Questions on Deploying Applications on EKS with Istio for Multi-Tenancy

0

Hi, Everyone!

I’m deploying applications on EKS with Istio service mesh for multi-tenancy (Silo model). I have a few questions to deepen my understanding.

1.	From my testing experience on Minikube, I noticed a limitation with domain name depth. I could only use domains with up to 3 levels, e.g., repost.aws.com.

Is there a similar limitation for domain depth when using EKS?

2.	When setting up the local test environment with Minikube, I had to configure the /etc/hosts file for local cluster access. 

I believe this is necessary only for local testing, but I’d like to confirm whether a similar setup is needed on AWS.

3.	Do I need to configure Route 53 for NLB/ALB to handle Istio ingress?

-> I see domain setup for NLB / ALB is needed, but I need to clarify my question.

Thanks for any help!

profile picture
Cy_Choi
asked 2 months ago193 views
1 Answer
1
Accepted Answer

Hello Cy_Choi,

Kindly find the answers to your questions :- EKS follows standard DNS rules; issues with domain depth are likely related to specific DNS configurations rather than EKS itself. The /etc/hosts Configuration is Typically needed only for local setups (e.g., Minikube).

In AWS, DNS resolution is handled by AWS services and VPC DNS, configuring Route 53 is common for managing DNS records when using ALB/NLB with Istio ingress to ensure user-friendly domain names for your services.

When using an ALB or NLB with Istio ingress, you will often configure Route 53 to manage the DNS records for your application. You would create a Route 53 hosted zone for your domain and add DNS records pointing to the ALB/NLB. This allows you to use friendly domain names for accessing your services. Example: If you have an application app.example.com running behind an ALB, you’d create an A or CNAME record in Route 53 pointing to the ALB’s DNS name

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago
  • Hi, Adeleke, Thanks for the quick response! Here's one more question. Then I may need to configure the Route 53 record for ALB / NLB, Do I need to set it up for each tenant or I need to set up ALB for route 53 and that's it? (There might be listener rules for ALB)

  • About the listerner rule If you’re using a single ALB and need to handle traffic for multiple tenants, configure listener rules in the ALB to route based on the hostname.

    In a Single ALB/NLB Configure Route 53 with DNS records that point to the single ALB/NLB. Use listener rules in the ALB to route traffic based on hostname or URL path. In Multiple ALBs/NLBs it Create separate Route 53 DNS records for each ALB/NLB, each handling a different tenant’s traffic. The choice between a single ALB/NLB or multiple ALBs/NLBs depends on your isolation requirements and architectural preferences. Using a single ALB/NLB can simplify DNS management and reduce costs but may require more complex routing rules. Using multiple ALBs/NLBs can provide better isolation and security but at the cost of additional configuration and management.

    Let me know if this answers your questions and it does kindly accept the answer for other users to benefit

  • About Minikube there will be limitation because , it may not be the best tool for testing or simulating more complex Kubernetes clusters with multiple nodes, which are closer to the production environment but if you depoly ur solution on eks it will be ok

  • I appreciate your reply, Adeleke, It really helped me a lot!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions