Use your own custom domain in-line with your organization certificates to securely access the resources that are provisioned through IBM Cloud Pak® for Multicloud Management.
You can complete these easy steps to configure your domain to access the IBM Cloud Pak for Multicloud Management URL after the Cloud Pak is installed. You can choose your own domain and configure it quickly.
The IBM Cloud Pak for Multicloud Management enables the organization to securely manage applications, no matter how they are designed or where they are deployed. It is a set of open, pluggable tools built around a core application and governance model. This core architecture helps organizations model applications and application dependencies, manage the lifecycles of both applications and infrastructure, consistently govern and secure applications and their deployment models. and deliver observability for the application’s full-stack.
- Choose a custom domain to access IBM Cloud Pak for Multicloud Management using a custom url.
- This custom domain must be registered in DNS.
- Some knowledge of IBM Cloud Pak for Multicloud Management. For more information, refer to the IBM Cloud Pak for Multicloud Management overview.
To customize the URL to access IBM Cloud Pak for Multicloud Management with a user-specific host — for example: mcm.cp4mcm.com (*.domain.com) — complete the following steps:
Step 1: Create the self-signed certificate/use a CA-signed certificate
To create the route for your custom URL, you need a self-signed certificate. If you do not have a CA-signed certificate already, complete this step to create one (ignore this step if you already have one). You can use the existing certificate to create a route for the custom URL/host of your choice.
Run the following commands to create a self-signed certificate:
Note: When you run the third command above, it requests a common name. Enter the same custom URL/host that you used previously as a value. For example, if a user chooses a custom host mcm.cp4mcm.com, where cp4mcm.com is a domain, then you can provide the domain with a wildcard *.cp4mcm.com as the common name or use the complete host mcm.cp4mcm.com itself.
Next, run the following command to generate an SSL certificate:
The four commands previously listed are displayed for your reference in the following screenshot. These commands create an SSL certificate:
Step 2: Create a route using the certificate created in Step 1
A self-signed certificate has been generated, and you can use it to create a route for IBM Cloud Pak for Multicloud Management:
- icp-management-ingress is the service name created for the management-ingress pod in the ibm-common-services project
- destca.crt is the destination CA certificate of (cp-console route for service icp-management-ingress) the route in ibm-common-services created for IBM Cloud Pak for Multicloud Management initially during IBM Cloud Pak Multicloud Management deployment
- mcm.cp4mcm.com is the user-chosen custom host for the Cloud Pak
Step 3: Update the OIDC registration
After completing the previous steps, the custom URL to access the IBM Cloud Pak for Multicloud Management is registered for OIDC.
Alternatively, you can complete the following steps to configure the custom URL for OIDC:
- Copy the content in the registration-json configmap into the registration.yaml file:
- Create a platform-oidc-registration.json file. Copy the contents of the data- section in the registration.yaml file into the platform-oidc-registration.json file:
- Add the following piece of configuration into the platform-oidc-registration.json file to allow regex with your custom URL for IBM Cloud Pak for Multicloud Management: Add/append your custom URIs in the "redirect_uris" and "post_logout_redirect_uris" parameters of the platform-oidc-registration.json file and then save it:
- Define following variables on the command line to run the command for OIDC registration:
- Save the client secret:
- Save the client ID:
- Save the access IP: Note: FIP is the host name for cp-console route (e.g., cp-console.*****************************.cloud).
- Apply the changes that you made to the platform-oidc-registration.json file by running the following command: Note: <installation directory> stands for the absolute path for the platform-oidc-registration.json file.
Step 4: Run the following command to set the alloedHostHeader parameter to your chosen custom URL
Update as following key-value pair:
The configuration to create your own specific custom URL/host to access the IBM Cloud Pak for Multicloud Management console is now complete. You can now use this URL to access the IBM Cloud Pak for Multicloud Management console: https://mcm.cp4mcm.com