ROSA with PrivateLink does not allow to add secondary "apps2" IngressController

Solution Unverified - Updated -

Environment

  • Red Hat OpenShift Service on AWS

Issue

  • When adding secondary apps2.clustername.domain, there is no the "Networking" tab to configure it in OCM.
  • How to add 2nd IngressController at ROSA + PrivateLink cluster ?

Resolution

  • Unfortunately, it's not supported to add the secondary "apps2" IngressController to the ROSA + PrivateLink currently.
  • But if your goal is using another IngressController with custom domain, then you can add additional IngressController using CustomDomain only with Internal scope. 
$ oc create -f - <<EOF
apiVersion: managed.openshift.io/v1alpha1
kind: CustomDomain
metadata:
  name: test
spec:
  domain: apps.example.com
  scope: Internal               <--- Only allowed to configure Internal for ROSA + PL
  certificate:
    name: test-tls 
    namespace: test-domain
EOF

$ oc get customdomain
NAME   ENDPOINT                                           DOMAIN             STATUS
test   aaaaa.test.clustername.xxxx.p1.openshiftapps.com   apps.example.com   Ready

$ oc get ingresscontroller -n openshift-ingress-operator
NAME      AGE
default   75m
test      29m   <--- Added by CustomDomain

$ oc get pod -n openshift-ingress
NAME                              READY   STATUS    RESTARTS   AGE
router-default-565459748f-9r5fj   1/1     Running   0          52m
router-default-565459748f-nfxls   1/1     Running   0          50m
router-test-67f8864ff8-7lgm6      1/1     Running   0          29m  <--- New ingress launched
router-test-67f8864ff8-nnrm7      1/1     Running   0          29m  <--- New ingress launched

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments