Migrating your application URL from live-1 to non-cluster specific domain
Background
Following the decommissioning of Cloud Platform live-1 Kubernetes cluster, we are now looking to ensure that all services currently running have their domain URL migrate to non-cluster specific domain *.apps.cloud-platform.service.justice.gov.uk. Please read our ADR on Domain names
We are asking all users of the platform to check/update their Kubernetes deployments and or Helm Charts to reflect this change, prior to the removal of the *.apps.live-1.cloud-platform.services.justice.gov.uk Route53 hosted zone in the near future.
Do I need to update my application domain?
To check whether you have a Cloud Platform hosted application still configured to use the live-1 domain, please consult this page.
Steps to follow
IMPORTANT: Switching your domain over will incur a short delay due to DNS propagation. We strongly advise you to test in non-production environments before making the change on any production environments.
If you wish to test your new non-cluster specific hostname is resolvable before deleting your
live-1hostname, you can follow these steps described further down in this guide.
To view your current domain URL for your given deployment, run the following kubectl command:
kubectl --namespace <namespace> get ingress
and take note of the URL shown under HOSTS:
HOSTS
my-application.apps.live-1.cloud-platform.service.justice.gov.uk
Resources deployed using kubectl
If you are using standard Kubernetes deployment manifests, your ingress manifest should look similar to the following:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloworld
annotations:
external-dns.alpha.kubernetes.io/set-identifier: helloworld-mynamespace-green
external-dns.alpha.kubernetes.io/aws-weight: "100"
spec:
tls:
ingressClassName: default
- hosts:
- my-application.apps.live-1.cloud-platform.service.justice.gov.uk
rules:
- host: my-application.apps.live-1.cloud-platform.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: helloworld
port:
number: 4567
Update your manifest to use the live domain:
- Change the
hostsvalue underspec,tlstomy-application.apps.cloud-platform.service.justice.gov.uk - Change the
hostvalue underspec,rulestomy-application.apps.cloud-platform.service.justice.gov.uk
Your manifest should appear like below after these changes:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloworld
annotations:
external-dns.alpha.kubernetes.io/set-identifier: helloworld-mynamespace-green
external-dns.alpha.kubernetes.io/aws-weight: "100"
spec:
tls:
ingressClassName: default
- hosts:
- my-application.apps.cloud-platform.service.justice.gov.uk
rules:
- host: my-application.apps.cloud-platform.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: helloworld
port:
number: 4567
To apply your changes:
kubectl apply --filename ingress.yaml --namespace <namespace>
Resources deployed using Helm
If your ingress manifest looks similar to below:
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "app.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "app.labels" . | nindent 4 }}
annotations:
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: default
tls:
{{- range .Values.ingress.hosts }}
- hosts:
- {{ .host }}
{{ if .cert_secret }}secretName: {{ .cert_secret }}{{ end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host }}
http:
paths:
- path: {{ $ingressPath }}
pathType: ImplementationSpecific
backend:
service:
name: {{ $fullName }}
port:
name: http
{{- end }}
{{- end }}
You are looking to change the value of host within your Helm chart values.yaml:
ingress:
...
...
hosts:
- host: my-application.apps.live-1.cloud-platform.service.justice.gov.uk
Afterwards, your values.yaml should look similar to the following:
ingress:
...
...
hosts:
- host: my-application.apps.cloud-platform.service.justice.gov.uk
To apply your changes via Helm:
helm upgrade -f <values-file.yaml> <your-release> <your-chart> --namespace <your-namespace>
Check everything is working
Once you applied your updates you should be able to check that your ingress has been updated by visiting your URL on your web browser.
Staged migration
You can edit your ingress to temporarily contain both live-1 and non-cluster specific hostnames, removing the old hostname once you are able to resolve via the new hostname.
For standard Kubernetes manifests, this can be achieved as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloworld
annotations:
external-dns.alpha.kubernetes.io/set-identifier: helloworld-mynamespace-green
external-dns.alpha.kubernetes.io/aws-weight: "100"
spec:
tls:
ingressClassName: default
- hosts:
- my-application.apps.cloud-platform.service.justice.gov.uk
rules:
- host: my-application.apps.live-1.cloud-platform.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: helloworld
port:
number: 4567
- host: my-application.apps.cloud-platform.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: helloworld
port:
number: 4567
And running:
kubectl apply --filename ingress.yaml --namespace <namespace>
Once you are satisfied that the new hostname is working, remove the host: block for live-1, and run the above apply command again.
- host: my-application.apps.live-1.cloud-platform.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: helloworld
port:
number: 4567
Getting help
If you have any questions, please contact us on #ask-cloud-platform Slack channel.