How to get a public ingress endpoint in a ROSA PrivateLink cluster

Resolution

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

• On ROSA clusters, the default cluster ingress (apps) is part of the ROSA deployment, therefore customers are not allowed to edit its CustomResources. For more details, please refer to Customize the ingresscontroller in OSD and ROSA.

• As informed on the same documentation mentioned above, it's possible to create custom ingresscontrollers by using the Custom Domains Operator. With CDO, it's possible to customize the new ingresscontroller, although the customization is limited at this moment.

• Based on this information, CDO exists outside ROSA architecture, and therefore it is a self-managed service where customers can perform such configurations without affecting the overall cluster functioning.

• When it comes to PrivateLink clusters, the ROSA documentation, somehow, gives us the idea that PrivateLink has no public ingress, which is true, unless you have a custom domain where you can expose it via AWS DNS. From the procedure provided by the MOBB document¹, all the steps to allow a public ingress are mostly done on AWS side, while, customers would just be required to create a default custom domain on their clusters.

• Although this configuration is still possible, please be aware that this is not an official Red Hat recommendation as it involves third-party configurations which it is not supported by Red Hat. Customers would need to refer to the AWS support if something is not working as expected.