Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 1. Deployments

1.1. Custom domains for applications
Link kopieren

Note

Starting with Red Hat OpenShift Service on AWS 4.14, the Custom Domain Operator is deprecated. To manage Ingress in Red Hat OpenShift Service on AWS 4.14, use the Ingress Operator. The functionality is unchanged for Red Hat OpenShift Service on AWS 4.13 and earlier versions.

You can configure a custom domain for your applications. Custom domains are specific wildcard domains that can be used with Red Hat OpenShift Service on AWS applications.

1.1.1. Configuring custom domains for applications
Link kopieren

The top-level domains (TLDs) are owned by the customer that is operating the Red Hat OpenShift Service on AWS cluster. The Custom Domains Operator sets up a new ingress controller with a custom certificate as a second day operation. The public DNS record for this ingress controller can then be used by an external DNS to create a wildcard CNAME record for use with a custom domain.

Note

Custom API domains are not supported because Red Hat controls the API domain. However, customers can change their application domains. For private custom domains with a private IngressController, set .spec.scope to Internal in the CustomDomain CR.

Prerequisites

  • A user account with dedicated-admin privileges
  • A unique domain or wildcard domain, such as *.apps.<company_name>.io
  • A custom certificate or wildcard custom certificate, such as CN=*.apps.<company_name>.io
  • Access to a cluster with the latest version of the oc CLI installed
Important

Do not use the reserved names default or apps*, such as apps or apps2, in the metadata/name: section of the CustomDomain CR.

Procedure

  1. Create a new TLS secret from a private key and a public certificate, where fullchain.pem and privkey.pem are your public or private wildcard certificates.

    Example

    $ oc create secret tls <name>-tls --cert=fullchain.pem --key=privkey.pem -n <my_project>
    Copy to Clipboard Toggle word wrap

  2. Create a new CustomDomain custom resource (CR):

    Example <company_name>-custom-domain.yaml

    apiVersion: managed.openshift.io/v1alpha1
kind: CustomDomain
metadata:
  name: <company_name>
spec:
  domain: apps.<company_name>.io
    1 
    
  scope: External
  loadBalancerType: Classic
    2 
    
  certificate:
    name: <name>-tls
    3 
    
    namespace: <my_project>
  routeSelector:
    4 
    
    matchLabels:
     route: acme
  namespaceSelector:
    5 
    
    matchLabels:
     type: sharded
    Copy to Clipboard Toggle word wrap

    1
    The custom domain.
    2
    The type of load balancer for your custom domain. This type can be the default classic or NLB if you use a network load balancer.
    3
    The secret created in the previous step.
    4
    Optional: Filters the set of routes serviced by the CustomDomain ingress. If no value is provided, the default is no filtering.
    5
    Optional: Filters the set of namespaces serviced by the CustomDomain ingress. If no value is provided, the default is no filtering.

  3. Apply the CR:

    Example

    $ oc apply -f <company_name>-custom-domain.yaml
    Copy to Clipboard Toggle word wrap

  4. Get the status of your newly created CR: 

    $ oc get customdomains
    Copy to Clipboard Toggle word wrap

    Example output

    NAME               ENDPOINT                                                    DOMAIN                       STATUS
<company_name>     xxrywp.<company_name>.cluster-01.opln.s1.openshiftapps.com  *.apps.<company_name>.io     Ready
    Copy to Clipboard Toggle word wrap

  5. Using the endpoint value, add a new wildcard CNAME recordset to your managed DNS provider, such as Route53.

    Example

    *.apps.<company_name>.io -> xxrywp.<company_name>.cluster-01.opln.s1.openshiftapps.com
    Copy to Clipboard Toggle word wrap

  6. Create a new application and expose it:

    Example

    $ oc new-app --docker-image=docker.io/openshift/hello-openshift -n my-project
    Copy to Clipboard Toggle word wrap 

    $ oc create route <route_name> --service=hello-openshift hello-openshift-tls --hostname hello-openshift-tls-my-project.apps.<company_name>.io -n my-project
    Copy to Clipboard Toggle word wrap 
    $ oc get route -n my-project
    Copy to Clipboard Toggle word wrap 
    $ curl https://hello-openshift-tls-my-project.apps.<company_name>.io
Hello OpenShift!
    Copy to Clipboard Toggle word wrap

Troubleshooting

1.1.2. Renewing a certificate for custom domains
Link kopieren

You can renew certificates with the Custom Domains Operator (CDO) by using the oc CLI tool.

Prerequisites

  • You have the latest version oc CLI tool installed.

Procedure

  1. Create new secret 

    $ oc create secret tls <secret-new> --cert=fullchain.pem --key=privkey.pem -n <my_project>
    Copy to Clipboard Toggle word wrap

  2. Patch CustomDomain CR 

    $ oc patch customdomain <company_name> --type='merge' -p '{"spec":{"certificate":{"name":"<secret-new>"}}}'
    Copy to Clipboard Toggle word wrap

  3. Delete old secret 

    $ oc delete secret <secret-old> -n <my_project>
    Copy to Clipboard Toggle word wrap

Troubleshooting

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat