Using a custom TLS certificate for domain mapping - Security | Serverless

About
- Welcome
- Learn more about OpenShift Container Platform
- About OpenShift Kubernetes Engine
- Legal notice
Release notes
- OpenShift Container Platform 4.10 release notes
Getting started
- OpenShift Container Platform overview
- Web console walkthrough
- Command-line walkthrough
Architecture
- Architecture overview
- Product architecture
- Installation and update
- Red Hat OpenShift Cluster Manager
- Control plane architecture
- Understanding OpenShift development
- Red Hat Enterprise Linux CoreOS
- Admission plug-ins
Installing
- Installation overview
- Selecting an installation method and preparing a cluster
- Disconnected installation mirroring
  - About disconnected installation mirroring
  - Creating a mirror registry with mirror registry for Red Hat OpenShift
  - Mirroring images for a disconnected installation
  - Mirroring images for a disconnected installation using the oc-mirror plug-in
- Installing on Alibaba
  - Preparing to install on Alibaba Cloud
  - Creating the required Alibaba Cloud resources
  - Installing a cluster quickly on Alibaba Cloud
  - Installing a cluster on Alibaba Cloud with customizations
  - Installing a cluster on Alibaba Cloud with network customizations
  - Uninstalling a cluster on Alibaba Cloud
- Installing on AWS
  - Preparing to install on AWS
  - Configuring an AWS account
  - Manually creating IAM
  - Installing a cluster quickly on AWS
  - Installing a cluster on AWS with customizations
  - Installing a cluster on AWS with network customizations
  - Installing a cluster on AWS in a restricted network
  - Installing a cluster on AWS into an existing VPC
  - Installing a private cluster on AWS
  - Installing a cluster on AWS into a government region
  - Installing a cluster on AWS into a Top Secret Region
  - Installing a cluster on AWS into a China region
  - Installing a cluster on AWS using CloudFormation templates
  - Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
  - Uninstalling a cluster on AWS
- Installing on Azure
  - Preparing to install on Azure
  - Configuring an Azure account
  - Manually creating IAM
  - Installing a cluster quickly on Azure
  - Installing a cluster on Azure with customizations
  - Installing a cluster on Azure with network customizations
  - Installing a cluster on Azure into an existing VNet
  - Installing a private cluster on Azure
  - Installing a cluster on Azure into a government region
  - Installing a cluster on Azure using ARM templates
  - Uninstalling a cluster on Azure
- Installing on Azure Stack Hub
  - Preparing to install on Azure Stack Hub
  - Configuring an Azure Stack Hub account
  - Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
  - Installing a cluster on Azure Stack Hub with network customizations
  - Installing a cluster on Azure Stack Hub using ARM templates
  - Uninstalling a cluster on Azure Stack Hub
- Installing on GCP
  - Preparing to install on GCP
  - Configuring a GCP project
  - Manually creating IAM
  - Installing a cluster quickly on GCP
  - Installing a cluster on GCP with customizations
  - Installing a cluster on GCP with network customizations
  - Installing a cluster on GCP in a restricted network
  - Installing a cluster on GCP into an existing VPC
  - Installing a private cluster on GCP
  - Installing a cluster on GCP using Deployment Manager templates
  - Installing a cluster into a shared VPC on GCP using Deployment Manager templates
  - Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
  - Uninstalling a cluster on GCP
- Installing on IBM Cloud VPC
  - Preparing to install on IBM Cloud VPC
  - Configuring an IBM Cloud account VPC
  - Configuring IAM for IBM Cloud VPC
  - Installing a cluster on IBM Cloud VPC with customizations
  - Installing a cluster on IBM Cloud VPC with network customizations
  - Uninstalling a cluster on IBM Cloud VPC
- Installing on bare metal
  - Preparing to install on bare metal
  - Installing a user-provisioned cluster on bare metal
  - Installing a user-provisioned bare metal cluster with network customizations
  - Installing a user-provisioned bare metal cluster on a restricted network
- Installing on-premise with Assisted Installer
  - Installing an on-premise cluster using the Assisted Installer
- Installing on a single node
  - Preparing to install OpenShift on a single node
  - Installing OpenShift on a single node
- Deploying installer-provisioned clusters on bare metal
  - Overview
  - Prerequisites
  - Setting up the environment for an OpenShift installation
  - Post-installation configuration
  - Expanding the cluster
  - Troubleshooting
- Installing bare metal clusters on IBM Cloud
  - Prerequisites
  - Installation workflow
- Installing with z/VM on IBM Z and LinuxONE
  - Preparing to install with z/VM on IBM Z and LinuxONE
  - Installing a cluster with z/VM on IBM Z and LinuxONE
  - Restricted network IBM Z installation with z/VM
- Installing with RHEL KVM on IBM Z and LinuxONE
  - Preparing to install with RHEL KVM on IBM Z and LinuxONE
  - Installing a cluster with RHEL KVM on IBM Z and LinuxONE
  - Restricted network IBM Z installation with RHEL KVM
- Installing on IBM Power
  - Preparing to install on IBM Power
  - Installing a cluster on IBM Power
  - Restricted network IBM Power installation
- Installing on OpenStack
  - Preparing to install on OpenStack
  - Installing a cluster on OpenStack with customizations
  - Installing a cluster on OpenStack with Kuryr
  - Installing a cluster that supports SR-IOV compute machines on OpenStack
  - Installing a cluster on OpenStack that supports OVS-DPDK-connected compute machines
  - Installing a cluster on OpenStack on your own infrastructure
  - Installing a cluster on OpenStack with Kuryr on your own infrastructure
  - Installing a cluster on OpenStack on your own SR-IOV infrastructure
  - Installing a cluster on OpenStack in a restricted network
  - Uninstalling a cluster on OpenStack
  - Uninstalling a cluster on OpenStack from your own infrastructure
- Installing on RHV
  - Preparing to install on RHV
  - Installing a cluster quickly on RHV
  - Installing a cluster on RHV with customizations
  - Installing a cluster on RHV with user-provisioned infrastructure
  - Installing a cluster on RHV in a restricted network
  - Uninstalling a cluster on RHV
- Installing on vSphere
  - Preparing to install on vSphere
  - Installing a cluster on vSphere
  - Installing a cluster on vSphere with customizations
  - Installing a cluster on vSphere with network customizations
  - Installing a cluster on vSphere with user-provisioned infrastructure
  - Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
  - Installing a cluster on vSphere in a restricted network
  - Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
  - Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
  - Using the vSphere Problem Detector Operator
- Installing on VMC
  - Preparing to install on VMC
  - Installing a cluster on VMC
  - Installing a cluster on VMC with customizations
  - Installing a cluster on VMC with network customizations
  - Installing a cluster on VMC in a restricted network
  - Installing a cluster on VMC with user-provisioned infrastructure
  - Installing a cluster on VMC with user-provisioned infrastructure and network customizations
  - Installing a cluster on VMC in a restricted network with user-provisioned infrastructure
  - Uninstalling a cluster on VMC
- Installing on any platform
  - Installing a cluster on any platform
- Installation configuration
  - Customizing nodes
  - Configuring your firewall
- Validating an installation
- Troubleshooting installation issues
- Support for FIPS cryptography
Post-installation configuration
- Post-installation configuration overview
- Configuring a private cluster
- Bare metal configuration
- Machine configuration tasks
- Cluster tasks
- Node tasks
- Network configuration
- Storage configuration
- Preparing for users
- Configuring alert notifications
- Converting a connected cluster to a disconnected cluster
Updating clusters
- Updating clusters overview
- Understanding OpenShift updates
- Understanding upgrade channels
- Preparing to perform an EUS-to-EUS update
- Updating a cluster using the web console
- Updating a cluster using the CLI
- Performing update using canary rollout strategy
- Updating a cluster that includes RHEL compute machines
- Updating a restricted network cluster
- Updating hardware on nodes running on vSphere
Support
- Support overview
- Managing your cluster resources
- Getting support
- Remote health monitoring with connected clusters
- Gathering data about your cluster
- Summarizing cluster specifications
- Troubleshooting
Web console
- Accessing the web console
- Viewing cluster information
- Adding user preferences
- Configuring the web console
- Customizing the web console
- Dynamic plug-ins
- Developer perspective
- Web terminal
- Disabling the web console
- Creating quick start tutorials
CLI tools
- CLI tools overview
- OpenShift CLI (oc)
- Developer CLI (odo)
- Knative CLI (kn) for use with OpenShift Serverless
- Pipelines CLI (tkn)
- opm CLI
  - Installing the opm CLI
  - opm CLI reference
- Operator SDK
  - Installing the Operator SDK CLI
  - Operator SDK CLI reference
Security and compliance
- Security and compliance overview
- Container security
- Configuring certificates
- Certificate types and descriptions
- Compliance Operator
- File Integrity Operator
- cert-manager Operator for Red Hat OpenShift
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
- Network-Bound Disk Encryption (NBDE)
Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
- Configuring identity providers
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
Networking
- Understanding networking
- Accessing hosts
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Configuring the Ingress Controller endpoint publishing strategy
- Verifying connectivity to an endpoint
- Changing the cluster network MTU
- Configuring the node port service range
- Configuring IP failover
- Using SCTP
- Using PTP hardware
- External DNS Operator
  - Understanding the External DNS Operator
  - Installing the External DNS Operator
  - External DNS Operator configuration parameters
  - Creating DNS records on an public hosted zone for AWS
  - Creating DNS records on an public zone for Azure
  - Creating DNS records on an public managed zone for GCP
- Network policy
  - About network policy
  - Logging network policy
  - Creating a network policy
  - Viewing a network policy
  - Editing a network policy
  - Deleting a network policy
  - Defining a default network policy for projects
  - Configuring multitenant network policy
- Multiple networks
  - Understanding multiple networks
  - Configuring an additional network
  - About virtual routing and forwarding
  - Configuring multi-network policy
  - Attaching a pod to an additional network
  - Removing a pod from an additional network
  - Editing an additional network
  - Removing an additional network
  - Assigning a secondary network to a VRF
- Hardware networks
  - About Single Root I/O Virtualization (SR-IOV) hardware networks
  - Installing the SR-IOV Operator
  - Configuring the SR-IOV Operator
  - Configuring an SR-IOV network device
  - Configuring an SR-IOV Ethernet network attachment
  - Configuring an SR-IOV InfiniBand network attachment
  - Adding a pod to an SR-IOV network
  - Using high performance multicast
  - Using DPDK and RDMA
  - Using pod-level bonding for secondary networks
  - Configuring hardware offloading
  - Uninstalling the SR-IOV Operator
- OpenShift SDN default CNI network provider
  - About the OpenShift SDN default CNI network provider
  - Configuring egress IPs for a project
  - Configuring an egress firewall for a project
  - Viewing an egress firewall for a project
  - Editing an egress firewall for a project
  - Removing an egress firewall from a project
  - Considerations for the use of an egress router pod
  - Deploying an egress router pod in redirect mode
  - Deploying an egress router pod in HTTP proxy mode
  - Deploying an egress router pod in DNS proxy mode
  - Configuring an egress router pod destination list from a config map
  - Enabling multicast for a project
  - Disabling multicast for a project
  - Configuring multitenant isolation
  - Configuring kube-proxy
- OVN-Kubernetes default CNI network provider
  - About the OVN-Kubernetes network provider
  - Migrating from the OpenShift SDN cluster network provider
  - Rolling back to the OpenShift SDN cluster network provider
  - Converting to IPv4/IPv6 dual stack networking
  - IPsec encryption configuration
  - Configuring an egress firewall for a project
  - Viewing an egress firewall for a project
  - Editing an egress firewall for a project
  - Removing an egress firewall from a project
  - Configuring an egress IP address
  - Assigning an egress IP address
  - Considerations for the use of an egress router pod
  - Deploying an egress router pod in redirect mode
  - Enabling multicast for a project
  - Disabling multicast for a project
  - Tracking network flows
  - Configuring hybrid networking
- Configuring Routes
  - Route configuration
  - Secured routes
- Configuring ingress cluster traffic
  - Overview
  - Configuring ExternalIPs for services
  - Configuring ingress cluster traffic using an Ingress Controller
  - Configuring ingress cluster traffic using a load balancer
  - Configuring ingress cluster traffic on AWS using a Network Load Balancer
  - Configuring ingress cluster traffic using a service external IP
  - Configuring ingress cluster traffic using a NodePort
- Kubernetes NMState
  - About the Kubernetes NMState Operator
  - Observing node network state
  - Updating node network configuration
  - Troubleshooting node network configuration
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
- Load balancing with MetalLB
  - About MetalLB and the MetalLB Operator
  - Installing the MetalLB Operator
  - Configuring MetalLB address pools
  - Configuring MetalLB BGP peers
  - Configuring MetalLB BFD profiles
  - Configuring services to use MetalLB
  - MetalLB troubleshooting and support
- Associating secondary interfaces metrics to network attachments
Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
- Configuring persistent storage
- Using Container Storage Interface (CSI)
- Expanding persistent volumes
- Dynamic provisioning
Registry
- Registry overview
- Image Registry Operator in OpenShift Container Platform
- Setting up and configuring the registry
- Accessing the registry
- Exposing the registry
Operators
- Operators overview
- Understanding Operators
- User tasks
  - Creating applications from installed Operators
  - Installing Operators in your namespace
- Administrator tasks
- Developing Operators
- Platform Operators reference
CI/CD
- CI/CD overview
- Builds
- Migrating from Jenkins to Tekton
  - Migrating from Jenkins to Tekton
- Pipelines
- GitOps
Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
Building applications
- Projects
- Creating applications
- Viewing application composition using the Topology view
- Connecting applications to services
- Working with Helm charts
- Deployments
- Quotas
  - Resource quotas per project
  - Resource quotas across multiple projects
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
Machine management
- Overview of machine management
- Creating machine sets
- Manually scaling a machine set
- Modifying a machine set
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- Adding a RHEL compute machine
- Adding more RHEL compute machines
- User-provisioned infrastructure
- Deploying machine health checks
Nodes
- Overview of nodes
- Working with pods
- Controlling pod placement onto nodes (scheduling)
- Using Jobs and DaemonSets
  - Running background tasks on nodes automatically with daemonsets
  - Running tasks in pods using jobs
- Working with nodes
- Working with containers
- Working with clusters
- Remote worker nodes on the network edge
  - Using remote worker node at the network edge
Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Red Hat OpenShift support for Windows Containers release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows MachineSet objects
- Scheduling Windows container workloads
- Windows node upgrades
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
Sandboxed Containers Support for OpenShift
- OpenShift sandboxed containers release notes
- Understanding OpenShift sandboxed containers
- Deploying OpenShift sandboxed containers workloads
- Monitoring OpenShift sandboxed containers
- Uninstalling OpenShift sandboxed containers workloads
- Upgrade OpenShift sandboxed containers
- Collecting OpenShift sandboxed containers data
Logging
- Release notes
- About Logging
- Installing Logging
- Configuring your Logging deployment
- Viewing logs for a specific resource
- Viewing cluster logs in Kibana
- Forwarding logs to third party systems
- Enabling JSON logging
- Collecting and storing Kubernetes events
- Updating Logging
- Viewing cluster dashboards
- Troubleshooting Logging
- Uninstalling Logging
- Exported fields
Monitoring
- Monitoring overview
- Configuring the monitoring stack
- Enabling monitoring for user-defined projects
- Enabling alert routing for user-defined projects
- Managing metrics
- Managing metrics targets
- Managing alerts
- Reviewing monitoring dashboards
- Accessing third-party monitoring UIs and APIs
- Troubleshooting monitoring issues
Scalability and performance
- Recommended installation practices
- Recommended host practices
- Recommended host practices for IBM Z & LinuxONE environments
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using CPU Manager
- Using Topology Manager
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- Optimizing networking
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Performance Addon Operator for low latency nodes
- Creating a performance profile
- Deploying distributed units manually on single node OpenShift
- Workload partitioning on single node OpenShift
- Deploying distributed units at scale in a disconnected environment
Specialized hardware and driver enablement
- About specialized hardware and driver enablement
- Driver Toolkit
- Special Resource Operator
- Node Feature Discovery Operator
Backup and restore
- Overview of backup and restore operations
- Shutting down a cluster gracefully
- Restarting a cluster gracefully
- Application backup and restore
- Control plane backup and restore
Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OpenShift Container Platform 3 to 4
- Differences between OpenShift Container Platform 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
Migration Toolkit for Containers
- About MTC
- MTC release notes
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Network considerations
- Migrating your applications
- Advanced migration options
- Troubleshooting
API reference
- Understanding API tiers
- API compatibility guidelines
- Editing kubelet log level verbosity and gathering logs
- API list
- Common object reference
  - Index
- Authorization APIs
  - About Authorization APIs
  - LocalResourceAccessReview [authorization.openshift.io/v1]
  - LocalSubjectAccessReview [authorization.openshift.io/v1]
  - ResourceAccessReview [authorization.openshift.io/v1]
  - SelfSubjectRulesReview [authorization.openshift.io/v1]
  - SubjectAccessReview [authorization.openshift.io/v1]
  - SubjectRulesReview [authorization.openshift.io/v1]
  - TokenRequest [authentication.k8s.io/v1]
  - TokenReview [authentication.k8s.io/v1]
  - LocalSubjectAccessReview [authorization.k8s.io/v1]
  - SelfSubjectAccessReview [authorization.k8s.io/v1]
  - SelfSubjectRulesReview [authorization.k8s.io/v1]
  - SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
  - About Autoscale APIs
  - ClusterAutoscaler [autoscaling.openshift.io/v1]
  - MachineAutoscaler [autoscaling.openshift.io/v1beta1]
  - HorizontalPodAutoscaler [autoscaling/v1]
  - Scale [autoscaling/v1]
- Config APIs
  - About Config APIs
  - APIServer [config.openshift.io/v1]
  - Authentication [config.openshift.io/v1]
  - Build [config.openshift.io/v1]
  - ClusterOperator [config.openshift.io/v1]
  - ClusterVersion [config.openshift.io/v1]
  - Console [config.openshift.io/v1]
  - DNS [config.openshift.io/v1]
  - FeatureGate [config.openshift.io/v1]
  - HelmChartRepository [helm.openshift.io/v1beta1]
  - Image [config.openshift.io/v1]
  - ImageContentPolicy [config.openshift.io/v1]
  - Infrastructure [config.openshift.io/v1]
  - Ingress [config.openshift.io/v1]
  - Network [config.openshift.io/v1]
  - OAuth [config.openshift.io/v1]
  - OperatorHub [config.openshift.io/v1]
  - Project [config.openshift.io/v1]
  - Proxy [config.openshift.io/v1]
  - Scheduler [config.openshift.io/v1]
- Console APIs
  - About Console APIs
  - ConsoleCLIDownload [console.openshift.io/v1]
  - ConsoleExternalLogLink [console.openshift.io/v1]
  - ConsoleLink [console.openshift.io/v1]
  - ConsoleNotification [console.openshift.io/v1]
  - ConsolePlugin [console.openshift.io/v1alpha1]
  - ConsoleQuickStart [console.openshift.io/v1]
  - ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
  - About Extension APIs
  - APIService [apiregistration.k8s.io/v1]
  - CustomResourceDefinition [apiextensions.k8s.io/v1]
  - MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
  - ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
- Image APIs
  - About Image APIs
  - Image [image.openshift.io/v1]
  - ImageSignature [image.openshift.io/v1]
  - ImageStreamImage [image.openshift.io/v1]
  - ImageStreamImport [image.openshift.io/v1]
  - ImageStreamLayers [image.openshift.io/v1]
  - ImageStreamMapping [image.openshift.io/v1]
  - ImageStream [image.openshift.io/v1]
  - ImageStreamTag [image.openshift.io/v1]
  - ImageTag [image.openshift.io/v1]
  - SecretList [image.openshift.io/v1]
- Machine APIs
  - About Machine APIs
  - ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
  - ControllerConfig [machineconfiguration.openshift.io/v1]
  - KubeletConfig [machineconfiguration.openshift.io/v1]
  - MachineConfigPool [machineconfiguration.openshift.io/v1]
  - MachineConfig [machineconfiguration.openshift.io/v1]
  - MachineHealthCheck [machine.openshift.io/v1beta1]
  - Machine [machine.openshift.io/v1beta1]
  - MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
  - About Metadata APIs
  - APIRequestCount [apiserver.openshift.io/v1]
  - Binding [v1]
  - ComponentStatus [v1]
  - ConfigMap [v1]
  - ControllerRevision [apps/v1]
  - Event [events.k8s.io/v1]
  - Event [v1]
  - Lease [coordination.k8s.io/v1]
  - Namespace [v1]
- Monitoring APIs
  - About Monitoring APIs
  - Alertmanager [monitoring.coreos.com/v1]
  - AlertmanagerConfig [monitoring.coreos.com/v1alpha1]
  - PodMonitor [monitoring.coreos.com/v1]
  - Probe [monitoring.coreos.com/v1]
  - Prometheus [monitoring.coreos.com/v1]
  - PrometheusRule [monitoring.coreos.com/v1]
  - ServiceMonitor [monitoring.coreos.com/v1]
  - ThanosRuler [monitoring.coreos.com/v1]
- Network APIs
  - About Network APIs
  - ClusterNetwork [network.openshift.io/v1]
  - Endpoints [v1]
  - EndpointSlice [discovery.k8s.io/v1]
  - EgressNetworkPolicy [network.openshift.io/v1]
  - EgressRouter [network.operator.openshift.io/v1]
  - HostSubnet [network.openshift.io/v1]
  - Ingress [networking.k8s.io/v1]
  - IngressClass [networking.k8s.io/v1]
  - IPPool [whereabouts.cni.cncf.io/v1alpha1]
  - NetNamespace [network.openshift.io/v1]
  - NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
  - NetworkPolicy [networking.k8s.io/v1]
  - PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
  - Route [route.openshift.io/v1]
  - Service [v1]
- Node APIs
  - About Node APIs
  - Node [v1]
  - Profile [tuned.openshift.io/v1]
  - RuntimeClass [node.k8s.io/v1]
  - Tuned [tuned.openshift.io/v1]
- OAuth APIs
  - About OAuth APIs
  - OAuthAccessToken [oauth.openshift.io/v1]
  - OAuthAuthorizeToken [oauth.openshift.io/v1]
  - OAuthClientAuthorization [oauth.openshift.io/v1]
  - OAuthClient [oauth.openshift.io/v1]
  - UserOAuthAccessToken [oauth.openshift.io/v1]
- Operator APIs
  - About Operator APIs
  - Authentication [operator.openshift.io/v1]
  - CloudCredential [operator.openshift.io/v1]
  - ClusterCSIDriver [operator.openshift.io/v1]
  - Console [operator.openshift.io/v1]
  - Config [operator.openshift.io/v1]
  - Config [imageregistry.operator.openshift.io/v1]
  - Config [samples.operator.openshift.io/v1]
  - CSISnapshotController [operator.openshift.io/v1]
  - DNS [operator.openshift.io/v1]
  - DNSRecord [ingress.operator.openshift.io/v1]
  - Etcd [operator.openshift.io/v1]
  - ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
  - ImagePruner [imageregistry.operator.openshift.io/v1]
  - IngressController [operator.openshift.io/v1]
  - KubeAPIServer [operator.openshift.io/v1]
  - KubeControllerManager [operator.openshift.io/v1]
  - KubeScheduler [operator.openshift.io/v1]
  - KubeStorageVersionMigrator [operator.openshift.io/v1]
  - Network [operator.openshift.io/v1]
  - OpenShiftAPIServer [operator.openshift.io/v1]
  - OpenShiftControllerManager [operator.openshift.io/v1]
  - OperatorPKI [network.operator.openshift.io/v1]
  - ServiceCA [operator.openshift.io/v1]
  - Storage [operator.openshift.io/v1]
- OperatorHub APIs
  - About OperatorHub APIs
  - CatalogSource [operators.coreos.com/v1alpha1]
  - ClusterServiceVersion [operators.coreos.com/v1alpha1]
  - InstallPlan [operators.coreos.com/v1alpha1]
  - Operator [operators.coreos.com/v1]
  - OperatorCondition [operators.coreos.com/v2]
  - OperatorGroup [operators.coreos.com/v1]
  - PackageManifest [packages.operators.coreos.com/v1]
  - Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
  - About Policy APIs
  - Eviction [policy/v1]
  - PodDisruptionBudget [policy/v1]
- Project APIs
  - About Project APIs
  - Project [project.openshift.io/v1]
  - ProjectRequest [project.openshift.io/v1]
- Provisioning APIs
  - About Provisioning APIs
  - BareMetalHost [metal3.io/v1alpha1]
  - FirmwareSchema [metal3.io/v1alpha1]
  - HostFirmwareSettings [metal3.io/v1alpha1]
  - Provisioning [metal3.io/v1alpha1]
- RBAC APIs
  - About RBAC APIs
  - ClusterRoleBinding [rbac.authorization.k8s.io/v1]
  - ClusterRole [rbac.authorization.k8s.io/v1]
  - RoleBinding [rbac.authorization.k8s.io/v1]
  - Role [rbac.authorization.k8s.io/v1]
- Role APIs
  - About Role APIs
  - ClusterRoleBinding [authorization.openshift.io/v1]
  - ClusterRole [authorization.openshift.io/v1]
  - RoleBindingRestriction [authorization.openshift.io/v1]
  - RoleBinding [authorization.openshift.io/v1]
  - Role [authorization.openshift.io/v1]
- Schedule and quota APIs
  - About Schedule and quota APIs
  - AppliedClusterResourceQuota [quota.openshift.io/v1]
  - ClusterResourceQuota [quota.openshift.io/v1]
  - FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
  - LimitRange [v1]
  - PriorityClass [scheduling.k8s.io/v1]
  - PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
  - ResourceQuota [v1]
- Security APIs
  - About Security APIs
  - CertificateSigningRequest [certificates.k8s.io/v1]
  - CredentialsRequest [cloudcredential.openshift.io/v1]
  - PodSecurityPolicyReview [security.openshift.io/v1]
  - PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
  - PodSecurityPolicySubjectReview [security.openshift.io/v1]
  - RangeAllocation [security.openshift.io/v1]
  - Secret [v1]
  - SecurityContextConstraints [security.openshift.io/v1]
  - ServiceAccount [v1]
- Storage APIs
  - About Storage APIs
  - CSIDriver [storage.k8s.io/v1]
  - CSINode [storage.k8s.io/v1]
  - CSIStorageCapacity [storage.k8s.io/v1beta1]
  - PersistentVolumeClaim [v1]
  - StorageClass [storage.k8s.io/v1]
  - StorageState [migration.k8s.io/v1alpha1]
  - StorageVersionMigration [migration.k8s.io/v1alpha1]
  - VolumeAttachment [storage.k8s.io/v1]
  - VolumeSnapshot [snapshot.storage.k8s.io/v1]
  - VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
  - VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
  - About Template APIs
  - BrokerTemplateInstance [template.openshift.io/v1]
  - PodTemplate [v1]
  - Template [template.openshift.io/v1]
  - TemplateInstance [template.openshift.io/v1]
- User and group APIs
  - About User and group APIs
  - Group [user.openshift.io/v1]
  - Identity [user.openshift.io/v1]
  - UserIdentityMapping [user.openshift.io/v1]
  - User [user.openshift.io/v1]
- Workloads APIs
  - About Workloads APIs
  - BuildConfig [build.openshift.io/v1]
  - Build [build.openshift.io/v1]
  - BuildLog [build.openshift.io/v1]
  - BuildRequest [build.openshift.io/v1]
  - CronJob [batch/v1]
  - DaemonSet [apps/v1]
  - Deployment [apps/v1]
  - DeploymentConfig [apps.openshift.io/v1]
  - DeploymentConfigRollback [apps.openshift.io/v1]
  - DeploymentLog [apps.openshift.io/v1]
  - DeploymentRequest [apps.openshift.io/v1]
  - Job [batch/v1]
  - Pod [v1]
  - ReplicationController [v1]
  - PersistentVolume [v1]
  - ReplicaSet [apps/v1]
  - StatefulSet [apps/v1]
Service Mesh
- Service Mesh 2.x
- Service Mesh 1.x
Distributed tracing
- Distributed tracing release notes
- Distributed tracing architecture
  - Distributed tracing architecture
- Distributed tracing installation
Virtualization
- About OpenShift Virtualization
- Start here with OpenShift Virtualization
- OpenShift Virtualization release notes
- Installing
- Updating OpenShift Virtualization
- Additional security privileges granted for kubevirt-controller and virt-launcher
- Using the CLI tools
- Virtual machines
- Virtual machine templates
- Live migration
- Node maintenance
- Node networking
- Logging, events, and monitoring
- Backup and restore
Serverless
- Release notes
- Discover
- Install
- Knative CLI
- Develop
- Administer
- Monitor
- Support
- Security
- Functions
- Integrations
  - Using NVIDIA GPU resources with serverless applications

Adding a custom TLS certificate to a DomainMapping CR

You can use an existing TLS certificate with a DomainMapping custom resource (CR) to secure the mapped service.

Prerequisites

You have completed the steps in Configuring a custom domain for a Knative service and have a working DomainMapping CR.

Adding a custom TLS certificate to a DomainMapping CR

You can add an existing TLS certificate with a DomainMapping custom resource (CR) to secure the mapped service.

Prerequisites

You configured a custom domain for a Knative service and have a working DomainMapping CR.
You have a TLS certificate from your Certificate Authority provider or a self-signed certificate.
You have obtained the cert and key files from your Certificate Authority provider, or a self-signed certificate.
Install the OpenShift CLI (oc).

Procedure

Create a Kubernetes TLS secret:

$ oc create secret tls <tls_secret_name> --cert=<path_to_certificate_file> --key=<path_to_key_file>

Update the DomainMapping CR to use the TLS secret you have created:

apiVersion: serving.knative.dev/v1alpha1
kind: DomainMapping
metadata:
  name: <domain_name>
  namespace: <namespace>
spec:
  ref:
    name: <service_name>
    kind: Service
    apiVersion: serving.knative.dev/v1
# TLS block specifies the secret to be used
  tls:
    secretName: <tls_secret_name>

Verification

Verify that the DomainMapping CR status is True, and that the URL column of the output shows the mapped domain with the scheme https:

$ oc get domainmapping <domain_name>

Example output

NAME                      URL                               READY   REASON
example.com               https://example.com               True

Optional: If the service is exposed publicly, verify that it is available by running the following command:
```
$ curl https://<domain_name>
```
If the certificate is self-signed, skip verification by adding the -k flag to the curl command.