Set up Domain Name for Your Application
Prerequisites:
Your application should be running in Pods within NERC OpenShift, with a
Service created for the port(s) you want to expose. By default, an
HTTPS-enabled route is set up for each deployed application, following this format:
https://<your-application-name>-<your-namespace>.apps.shift.nerc.mghpcc.org.
In this example, we have set up Credit Card Fraud Detection Application based on this Predictive AI tutorial.
The Topology view shows application details as shown below:
Enabling HTTPS for Web Applications
HTTPS provides data-in-motion encryption for web applications. To enable HTTPS, you need to generate TLS certificates and have them signed by a trusted Certificate Authority (CA).
Let's Encrypt is a free CA that supports automatic certificate issuing using the ACME protocol.
What is DNS?
You can learn more about DNS by reading this page.
Unlike DNS services on NERC OpenStack, where the Domain Name requires an
A Record
pointing to the public floating IP of your NERC VM, on NERC OpenShift, you need
to point your unique public Route url i.e. <your-application-name>-<your-namespace>.apps.shift.nerc.mghpcc.org
of your deployed application to the public DNS by creating a CNAME Record.
What is a CNAME Record?
A CNAME (Canonical Name) record: CNAME is a type of DNS record that maps one domain name (alias) to another domain name (canonical name). This allows multiple domain names to point to the same target without needing separate IP addresses.
How to get user-friendly domain names (hostnames)?
NERC does not currently offer integrated domain name service management.
You can use one of the following methods to configure name resolution (DNS) for your NERC's virtual instances.
1. Using freely available free Dynamic DNS services
Get a free domain or host name from no-ip.com or other
Here we will describe how to use No-IP to configure dynamic DNS.
Step 1: Create your No-IP Account.
During this process you can add your desired unique hostname with pre-existing domain name or you can choose to create your hostname later on.
Step 2: Confirm Your Account by verifing your email address.
Step 3: Log In to Your Account to view your dashboard.
Step 4: Create a New Hostname.
Give a Hostname and select one of the available Domain names. This will
create your full hostname like `
Click Create Hostname.
Then, browse your host or domain name as you setup during registration or later i.e. http://nerc.hopto.org on above example.
How to create an Ingress with TLS/SSL certificates from Let's Encrypt
To use your own custom domain with HTTPS, you need to create an Ingress with annotations for cert-manager.
To expose your application securely with HTTPS on OpenShift, you need to create an Ingress resource per port that is used by Service to serve public facing. An Ingress allows external HTTP and HTTPS traffic to access services within your cluster.
-
Go to the NERC's OpenShift Web Console.
-
Click on the Perspective Switcher drop-down menu and select Administrator.
-
Click on the Ingresses under Networking Menu:
-
Click Create Ingress.
-
You will need to:
- i. Change:
metadata.namei.e.<your-unique-ingress-name>spec.rules[0].hosti.e.<your-hostname>spec.rules[0].http.paths[*].backend.servicei.e. path, servicename and service exposed port number- ii. Add:
metadata.annotationsi.e.annotations: acme.cert-manager.io/http01-ingress-class: openshift-default cert-manager.io/cluster-issuer: letsencrypt-production-http01spec.ingressClassNamei.e.spec: ingressClassName: openshift-defaultspec.tlsi.e.tls: - hosts: - <your-hostname> secretName: <unique-secret-name>For example, your Ingress template should look like similar to shown below:
kind: Ingress apiVersion: networking.k8s.io/v1 metadata: name: <your-unique-ingress-name> namespace: <your-namespace> annotations: acme.cert-manager.io/http01-ingress-class: openshift-default cert-manager.io/cluster-issuer: letsencrypt-production-http01 spec: ingressClassName: openshift-default tls: - hosts: - nerc.hopto.org secretName: <your-unique-tls-secret-name> rules: - host: nerc.hopto.org http: paths: - path: <your-path-to-service> pathType: Prefix backend: service: name: <your-service-name> port: number: <your-service-exposed-port> -
Click Create.
-
Click on the Perspective Switcher drop-down menu and select Developer.
-
Go to Topology Menu and click on your deployed application to see the Overview panel to the right.
-
Click the Resources tab to view the Routes used by the component. You will see a new Route that has been added by the Ingress configuration you just set up above as shown below:
- Click on the Route link it will load the web application with the HTTPS and domain
name you defined in your ingress:
https://<your-hostname>i.e.https://nerc.hopto.org
To Troubleshoot Certificate Requests
Naviage to Search Menu and search for certificate and select CertificateRequest. Here you will be able to see all requested certificates in your namespaces as shown below:
You can click on it and check the Conditions of the certificate request as shown below:
2. Using your local Research Computing (RC) department or academic institution's Central IT services
You need to contact and work with your Research Computing department or
academic institution's Central IT services to create CNAME record for your
hostname that maps to the Public Route url i.e. <your-application-name>-<your-namespace>.apps.shift.nerc.mghpcc.org
of your deployed application.
3. Using commercial DNS providers
Alternatively, you can purchase a fully registered domain name or host name from
commercial hosting providers and then register DNS records for your route url i.e.
<your-application-name>-<your-namespace>.apps.shift.nerc.mghpcc.org from commercial
cloud servies i.e. AWS Route53, Azure DNS, CloudFlare, Google Cloud Platform,
GoDaddy, etc.