Wallaroo DNS Configuration Guide

Integrate Wallaroo Enterprise Into an Organization’s DNS.

DNS services integration is required for Wallaroo Enterprise to provide access to the various supporting services that are part of the Wallaroo instance. These include:

  • Simplified user authentication and management.
  • Centralized services for accessing the Wallaroo Dashboard, Wallaroo SDK and Authentication.
  • Collaboration features allowing teams to work together.
  • Managed security, auditing and traceability.

The following guide is for standard DNS services.

Once integrated, users can access the following services directly from a URL starting with the suffix domain - this is the domain name where other DNS entries are appended to. For example, if the suffix domain is sales.example.com, then the other services would be referenced by https://api.sales.sample.com, etc.

Note that even when accessing specific Wallaroo services directly that the user must still be authenticated through Wallaroo.

ServiceDNS EntryDescription
Wallaroo Dashboardsuffix domainProvides access to a user interface for updating workspaces, pipelines, and models. Also provides access to the integrated JupyterHub service.
JupyterHubjupyterhubAllows the use of Jupyter Notebooks and access to the Wallaroo SDK.
APIapiProvides access to the Wallaroo API.
KeycloakkeycloakKeycloak provides user management to the Wallaroo instance.

Connections to Wallaroo services are provided as https://service.{suffix domain}. For example, if the domain suffix is wallaroo.example.com then the URLs to access the various Wallaroo services would be:

  • https://wallaroo.example.com
  • https://jupyter.wallaroo.example.com
  • https://api.wallaroo.example.com
  • https://keycloak.wallaroo.example.com

Prerequisites

  • Install Wallaroo Enterprise into a qualified environment. For more details, see the Wallaroo Install Guides and the Wallaroo Enterprise Install Guides.
  • Determine whether your organization will use a prefix or not as detailed above.
  • Generate the SSL Certificates. See How to update SSL Certificates for Wallaroo for instructions on generating SSL certificates and updating the Wallaroo instance with new certificates.
  • Have access to internal corporate DNS configurations that can be updated. A subdomain for the Wallaroo instance will be created through this process.
  • Install kubectl into the Kubernetes cluster administrative node.

Wallaroo IP Address Retrieval Methods

The first step is to retrieve the IP address connected to the Wallaroo load balancer for the cluster.

Retrieve LoadBalancer IP with kubectl

For most organizations that install Wallaroo into a cloud based Kubernetes cluster such as Microsoft Azure, AWS, etc the external IP address is tied to Wallaroo LoadBalancer service. This can be retrieved with the kubectl command as follows:

  1. Retrieve the external IP address for your Wallaroo instance LoadBalancer. For example, this can be performed through the following kubectl command:

    kubectl get svc api-lb-ext -n wallaroo -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
    
    34.83.140.98
    

    An alternative to this command to show all services is the following:

    kubectl get svc  -A
    

    Example Result:

    kubectl get svc  -A
    NAMESPACE     NAME                      TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                         AGE
    default       kubernetes                ClusterIP      10.25.64.1     <none>          443/TCP                         50d
    gmp-system    alertmanager              ClusterIP      None           <none>          9093/TCP                        50d
    gmp-system    gmp-operator              ClusterIP      10.25.70.18    <none>          8443/TCP,443/TCP                50d
    kube-system   default-http-backend      NodePort       10.25.67.38    <none>          80:31378/TCP                    50d
    kube-system   kube-dns                  ClusterIP      10.25.64.10    <none>          53/UDP,53/TCP                   50d
    kube-system   metrics-server            ClusterIP      10.25.67.8     <none>          443/TCP                         50d
    wallaroo      alertconfig               ClusterIP      10.25.67.141   <none>          9094/TCP                        2m30s
    wallaroo      alertmanager              ClusterIP      10.25.77.167   <none>          9093/TCP                        2m30s
    wallaroo      api-lb                    ClusterIP      10.25.79.188   <none>          8080/TCP                        2m31s
    wallaroo      api-lb-admin              ClusterIP      10.25.70.0     <none>          9901/TCP                        2m31s
    wallaroo      api-lb-ext                LoadBalancer   10.25.69.9     34.83.140.98    80:30715/TCP,443:32664/TCP      2m31s
    wallaroo      dashboard                 ClusterIP      10.25.72.14    <none>          4567/TCP                        2m31s
    wallaroo      edge-lb                   LoadBalancer   10.25.69.175   35.247.14.253   8081:32744/TCP,8443:30087/TCP   2m31s
    wallaroo      wallsvc                   ClusterIP      10.25.75.74    <none>          3040/TCP                        2m30s
    

    Some cloud providers may provide multiple external IP addresses for the api-lb service. For some services such as Oracle, this is typically a 10 net address, with the second IP address being the actual external address. Verify the IP address before changing DNS settings.

Other Methods

For organizations install Wallaroo other methods, such as Single Node Linux may find the kubectl get svc api-lb-ext command only returns the internal IP address.

Depending on the instance, there are different methods of acquiring that IP address. The links below reference difference sources.

Refer to your Wallaroo support representative if further assistance is needed.

DNS Entries

Create DNS the following entries based on the list above for the Wallaroo instance’s IP address. Select the cloud environment used for DNS services. Note that DNS services are not tied to the specific cloud platform; check with your organizations setup requirements before proceeding.

AWS Setup

The following settings are used with AWS EKE clusters through Route 53. For more information, see Enabling DNS resolution for Amazon EKS cluster endpoints.

Set the following domain names for the Wallaroo instance.

For AWS Clusters:

  1. Suffix Domain: CN (CNAME) record referring to the AWS EKS cluster endpoint. For example: wallaroo.example.com.
  2. api: CN (CNAME) record referring to the AWS EKS cluster endpoint. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the AWS EKS cluster endpoint. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the AWS EKS cluster endpoint. For example: keycloak.wallaroo.example.com.

For clusters managed by other cloud services:

  1. Suffix Domain: A record, NS (Name Server) record, SOA (Start Of Authority) record. For example: wallaroo.example.com
  2. api: CN (CNAME) record referring to the cluster endpoint. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the cluster endpoint. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the cluster endpoint. For example: keycloak.wallaroo.example.com.
Azure Setup

The following settings are used with Microsoft Azure DNS Records. For more information, see Manage DNS records and record sets by using the Azure portal.

  1. Suffix Domain: A record, NS (Name Server) record, SOA (Start Of Authority) record. For example: wallaroo.example.com
  2. api: CN (CNAME) record referring to the cluster endpoint. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the cluster endpoint. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the cluster endpoint. For example: keycloak.wallaroo.example.com.
GCP Setup

The following settings are used with Google Cloud Platform DNS Records. For more information, see GCP Add, modify, and delete records.

  1. Suffix Domain: A record, NS (Name Server) record, SOA (Start Of Authority) record. For example: wallaroo.example.com
  2. api: CN (CNAME) record referring to the cluster endpoint. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the cluster endpoint. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the cluster endpoint. For example: keycloak.wallaroo.example.com.
Oracle Setup

The following settings are used with Oracle Cloud Platform DNS Records. For more information, see Configuring DNS Servers for Kubernetes Clusters.

  1. Suffix Domain: A record, NS (Name Server) record, SOA (Start Of Authority) record. For example: wallaroo.example.com. IMPORTANT NOTE: Oracle OKE clusters have two IP addresses for the load balancer endpoint. Use the public IP address, not the internal 10-net address.
  2. api: CN (CNAME) record referring to the cluster endpoint. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the cluster endpoint. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the cluster endpoint. For example: keycloak.wallaroo.example.com.
Other DNS Services

Set the following domain names for the Wallaroo instance.

  1. Suffix Domain: A record, NS (Name Server) record, SOA (Start Of Authority) record. For example: wallaroo.example.com
  2. api: CN (CNAME) record referring to the Suffix Domain. For example: api.wallaroo.example.com.
  3. jupyter: CN (CNAME) record referring to the Suffix Domain. For example: jupyter.wallaroo.example.com.
  4. keycloak: CN (CNAME) record referring to the Suffix Domain. For example: keycloak.wallaroo.example.com.

Update DNS Services for Wallaroo

Select the method of updating DNS services based on the method of installing Wallaroo: kots or helm.

Update DNS Configuration for Wallaroo for Kots Installations

The following is for configuring DNS services in Wallaroo for a Kots based installation.

  1. Access the Kots Administrative Dashboard in a browser. This can be done either after installation, or through the following command (assuming the Wallaroo instance was installed into the namespace wallaroo). By default this provides the Kots Administrative Dashboard through the URL https://localhost:8800.

    kubectl kots admin-console --namespace wallaroo
    
  2. From the Wallaroo Dashboard, select Config and set the following:

    1. DNS
      1. DNS Suffix (Optional): The domain prefix for the Wallaroo instance.
      2. DNS Suffix (Mandatory): The domain suffix for the Wallaroo instance.
  3. Once complete, scroll to the bottom of the Config page and select Save config.

  4. A pop-up window will display The config for Wallaroo Enterprise has been updated.. Select Go to updated version to continue.

  5. From the Version History page, select Deploy. Once the new deployment is finished, you will be able to access Wallaroo services via their DNS addresses.

To verify the configuration is complete, access the Wallaroo Dashboard through the suffix domain. For example if the suffix domain is wallaroo.example.com then access https://wallaroo.example.com in a browser and verify the connection and certificates.

Update DNS Services for Helm Installations

The following instructions are for installations of Wallaroo in a Helm based installation. By default, the DNS settings for the Wallaroo instance are configured during the installation. For more information, see Helm Based Install Guides.

The following shows how to update the DNS and security certificates for existing Wallaroo installations.

Set the Wallaroo Domain Name for Helm

The Wallaroo domain name are set with the following Helm variables:

  • domainPrefix: The domain prefix.
  • domainSuffix: The domain suffix.
  • custTlsSecretName: The Kubernetes secret storing the certificate information.

The following is a minimum local-values.yaml file with the domain suffix set to wallaroo.example.com:

domainPrefix: "" # optional if using a DNS Prefix
domainSuffix: "wallaroo.example.com"

custTlsSecretName: cust-cert-secret

apilb:
  serviceType: LoadBalancer
  external_inference_endpoints_enabled: true
  ingress_mode: internal # internal (Default), external,or none

dashboard:
  clientName: "Wallaroo Helm Example" # Insert the name displayed in the Wallaroo Dashboard

kubernetes_distribution: ""   # Required. One of: aks, eks, gke, oke, or kurl.
  1. Update the helm based installation with the helm upgrade command in the following format:

    helm upgrade $RELEASE $REGISTRYURL --version $VERSION --values $LOCALVALUES.yaml
    

    Where:

    1. $RELEASE: The name of the Helm release. By default, wallaroo.
    2. $REGISTRYURL: The URl for the Wallaroo container registry service.
    3. $VERSION: The version of Wallaroo to install. For this example, 2024.1.0-5097.
    4. $LOCALVALUES: The .yaml file containing the local values overrides. For this example, local-values.yaml.

    For example, for the release wallaroo the command would be:

    helm upgrade wallaroo oci://registry.replicated.com/wallaroo/2024-1/wallaroo --version 2024.1.0-5097 --values local-values.yaml
    

Edge Observability Enablement

For organizations that deploy Wallaroo pipelines on edge devices as Wallaroo Servers, see the DNS settings from the Edge Deployment Registry Guide.