IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at docs.openshift.com and access.redhat.com.
Adding an additional ingress controller to an ARO cluster
Paul Czarkowski, Stuart Kirk
03/30/2022
Prerequisites
- an Azure Red Hat OpenShift cluster
- a DNS zone that you can easily modify
Get Started
-
Create some environment variables
DOMAIN=custom.azure.mobb.ninja EMAIL=example@email.com SCRATCH_DIR=/tmp/aro
-
Create a certificate for the ingress controller
certbot certonly --manual \ --preferred-challenges=dns \ --email $EMAIL \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ --manual-public-ip-logging-ok \ -d "*.$DOMAIN" \ --config-dir "$SCRATCH_DIR/config" \ --work-dir "$SCRATCH_DIR/work" \ --logs-dir "$SCRATCH_DIR/logs"
-
Create a secret for the certificate
oc create secret tls custom-tls \ -n openshift-ingress \ --cert=$SCRATCH_DIR/config/live/$DOMAIN/fullchain.pem \ --key=$SCRATCH_DIR/config/live/$DOMAIN/privkey.pem
-
Create an ingress controller
cat <<EOF | oc apply -f - apiVersion: operator.openshift.io/v1 kind: IngressController metadata: name: custom namespace: openshift-ingress-operator spec: domain: $DOMAIN nodePlacement: nodeSelector: matchLabels: node-role.kubernetes.io/worker: "" routeSelector: matchLabels: type: custom defaultCertificate: name: custom-tls httpEmptyRequestsPolicy: Respond httpErrorCodePages: name: "" replicas: 3 EOF
-
Wait a few moments then get the
EXTERNAL-IP
of the new ingress controlleroc get -n openshift-ingress svc router-custom
The output should look like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE router-custom LoadBalancer 172.30.90.84 20.120.48.78 80:32160/TCP,443:32511/TCP 49s
-
Create a wildcard DNS record pointing at the
EXTERNAL-IP
-
Test that the Ingress is working
curl -s https://test.$DOMAIN | head
<html> <head> <meta name="viewport" content="width=device-width, initial-scale=1">
-
Create a new project to deploy an application to
oc new-project demo
-
Create a new application
oc new-app --docker-image=docker.io/openshift/hello-openshift
-
Expose
cat << EOF | oc apply -f - apiVersion: route.openshift.io/v1 kind: Route metadata: labels: app: hello-openshift app.kubernetes.io/component: hello-openshift app.kubernetes.io/instance: hello-openshift type: custom name: hello-openshift-tls spec: host: hello.$DOMAIN port: targetPort: 8080-tcp tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: hello-openshift EOF
-
Verify it works
curl https://hello.custom.azure.mobb.ninja
Hello OpenShift!