Setup secure agent in aws cloud

We have a amazon vpc with public and private subnets. All of these are secure connected via vpn to our internal datacenter where i.e. rancher itself is hosted. Everything works fine. Thx for that. We have only one problem:

We are using also route53 to auto update external dns for our exposed services. As route53 service for now can only handle one host ip address, we have to setup hosts using their public ip, becuase these should publiced in dns. All management connection should run not over internet, instead using internal networks and vpn.

How to setup a agent, exposing its public ip to dns and communicating to rancher via internal/vpn networks ?

( rancher url is only looked up with internal / vpn ip in dns … )

:confused:

any suggestions for that question?

ok. found it. Using now io.rancher.host.external_dns_ip label. Works fine. ( But not for dynamic hosting creation like autoscale …)