Skip to content

Ingress

OpenShift contains a built-in ingress controller. It lets you automatically direct HTTP/HTTPS traffic to your application.

Assuming you already have a working Service set up for your application, you can now request cluster-external traffic with the following YAML:

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: myapp
spec:
  host: myapp.arisnet.ac.at
  port:
    targetPort: 8080 # Add the service port here
  to:
    kind: Service
    name: myapp # Add the service name here
  tls:
    termination: edge
    insecureEdgeTerminationPolicy: Redirect # Set this to "None" for APIs

Using custom domains

If you wish to use a custom domain, you will need to set a CNAME to ingress.c-arisnet-poc1.vshnmanaged.net.. Additionally, you will need to request a certificate from the built-in cert-manager:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: somename
spec:
  commonName: yourname.example.com
  dnsNames:
  - yourname.example.com
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt-production
  privateKey:
    algorithm: ECDSA
    size: 384
  secretName: your-desired-secret-name
  subject:
    organizations:
    - arisnet.ac.at
  usages:
  - server auth
  - client auth

Once the certificate is issued, you can use it in your Route:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: forschungsdaten-api
spec:
  ingressClassName: openshift-default
  rules:
  - host: yourname.example.com
    http:
      paths:
      - backend:
          service:
            name: myapp
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - yourname.example.com
    secretName: your-desired-secret-name