IBM Cloud Pak foundational services endpoints

An endpoint is a network destination address that is exposed by Kubernetes resources, such as services and ingresses. The following sections describe the available external and internal endpoints in your cluster.

The endpoint values are in the ibmcloud-cluster-info configmap.

External endpoints

The foundational service and ingress endpoints are the external endpoints that are used for access from outside the cluster.

Foundational service endpoint

Following is the format of the URL to access the foundational service endpoint:

https://<cluster_address>/<API path>

In the endpoint URL, <cluster_address> is the IBM Cloud Pak console route. You can get the IBM Cloud Pak console route by running the following command:

oc get route -n ibm-common-services cp-console -o jsonpath=‘{.spec.host}’

Ingress endpoint

The ingress endpoint is one or more ingress proxies that are exposed by workloads that are deployed in your cluster through the ingress resource.

Following is the format of the URL:

https://<proxy_address>/<application path>

In the endpoint URL, <proxy_address> is the NGINX ingress route host. You can get the NGINX ingress route host by running the following command:

oc -n ibm-common-services get route cp-proxy -o yaml

The NGINX ingress route host is in the spec.host section.

NodePort endpoint

Workloads can define services that are exposed as NodePorts. If a service uses the NodePort type, it bypasses the proxy endpoint.

Internal Endpoints

Your cluster has an internal network for workloads. Services must communicate with the workloads on the internal cluster network.

Services that need to communicate within the cluster to platform services do so by using the internal management ingress service on the internal cluster network, unless otherwise specified by the service API documentation.

The endpoint to access platform services is https://icp-management-ingress.ibm-common-services:443. This endpoint is the internal endpoint for the management ingress and is available from all namespaces.

For other services, following are the formats to access the service by using the service name in the local cluster:

For more information, see the following articles:

Custom ingress URLs

By default, the platform-oidc and platform-auth ingresses use the localhost for Cross-Origin Resource Sharing (CORS). You can specify additional domains that the ingresses can use.

  1. Get information about the ingresses in your cluster.

     oc get ingress
    
  2. Edit the platform-oidc and platform-auth ingresses by using the following command:

     oc edit ingress <ingress name>
    
  3. Add the domains to the two ingresses. See the following example:

     add_header "Access-Control-Allow-Origin" "http://test.com, https://example.com"