Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Example usage of resource rhcs_default_ingress #698

Open
am90670 opened this issue Jun 18, 2024 · 1 comment
Open

Example usage of resource rhcs_default_ingress #698

am90670 opened this issue Jun 18, 2024 · 1 comment

Comments

@am90670
Copy link

am90670 commented Jun 18, 2024

Is there an example how to use rhcs_default_ingress? Specifically cluster_routes_hostname, cluster_routes_tls_secret_ref amd component_routes ? Which namespace should the tls secret(s) be created in?
@gdbranco
Copy link
Contributor

gdbranco commented Jun 20, 2024
edited
Loading

Hello there, cluster_routes_hostname and cluster_routes_tls_secret_ref are being deprecated in favor of component_routes

component_routes was merged by #568 and is expected to land in release 1.6.3 which is currently under review. Albeit, no specific release date to share at the moment.

Here's a small example of how to work with the component_routes when 1.6.3 lands. Official docs will be available later on on https://docs.openshift.com/

You'll need to generate certificates for each of the routes you wish to modify in component_routes being Downloads, Console and Oauth. Consult your certificate authority to understand how to create a certificate with similar attributes for your production workloads.

Here's an example that is not intended for production

$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout console-key-my-new-domain.pem -out console-cert-my-new-domain.pem -subj "/CN=*.my-new-domain.dev" -addext "subjectAltName = DNS:console.my-new-domain.dev"

You may then add the secret to your cluster within openshift-config namespace

$ oc create secret tls console-tls-secret --cert=console-cert-my-new-domain.pem --key=console-key-my-new-domain.pem -n openshift-config

By executing

$ oc get svc -n openshift-ingress

There will be an output for a field called EXTERNAL-IP. In your hosting provider, add DNS records that map the CNAME of your new component route hostnames to the load balancer EXTERNAL-IP found in the previous command.

You'll then be ready to modify the component-routes attribute of the ingress resource

resource "rhcs_default_ingress" "default" {
  cluster = rhcs_cluster_wait.cluster.cluster

  component_routes = {
    "console" = {
      hostname       = "tconsole.my-new-domain.dev"
      tls_secret_ref = "console-tls-secret"
    }
  }
}

You may include similar steps for the other two routes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdbranco @am90670