM/VPS's public IP address as follows:
| Entry Field | Value |
|---|---|
| Type | A |
| Name / Host | <DOMAIN> |
| Value | <PUBLIC_IP_ADDRESS> |
- A
CNAMEentry resolving the wildcard domain*.<DOMAIN>to<DOMAIN>. This entry effectively resolves all of the<DOMAIN>sub-domains to the VM/VPS public IP address. You simply need to set yourCNAMEDNS entry as follows:
| Entry Field | Value |
|---|---|
| Type | CNAME |
| Name / Host | *.<DOMAIN> |
| Value | <DOMAIN> |
QUIC Mode
Octelium uses WireGuard by default for tunneling the traffic between the Cluster and clients. This is the default and extremely recommended way. Moreover, Octelium currently supports a very experimental QUIC-based tunneling mode. Unlike in WireGuard where clients address the Cluster's Gateways directly by their IP addresses, QUIC uses TLS via the Cluster domain TLS certificate. Therefore, the octelium client addresses a Gateway's QUIC server by the public hostname of that Gateway assigned automatically by the Cluster. In other words, you need to create a public A or AAAA DNS record for every Gateway in order to be addressed publicly by the octelium clients. You can find the hostname used by a specific Gateway provided in the status.hostname field as well as the public IP addresses of that Gateway provided in the status.publicIPs[] array. Here is an example:
First, you might want to list the Cluster's Gateways as follows:
octeliumctl get gw
Then once you you get the specific Gateway name, you can use it to get more information about it as follows:
octeliumctl get gw <GATEWAY_NAME> -o yaml
Now you can find in the hostname field in status.hostname in the YAML output of the above command as follows:
1apiVersion: core/v12kind: Gateway3#....4status:5hostname: _gw-wa5us38r.example.com6# ....7publicIPs:8- 1.2.3.4
Once you obtain the hostname and public IP addresses of a certain Gateway, use them to create A or AAAA DNS records in your public DNS provider.