Pre-requisites
This page provides details on actions that must be done before the Cofide Connect Control Plane can be installed.
Pre-requisites
Section titled “Pre-requisites”- Setup a Kubernetes cluster where you will host Connect (this can be bare-metal, VM or a cloud provider such as EKS or GKE).
- Decide on how services will be exposed outside the cluster with TLS termination at the pod (e.g. if running on EKS you can use the AWS Load Balancer controller)
- Decide on how DNS will route to services exposed outside the cluster (e.g. if running on EKS you can use external-dns with Route53)
Choose a domain to host the Control Plane
Section titled “Choose a domain to host the Control Plane”The control plane has 4 services that need to be exposed outside the cluster: the OIDC discovery endpoint, the API, the API’s XDS server and the web-based UI dashboard. These can be exposed on any domain you desire. In the rest of this guide we will use example.cofide.dev, replace this with your chosen domain. The subdomains for the API and XDS server must be connect and xds resepctively, but you can freely choose the subdomains of the OIDC discovery endpoint and web-based UI (oidc-discovery and app are used in this guide).
Choose a Trust Domain
Section titled “Choose a Trust Domain”The control plane’s trust domain can be anything you wish; common choices would be the domain on which the control plane is exposed but any trust domain name compatible with the SPIFFE standard can be used. In the rest of this guide we will use connect-trust-domain as a placeholder.
© 2026 Cofide Limited. All rights reserved.