Customer-owned domain with private link(客户自有域名的私有链接配置)¶
If you have set up a private link to your Foundry environment, and if the Foundry domain is owned by you (meaning that the domain is not a Palantir-owned domain, such as *.palantirfoundry.com), there is additional configuration needed to funnel internal Foundry services through the endpoint.
Follow these steps to complete configuration of a private link for a customer-owned domain:
- Provision a separate secondary domain that will be used for internal Foundry container services. This can also be a subdomain of the main Foundry domain, such as
containers.foundry.<customer>.com. - Set up a DNS C-Name to point this secondary domain to the VPC Endpoint Universal DNS name, the same as for the main Foundry domain.
- Sign and return the Certificate Signing Request (CSR) for the secondary domain provided by a Palantir representative.
- Palantir will configure the Foundry instance to serve the new certificate for the secondary domain.
After this is done, all traffic to Foundry will be routed through the private link that was set up.
中文翻译¶
客户自有域名的私有链接配置¶
如果您已为Foundry环境设置了私有链接,并且该Foundry域名归您所有(即该域名并非Palantir自有域名,例如*.palantirfoundry.com),则需要额外配置才能将内部Foundry服务通过该端点进行路由。
请按照以下步骤完成客户自有域名的私有链接配置:
- 预置一个独立的辅助域名,用于内部Foundry容器服务。该域名也可以是主Foundry域名的子域名,例如
containers.foundry.<customer>.com。 - 设置DNS CNAME记录,将该辅助域名指向VPC端点通用DNS名称,操作方式与主Foundry域名相同。
- 签署并返回由Palantir代表提供的辅助域名证书签名请求(CSR)。
- Palantir将配置Foundry实例,为辅助域名提供新的证书。
完成上述操作后,所有发往Foundry的流量都将通过已设置的私有链接进行路由。