Is your feature request related to a problem? Please describe.
Cognito and load balancer guides require user to create a wild card certificate for both the root domain(*.example.com) and the subdomain(*.platform.example.com). The root domain cert is not attached to any resource and is unused after deployment.
Upon investigation, I found that if the URL client accesses is kubeflow.platform.example.com, the presented certificate must include a SAN covering either kubeflow.platform.example.com OR *.platform.example.com, it does not need anything at the parent domain. In fact, wildcards should also not be needed.
Describe the solution you'd like
Need to investigate if there is reason for a client need to make a connection to platform.example.com and if there isnt, remove the need for root domain certificate from deployment process.
Is your feature request related to a problem? Please describe.
Cognito and load balancer guides require user to create a wild card certificate for both the root domain(
*.example.com
) and the subdomain(*.platform.example.com
). The root domain cert is not attached to any resource and is unused after deployment.Upon investigation, I found that if the URL client accesses is
kubeflow.platform.example.com
, the presented certificate must include a SAN covering eitherkubeflow.platform.example.com
OR*.platform.example.com
, it does not need anything at the parent domain. In fact, wildcards should also not be needed.Describe the solution you'd like Need to investigate if there is reason for a client need to make a connection to
platform.example.com
and if there isnt, remove the need for root domain certificate from deployment process.Only place
platform.example.com
is used is for A record pointing to ALB which is not usable.