Configure a Custom Application Domain with an internal LoadBalancer in OSD and ROSA

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA)
    • 4
  • Red Hat OpenShift Dedicated (OSD)
    • 4

Issue

  • How to configure a Custom Application Domain with an internal loadbalancer in ROSA?
  • How to configure a Custom Application Domain with an internal loadbalancer in OSD?
  • The CustomDomain resource only triggered provisioning public (external) ingress controller, how to define scope: Internal using CustomDomain resource?

Resolution

Follow the Configuring custom domains for applications in ROSA or Configuring custom domains for applications in OSD documentation, and when creating the customdomain, configure the internal LoadBalancer using the scope: "Internal" configuration:

apiVersion: managed.openshift.io/v1alpha1
kind: CustomDomain
metadata:
  name: test-customdomain
spec:
  domain: "test-customdomain.io"
  certificate:
    name: test-customdomain
    namespace: test-customdomain
  scope: "Internal"

Note: the spec.endpointPublishingStrategy.loadBalancer.scope for the ingress should be spec.scope in the CustomDomain.

Root Cause

The Custom Domains Operator is the responsible to set up a new ingresscontroller with a custom certificate and an internal LoadBalancer as a day two operation.

Diagnostic Steps

Define a customDomain and provision and ingresscontroller using AWS internal load balancer. Here is an example changing only the ingresscontroller definition with scope: Internal used, but it still fails:

$ oc get ingresscontroller [my_ingress] -n openshift-ingress-operator -o yaml
[...]
spec:
  defaultCertificate:
    name: router-certs-private
  domain: test-customdomain.io
  endpointPublishingStrategy:
    loadBalancer:
      scope: Internal
    type: LoadBalancerService

Details about scope: Internal LoadBalancer is found in the OCP documentation, but it fails on ROSA.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments