[RFE] - AWS: Cluster Ingress Operator should use CNAME instead of A Alias record

Solution Verified - Updated -


  • On AWS, the cluster ingress operator creates one A Alias DNS records in Route53 for the "*.apps." wildcard URL.
  • The internal DNS system does not synchronize A Alias records into the enterprise DNS server and therefore those URLs are not reachable from the company network.
  • When changing the Route53 entry that is created by the cluster ingress operator from A Alias to CNAME, the DNS sync is working and the OpenShift Container Platform 4 cluster is reachable from the company network.
  • Unfortunately, when doing this the cluster ingress operator is going into the "Degraded" state because the Route53 record it has created is mismatching with the manually altered Route53 entry.
  • This "Degraded" operator state leads to the result that we cannot update clusters because all operators have to be alright for the update to complete.
  • There is also a Github issue tracking this: Github
  • A suggestion should be to either replace the A Alias record with a CNAME record or at least give the possibility to parameterize the operator so that the user can choose whether A Alias or CNAME is used.


  • Red Hat OpenShift Container Platform(OCP) 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content