Dgraph on GKE w CertManager + ExternalDNS

Recently, I wrote a blog over the weekend about how CertManager and ExternalDNS to automatically configure DNS records and issue trusted certificates for endpoints, with Dgraph as the example application of course for this.

As writing DNS records should be restricted, I show how to do this more securely with Workload Identity, which uses OpenID Connect. Some of this complexity is hidden through automation with Helmfile.

Dgraph Ratel was put into a separate namespace, as this will allow for more secure settings when network policies like Calico or Cillium or service meshes with strict mode like NSM are used.

1 Like