The following guide demonstrates how to integrate a Wallaroo Enterprise instance with an organization’s DNS. DNS services integration is required for Wallaroo Enterprise edition. It is not required for Wallaroo Community. This guide is indented to assist organizations complete their Wallaroo Enterprise installation, and can be used as a reference if changes to the DNS services are modified and updates to the Wallaroo Enterprise instance are required.
DNS services integration is required for Wallaroo Enterprise to provide access to the various supporting services that are part of the Wallaroo instance. These include:
This guide is not intended for Wallaroo Community, as those DNS entries are managed by Wallaroo during the installation. For more information on installing Wallaroo Community, see the Wallaroo Community Install Guides.
Once integrated, users can access the following services directly from a URL starting with the suffix domain
- this is the domain name where other DNS entries are appended to. For example, if the suffix domain
is sales.example.com
, then the other services would be referenced by https://api.sales.sample.com
, etc.
Note that even when accessing specific Wallaroo services directly that the user must still be authenticated through Wallaroo.
Service | DNS Entry | Description |
---|---|---|
Wallaroo Dashboard | suffix domain | Provides access to a user interface for updating workspaces, pipelines, and models. Also provides access to the integrated JupyterHub service. |
JupyterHub | jupyterhub | Allows the use of Jupyter Notebooks and access to the Wallaroo SDK. |
API | api | Provides access to the Wallaroo API. |
Keycloak | keycloak | Keycloak provides user management to the Wallaroo instance. |
Connections to Wallaroo services are provided as https://service.{suffix domain}. For example, if the domain suffix is wallaroo.example.com
then the URLs to access the various Wallaroo services would be:
https://wallaroo.example.com
https://jupyter.wallaroo.example.com
https://api.wallaroo.example.com
https://keycloak.wallaroo.example.com
For most organizations that install Wallaroo into a cloud based Kubernetes cluster such as Microsoft Azure, AWS, etc the external IP address is tied to Wallaroo Loadbalancer service. This can be retrieved with the kubectl
command as follows:
Retrieve the external IP address for your Wallaroo instance LoadBalancer. For example, this can be performed through the following kubectl
command:
kubectl get svc -A
Example Result:
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.64.16.1 <none> 443/TCP 3d19h
wallaroo alertmanager ClusterIP 10.64.16.48 <none> 9093/TCP 2d22h
wallaroo api-lb LoadBalancer 10.64.30.169 34.173.211.9 80:32176/TCP,443:32332/TCP,8080:30971/TCP 2d22h
In this example, the External-IP of the wallaroo
LoadBalancer is 34.173.211.9
. A more specific command to retrieve just the LoadBalancer address would be:
kubectl get svc api-lb -n wallaroo -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
34.173.211.9
This procedure is appropriate for both clusters that are in external or internal mode.
For organizations install Wallaroo other methods, such as Air Gap or Single Node Linux may find the kubectl get svc api-lb
command only returns the internal IP address.
Depending on the instance, there are different methods of acquiring that IP address. The links below reference difference sources.
Refer to your Wallaroo support representative if further assistance is needed.
To integrate the Wallaroo instance IP address with a DNS service:
Create a CA-signed TLS certificate for your Wallaroo domain with the following settings:
*.{suffix domain}
. For example, if the domain suffix is wallaroo.example.com
, then the Subject CNs would be:wallaroo.example.com
api.wallaroo.example.com
jupyter.wallaroo.example.com
keycloak.wallaroo.example.com
.crt
) and TLS private key (.key
). Store these in a secure location - these will be installed into Wallaroo at a later step.Create DNS the following entries based on the list above for the Wallaroo instance’s IP address, updating the domain name depending on whether there is a prefix or not:
For example:
Access the Wallaroo Administrative Dashboard in your browser. This can be done either after installation, or through the following command (assuming your Wallaroo instance was installed into the namespace wallaroo
). By default this provides the Wallaroo Administrative Dashboard through the URL https://localhost:8080
.
kubectl-kots admin-console --namespace wallaroo
From the Wallaroo Dashboard, select Config and set the following:
Once complete, scroll to the bottom of the Config page and select Save config.
A pop-up window will display The config for Wallaroo Enterprise has been updated.. Select Go to updated version to continue.
From the Version History page, select Deploy. Once the new deployment is finished, you will be able to access your Wallaroo services via their DNS addresses.
To verify the configuration is complete, access the Wallaroo Dashboard through the suffix domain
. For example if the suffix domain
is wallaroo.example.com
then access https://wallaroo.example.com
in a browser and verify the connection and certificates.