Questions on Deploying Applications on EKS with Istio for Multi-Tenancy

0

Hi, Everyone!

I’m deploying applications on EKS with Istio service mesh for multi-tenancy (Silo model). I have a few questions to deepen my understanding.

1.	From my testing experience on Minikube, I noticed a limitation with domain name depth. I could only use domains with up to 3 levels, e.g., repost.aws.com.

Is there a similar limitation for domain depth when using EKS?

2.	When setting up the local test environment with Minikube, I had to configure the /etc/hosts file for local cluster access. 

I believe this is necessary only for local testing, but I’d like to confirm whether a similar setup is needed on AWS.

3.	Do I need to configure Route 53 for NLB/ALB to handle Istio ingress?

-> I see domain setup for NLB / ALB is needed, but I need to clarify my question.

Thanks for any help!

profile picture
질문됨 3달 전219회 조회
1개 답변
1
수락된 답변

Hello Cy_Choi,

Kindly find the answers to your questions :- EKS follows standard DNS rules; issues with domain depth are likely related to specific DNS configurations rather than EKS itself. The /etc/hosts Configuration is Typically needed only for local setups (e.g., Minikube).

In AWS, DNS resolution is handled by AWS services and VPC DNS, configuring Route 53 is common for managing DNS records when using ALB/NLB with Istio ingress to ensure user-friendly domain names for your services.

When using an ALB or NLB with Istio ingress, you will often configure Route 53 to manage the DNS records for your application. You would create a Route 53 hosted zone for your domain and add DNS records pointing to the ALB/NLB. This allows you to use friendly domain names for accessing your services. Example: If you have an application app.example.com running behind an ALB, you’d create an A or CNAME record in Route 53 pointing to the ALB’s DNS name

profile picture
전문가
답변함 3달 전
profile picture
전문가
검토됨 3달 전
profile pictureAWS
전문가
검토됨 3달 전
  • Hi, Adeleke, Thanks for the quick response! Here's one more question. Then I may need to configure the Route 53 record for ALB / NLB, Do I need to set it up for each tenant or I need to set up ALB for route 53 and that's it? (There might be listener rules for ALB)

  • About the listerner rule If you’re using a single ALB and need to handle traffic for multiple tenants, configure listener rules in the ALB to route based on the hostname.

    In a Single ALB/NLB Configure Route 53 with DNS records that point to the single ALB/NLB. Use listener rules in the ALB to route traffic based on hostname or URL path. In Multiple ALBs/NLBs it Create separate Route 53 DNS records for each ALB/NLB, each handling a different tenant’s traffic. The choice between a single ALB/NLB or multiple ALBs/NLBs depends on your isolation requirements and architectural preferences. Using a single ALB/NLB can simplify DNS management and reduce costs but may require more complex routing rules. Using multiple ALBs/NLBs can provide better isolation and security but at the cost of additional configuration and management.

    Let me know if this answers your questions and it does kindly accept the answer for other users to benefit

  • About Minikube there will be limitation because , it may not be the best tool for testing or simulating more complex Kubernetes clusters with multiple nodes, which are closer to the production environment but if you depoly ur solution on eks it will be ok

  • I appreciate your reply, Adeleke, It really helped me a lot!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠