Deploy self hosted pixie cloud on domain other than `dev.withpixie.dev` and use actual certificate (accessible from multiple system without installing the certificate on all the systems) and move away with dns updater.

[c3-pranjaysagar]

My use case.

Want to deploy the self managed pixie on the cluster for cluster monitoring and the Live ui to be accessible to all the team members.

Current scenario based on installation steps

• mkcert creates a locally trusted certificate.
• Predefined domain - dev.withpixie.dev
• dns updater updates the host file in the system for the sac ips
• If any other member needs to access the live ui, the local certificate has to be shared and installed in the team members system.

Scenario We want

• use proper certificate to create the tls, that is used by the services
• Use our domain to host pixie
• No need to keep running the dns updater
• No need of sharing the certificate for other members to access the live ui (If we are using proper certificate fort ls, that issue will be resolved.)

[zasgar]

Related to #345

[c3-pranjaysagar]

@zasgar any update on this?
Also, a query can we use example.something instead of dev.pixie.dev? What I mean is can we replace 3 level domain with 2 level domain and make it work? Or do we need a certificate that supports more than 3 levels of domain

[sgewirtz1]

I'm attempting the same type of self hosted deployment and running into issues with the login step after defining the admin password.

have so far tried:
release/cloud/prod/1666129068 with oauth/hydra
release/cloud/prod/1666129068 with oauth/hydra/oauth2/auth
release/cloud/prod/1664907260 with oauth/hydra
release/cloud/prod/1664907260 with oauth/hydra/oauth2/auth
In between each I've tried clearing plc and elastic namespaces and starting over as well as starting fresh from new machines.
I still only see either the
{"error": "Error 404 - The requested route does not exist. Make sure you are using the right path, domain, and port."}
or the Oauth2 error page:
The OAuth2 request resulted in an error.

Error: invalid_request
Description: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls.
Hint:
Debug:
You are seeing this page because configuration key urls.error is not set.
If you are an administrator, please read the guide to understand what you need to do. If you are a user, please contact the administrator.
I am running on a gcp cluster and using aws route53 as my DNS provider.
I've also edited the two loadbalancer service files to remove the cloud.google.com/load-balancer-type: internal annotation (found in k8s/cloud/overlays/exposed_services_ilb)
trying to use the exposed_services_gclb folder's resources instead doesn't work unless I would make other modifications the the supporting backend services yaml files and deploy those as well which I haven't tried yet.
Otherwise the deployment with 1664907260 gets farther than the more recent 1666129068 which doesn't even allow me to move past the kustomize steps since some pods never start, they're stuck in CrashLoopBackoff

[aimichelle]

Instructions have been written up thanks to @nilushancosta 's help! Please take a look here: https://docs.px.dev/installing-pixie/install-guides/production-readiness/ and let us know if you have any questions!