When deploying applications on Red Hat OpenShift Service on AWS (ROSA), the default routes often come with system-generated URLs. While functional, they’re not exactly user-friendly or brandable. That’s where custom domains come in.
Custom domains let you expose your apps using clean, memorable, and secure URLs like app.example.com instead of my-app-default.apps.cluster-id.region.rosa.amazonaws.com.
Let’s break down how and why to set up custom domains on ROSA.
🚀 Why Use a Custom Domain?
Brand Identity – Reinforce trust with URLs that match your company domain.
Ease of Access – Easy-to-remember URLs improve user experience.
Security – Add TLS certificates for secure HTTPS access.
Professionalism – Ideal for production apps, portals, and public-facing services.
🔧 How It Works in ROSA
ROSA uses Ingress Controllers to manage traffic coming into the cluster. When you create a custom domain:
You map your domain (like app.example.com) to the Ingress Controller’s load balancer.
You update your DNS to point to the cluster’s ingress IP or hostname.
You create a certificate (typically using Let’s Encrypt or a trusted CA) to enable HTTPS.
Once configured, ROSA handles the routing so your app is securely accessible from the internet — under a clean, branded URL.
📝 Steps to Set Up a Custom Domain on ROSA (Concept Overview)
Reserve a Subdomain
Choose something like apps.example.com or dashboard.example.com.
Update DNS
Create a CNAME or A record pointing to the ROSA ingress load balancer’s hostname or IP.
Configure Certificate
Use a TLS certificate from a public CA or use Let’s Encrypt with cert-manager.
Upload the certificate and private key to OpenShift as a secret.
Create a New IngressController
Add a new ingress with your custom domain and TLS settings.
Set it as the default if needed or scope it to specific routes.
Create or Update Routes
When creating your app route, assign the custom domain.
Make sure it's using the correct IngressController and TLS settings.
🔒 Securing Your Custom Domain with TLS
Security is key. ROSA supports TLS out of the box. After pointing your DNS:
Use cert-manager to automatically request and renew certs
Or manually upload your cert and key as an OpenShift secret
Apply it to your route or ingress configuration for HTTPS support
✅ Best Practices
Use wildcard domains (e.g., *.apps.example.com) for flexibility across apps.
Automate DNS management with tools like ExternalDNS.
Regularly audit cert expiration dates and renewals.
Keep your TLS configs up to date for stronger encryption.
📌 Real-World Use Cases
Customer portals like portal.yourbrand.com
Product dashboards like analytics.yourbrand.com
API endpoints like api.yourbrand.com
Partner access via partners.yourbrand.com
🧩 Final Thoughts
Custom domains give your ROSA-hosted apps a professional front door — secure, recognizable, and aligned with your brand. Whether you're hosting production apps or internal tools, using a custom domain is a simple but powerful upgrade.
With proper DNS setup, TLS encryption, and ROSA configuration, your applications are ready for prime time on the internet — the way they should be.
For more info, Kindly follow: Hawkstack Technologies
Top comments (0)