🌐
MEDIP · master.dev
CLOUD IP · DNS · TLS · IAM REGISTRY · AKS DEV SYSTEM
☁️ CLOUD TIER
2 PUBLIC IPs
34 DNS ZONES
ACME TLS
PUBLIC IP ADDRESSES — CLOUD INGRESS
| IP ADDRESS | INTERFACE | SERVICE | TAG | NOTES |
|---|
| 20.116.164.26 |
Istio ASM LB |
External Ingress Gateway |
ISTIO ASM |
All *.eose.ca traffic · TLS termination |
| 20.200.111.70 |
nginx LB |
Kantai Ingress |
NGINX |
kantai.dev.eose.ca · Gangway portal |
| 10.x.x.x/16 |
AKS CNI Overlay |
Pod CIDR |
AKS |
Internal pod network · Azure VNet |
| 172.24.50.255 |
Gateway Host |
Openclaw Gateway + MDSMS |
INTERNAL |
:18830 ws · :9349 MDSMS · :9348 store |
NETWORK TOPOLOGY — AZURE VNET
AKS CNI Overlay
Mode: CNI Overlay
Plugin: Azure CNI
VNet: rg-eose-aks-dev
Region: canadacentral
aks-eose-aaas-dev
Nodes: D2s_v5 × 2
K8s: 1.33.7
Istio: 20.116.164.26
GPU: T4/H100 pool
aks-kantai-eose-dev
Nodes: B4ms + 2× system
nginx LB: 20.200.111.70
Namespace: kantai-chat
URL: kantai.dev.eose.ca
Istio ASM Mesh
Mode: Azure Service Mesh
Ingress: 20.116.164.26
mTLS: enabled
Namespaces: mesh-enrolled
DNS ZONES — 34 ZONES IN rg-eose-dns-dev
*.eose.ca ✓ LIVE
Primary fleet domain · Istio ingress · A→20.116.164.26
master.dev.eose.ca ✓ 200
Master Control dashboard · AKS dev
kantai.dev.eose.ca ✓ LIVE
Kantai Gangway portal · nginx LB
*.pemos.ca ✓ LIVE
Portal fleet domains · 34 zone group
*.deseof.ca ✓ LIVE
EOSE secondary fleet domain
*.deseof.com ✓ LIVE
EOSE .com namespace
Total: 34 zones ✓ AZURE DNS
rg-eose-dns-dev · Azure Public DNS
TLS CERTIFICATES — cert-manager ACME
| CERT / ISSUER | DOMAINS | STATUS | NOTES |
|---|
| letsencrypt-prod |
*.eose.ca · *.pemos.ca |
✓ ACTIVE |
ACME HTTP-01/DNS-01 · cert-manager |
| letsencrypt-prod |
*.deseof.ca · *.deseof.com |
✓ ACTIVE |
Azure DNS solver |
| onba-ca-tls |
onba.ca |
⚠️ STUCK |
Manual action needed · DNS challenge stalled |
PORT MAP — CLOUD SERVICES
| PORT | SERVICE | PROTO | NOTES |
|---|
| 443 |
HTTPS Ingress All fleet domains via Istio ASM |
TCP/TLS |
LIVE |
| 80 |
HTTP → HTTPS redirect Istio ingress redirect |
TCP |
ACTIVE |
| 18830 |
Openclaw Gateway ws://172.24.50.255:18830 |
WS |
FLEET |
| 9349 |
MDSMS API Message ingest service |
HTTP |
INTERNAL |
| 9348 |
MDSMS Store Storage backend |
HTTP |
INTERNAL |
| 8080 |
pemos-portal Container port → 3000 on host |
HTTP |
PORTAL |
IAM — AZURE IDENTITY & ACCESS
SERVICE PRINCIPALS
managed
MANAGED IDENTITY
per-workload