Closed berendt closed 6 days ago
If we use sovereignit.space for the SCS project itself we should use this domain accordingly for the registry. I would then suggest registry.sovereignit.space.
scs.sovereignit.cloud would then be the domain for the current gx-scs.okeanos.dev environment. This is not related to internal services of SCS. The internal services should not run on the demonstrator.
OK, so here's my current thinking: 1a: scs.community => Our public face 1b: scs.koeln => Internal (development) 2a: sovereignit.tech => Public SCS project infrastructure 2b: sovereignit.cloud => SCS partner cloud providers 2c: sovereignit.space => SCS customer domains (served by designate of SCS clouds)
Another option may be to make use of subdomains extensively.
E. g.
scs.community
-> Landing pageregistry.scs.community
-> Container registrydocs.scs.community
-> Rendered documentationproviders.scs.community
-> Partners cloud providersplusserver.providers.scs.community
-> Partners cloud providers (Plusserver Subpage)(Does not have to be scs.community
, these are just for example).
This IMHO makes it much easier to evaluate authenticity/ownership for anyone who is not too familiar with the project yet. For example: When sovereignit
or scs
is registered by SCS on many (but not all) TLD's, there is AFAIK no straight-forward way to validate that e. g. sovereignit.wiki
is a domain owned by SCS or not. In this example, sovereignit.wiki
would look very legit, but may be bought by anyone right now.
Would definitely put our core infrastructure on a different domain than the CSPs.
sovereignit.* I would prefer because then it is uniform everywhere.
But the argument about the mapping because of the other name is justified.
Hi Joshua, Christian,
so here's my current proposal:
Regarding the exact DNS setup for the core infrastructure services:
Next to the possibility of maintaining all DNS records manually in the registrar, it should be also possible to manage records dynamically via external-dns. Either writing (1) directly to the configuration at the registrar or (2) to a DNS service running on the infra K8s managing a domain like infra.scs.community
via delegation. This may reduce the work of maintaining the records in the long run.
I'd be fine with any option - also in the current case of harbor/registry. @garloff @berendt What would you prefer?
this can be closed, corret?
We have the sovereignit.cloud I have a subdomain gx-scs.sovereignit.cloud and plan to create further subdomains for each SCS cloud. We could easily add scs.sovereignit.cloud subdomain for our own central services. Does that work for you?
Sidenote: I also have sovereignit.tech which can be used to point subdomains to designate, allowing user-controlled subsubdomains in this namespace -- I would not use this as this is a namespace that has a lot of things neither under our nor under the provider's control.
Discussion: