Note: It is recommended that you use the Cloud Front based guide unless you absolutely must use an ALB based solution.
Hereexternal link (opens in new tab) ’s a good overview of AWS LB types and what they support
Problem Statement Operator requires WAF (Web Application Firewall) in front of their workloads running on OpenShift (ROSA)
Operator does not want WAF running on OpenShift to ensure that OCP resources do not experience Denial of Service through handling the WAF
Problem Statement Operator requires WAF (Web Application Firewall) in front of their workloads running on OpenShift (ROSA)
Operator does not want WAF running on OpenShift to ensure that OCP resources do not experience Denial of Service through handling the WAF
Proposed Solution Add a CustomDomain resource to the cluster using a wildcard DNS and TLS certificate.
Set the Wildcard DNS CNAME’s to CloudFront and enable the CloudFront + WAF services to reverse proxy and inspect the traffic before sending it to the cluster.
Interested in contributing to these docs?
Collaboration drives progress. Help improve our documentation The Red Hat Way.
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.