Skip to content

Custom Domains

Consider have a domain custom.domain.com; and you want to host your application on your own domain instead of the default route provided by SAAP i.e. <MYAPP_NAME>-<MYAPP_NAMESPACE>.apps.<CLUSTER_NAME>.<CLUSTER_ID>.kubeapp.cloud. You can follow these steps in order to use your own domain:

  1. Configure DNS
  2. Configure TLS Certificates
  3. Create Ingress for your Application
  4. Verify

1. Configure DNS

In order to host your application on custom.domain.com. You need to point your DNS address to the ingress endpoint of the cluster's default router. This can either be a public IP or a private IP depending on if the cluster is public or private.

See External DNS section to automatically configure DNS for your applications

Option # 1: Create Manual entries

Step # 1: Obtain Public IP Address

Use the following command to get the ingress IP address of your cluster:

nslookup "*.apps.$(oc get dns -ojsonpath='{.items[0].spec.baseDomain}')" | grep Address | tail -1

Step # 2: Create entry in your DNS Provider

Add A entry in your DNS provider to point custom.domain.com to the IP obtained in the previous step.

2. Configure TLS certificate secret

There are two ways to configure TLS Certificate secret:

  1. Certmanager Operator
  2. Bring Your Own Certificates (BYOC)

Option # 1: Certmanager Operator

See configuration options for cert-manager managed addon

Option # 2: Bring Your Own Certificates (BYOC)

Generate TLS certificates of your domain i.e. custom.domain.com from your preferred CA and create a secret of the following format (secret can be secured via SealedSecrets.

Replace concealed values with the corresponding base64 encoded certificate values.

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: my-app-route
  namespace: my-apps-ns
spec:
  host: my-app.custom.domain.com
  path: /
  port:
    targetPort: http
  tls:
    certificate: |
        <concealed>
    key: |
        <concealed>
    insecureEdgeTerminationPolicy: Redirect
    termination: edge
  to:
    kind: Service
    name: playbook
    weight: 100
  wildcardPolicy: None

3. Create for your Application

In you application values add Ingress section as followings:

...
ingress:
  enabled: true
  servicePort: <SERVICE_PORT>
  hosts:
  - cusotm.domain.com
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
  tls:
  - hosts:
      - custom.domain.com
    secretName: custom-domain-tls-cert
...

It will take 2-3 min for Certmanager to issue a certificate and upon success, custom-domain-tls-cert secret will be populated with the cert values.

4. Verify

A Route would be created in you application namespace. Open your route URL i.e https://custom.domain.com to view and verify your TLS secured web application

Copyright © 2023 Stakater AB – Change cookie settings