-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
1. Proposed title of this feature request
Feature to modify the api-int URL for OpenShift internal API
2. What is the nature and description of the request?
Currently the three DNS entries can be implemented to separate the endpoints:
--> api.cluster.domain
--> api-int.cluster.domain
--> *.apps.cluster.domain
But the limitation here is regarding the domain of these 3 entries. Currently, OpenShift implies the use of the same domain for the three endpoints. There is no supported way to change them.
The customer have separated domains for internal and external use cases (this is generally the case in banking environments). The customer would like to configure the entries as below (values are for example) :
--> api.cluster.domain-external
--> api-int.cluster.domain-internal
--> *.apps.cluster.domain-external
For this reason, having the ability to modify api-int domain is necessary to comply with the security constraints :
Internal domain should not be accessible from external one (even through an alias).
We can take another use case where the firewall just allow/deny the traffic from/for specific hostnames due to security concern and not always possible to add/allow the hostnames in firewall such as default "api-int.cluster.domain" as an exception.
This is why customer is suggesting the following options:
- Make api-int.cluster.domain strictly internal as it's the case for IPI mode.
- Or, at least, make it possible to use a different domain for api-int.cluster.domain.
- is related to
-
RFE-1791 Post-Install OCP Network Config Reconfiguration
- Under Review