IBM Cloud Pak foundational services endpoints
An endpoint is a network destination address that is exposed by Kubernetes resources, such as services and ingresses. The following sections describe the available external and internal endpoints in your cluster.
The endpoint values are in the ibmcloud-cluster-info configmap.
External endpoints
The foundational service and ingress endpoints are the external endpoints that are used for access from outside the cluster.
Foundational service endpoint
Following is the format of the URL to access the foundational service endpoint:
https://<cluster_address>/<API path>
In the endpoint URL, <cluster_address>
is the IBM Cloud Pak console route. You can get the IBM Cloud Pak console route by running the following command:
oc get route -n ibm-common-services cp-console -o jsonpath=‘{.spec.host}’
Ingress endpoint
The ingress endpoint is one or more ingress proxies that are exposed by workloads that are deployed in your cluster through the ingress resource.
Following is the format of the URL:
https://<proxy_address>/<application path>
In the endpoint URL, <proxy_address>
is the NGINX ingress route host. You can get the NGINX ingress route host by running the following command:
oc -n ibm-common-services get route cp-proxy -o yaml
The NGINX ingress route host is in the spec.host
section.
NodePort endpoint
Workloads can define services that are exposed as NodePorts. If a service uses the NodePort type, it bypasses the proxy endpoint.
Internal Endpoints
Your cluster has an internal network for workloads. Services must communicate with the workloads on the internal cluster network.
Services that need to communicate within the cluster to platform services do so by using the internal management ingress service on the internal cluster network, unless otherwise specified by the service API documentation.
The endpoint to access platform services is https://icp-management-ingress.ibm-common-services:443
. This endpoint is the internal endpoint for the management ingress and is available from all namespaces.
For other services, following are the formats to access the service by using the service name in the local cluster:
- If the service is in the same namespace, the format is
https://<service-name>:443
. - If the service is in a different namespace, the format is
https://<service-name>.<namespace-name>:443
.
For more information, see the following articles:
Custom ingress URLs
By default, the platform-oidc
and platform-auth
ingresses use the localhost for Cross-Origin Resource Sharing (CORS). You can specify additional domains that the ingresses can use.
-
Get information about the ingresses in your cluster.
oc get ingress
-
Edit the
platform-oidc
andplatform-auth
ingresses by using the following command:oc edit ingress <ingress name>
-
Add the domains to the two ingresses. See the following example:
add_header "Access-Control-Allow-Origin" "http://test.com, https://example.com"