Adding a Public Ingress endpoint to a ROSA PrivateLink Cluster
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
This is an example guide for creating a public ingress endpoint for a ROSA Private-Link cluster. Be aware of the security implications of creating a public subnet in your ROSA VPC this way.
Refer to the blog “How to add public Ingress to a PrivateLink ROSA cluster” , to expose applications to the internet by deploying in a PrivateLink Red Hat OpenShift Service on AWS (ROSA) cluster within a truly private Virtual Private Cloud (VPC) that doesn’t have an internet gateway attached to it. Additionally, the blog details about creating CloudFront distribution for content delivery and WAF to protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. Also,AWS network firewall will be used for fine-grained control over network traffic.
Prerequisites
Getting Started
Set some environment variables
Set the following environment variables, changing them to suit your cluster.
Create a public subnet
If you followed the above instructions to create the ROSA Private-Link cluster, you should already have a public subnet in your VPC and can skip to tagging the subnet.
Get a Private Subnet ID from the cluster.
Get the VPC ID from the subnet ID.
Get the Cluster Tag from the subnet
Create a public subnet
Tag the public subnet for the cluster
Create a Custom Domain
Create TLS Key Pair for custom domain using certbot:
Skip this if you already have a key pair.
Create TLS secret for custom domain:
Note use your own keypair paths if not using certbot.
Create Custom Domain resource:
Wait for the domain to be ready:
Once its ready grab the CLB name:
Create a CNAME in your DNS provider for *.<$DOMAIN> that points at the CLB NAME from the above command.
Deploy a public application
Create a new project
Create a new application
Create a route for the application
Check that you can access the application:
You should see the output
