Follow the steps below to configure a custom Domain within your Org.
In order for DNS to work, the apex domain (e.g., example.com) needs to be created in Control Plane and verified before subdomains can be created.
Once the apex domain is verified, subdomains can be added to the same Org without needing the extra TXT record verification step.
If multiple Orgs are creating subdomains with the same apex domain, the apex domain verification only needs to be performed in one of the Orgs.
Create a new Domain by using one of the following methods:
Domains
in the left menu and click New
, orCreate
dropdown in the upper right corner and select Domain
.The console will prompt you for the desired domain name to associate with your Org.
After clicking Next
, the Spec
page will be displayed.
On this page, the following can be configured:
CNAME
is allowed.)https://WORKLOAD_NAME.SUB_DOMAIN.DOMAIN
Replace Prefix
can be provided that will replace the given path string before forwarding to the destination Workload./
should be placed at the end of the list
if multiple paths are configured.When creating an apex domain for verification:
CNAME
for the DNS Mode
.None
for the Routing Mode
.DNS
page to create the _cpln
TXT record.To create:
Select CNAME
for the DNS Mode
and select either Subdomain Based
or Path Based
and configure as necessary.
When using the CNAME
mode, a TLS secret must be assigned to the domain.
Refer to the Domain reference page for additional details.
After clicking Next
, any required DNS entries will be displayed.
Once the DNS entries are added and the changes are propagated, click on the acceptance
checkbox and click Create
. The platform will verify the DNS entries and, if successful, add the domain to
your Org.
A Domain can be created / updated using the CLI's apply command.
Below are a few sample Domain manifests (in YAML) that can be used as input to the CLI's apply command.
copykind: domainname: sub.example.comdescription: Domain sub.example.comtags: {}spec:gvcLink: //gvc/GVC_NAME
NOTE: The port number and minimum TLS are currently static. This will be modifiable in the future.
copykind: domainname: sub.example.comdescription: Domain sub.example.comtags: {}spec:ports:- number: 443protocol: http2routes:- prefix: /workloadLink: //gvc/GVC_NAME/workload/WORKLOAD_NAMEtls:cipherSuites:- TLS_RSA_WITH_AES_256_GCM_SHA384- TLS_RSA_WITH_AES_128_GCM_SHA256- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- TLS_CHACHA20_POLY1305_SHA256- TLS_AES_256_GCM_SHA384- TLS_AES_128_GCM_SHA256minProtocolVersion: TLSV1_2
Before using the CLI's apply command, the DNS entries must exist and propagated.
To successfully add a Domain to your Org using the NS
DNS Mode, the
following DNS entries are required.
The values in the sample below might not correspond to the entries necessary for your domain. Use the values that are presented during the creation of the domain.
These records will need to be sent to the network administrator in charge of handling the domain's DNS configuration.
Example:
Using the domain: sample.domain.com
RECORD/HOST | TYPE | TTL | VALUE |
---|---|---|---|
_cpln-sample | TXT | 600 | ORG_ID_GUID |
sample | NS | 1800 | ns1.cpln.cloud |
sample | NS | 1800 | ns2.cpln.cloud |
sample | NS | 1800 | ns1.cpln.live |
sample | NS | 1800 | ns2.cpln.live |
To obtain the ORG_ID_GUID, run the CLI command: cpln org get ORG_NAME --output json
.
The output of the command will display all the properties of the Org object. Use the value of the id
key for the TXT value.
After the DNS records have been created, the propagation time for the changes to take effect depends on the cache setting of your domain's DNS Start of Authority (SOA) record.
Once the records are fully propagated, any DNS changes to your subdomain will be reflected within a few seconds.