Setting Up Custom Domains

This guide explains how to expose your application to the public internet using a clean, custom domain name (e.g., api.yourcompany.com).

Automatic vs. Custom Domain Management

By default, every route you create is automatically assigned a long, fully-qualified domain name (FQDN). This FQDN is dynamically generated based on the resource metadata, providing a unique and predictable endpoint for every service. The format is:

[route-name].[ingress-name].[project-name].[env-name].[ou-name].[org-public-domain]

For example: payment-api-route.api-gateway.payment-gateway.production.retail-banking.fincorp.com

This automatic domain is excellent for development, testing, and internal service-to-service communication. However, for public-facing, production applications, you need a cleaner, more memorable URL.

The PublicIngress manifest is the mechanism you use to achieve this. By setting the spec.domain field in a PublicIngress manifest, you can override the automatic domain generation and expose your services on a clean, custom domain.

The process involves creating two separate manifests:

A PublicIngress to create the load balancer and associate it with your domain.
A HttpRoute (or GrpcRoute, TlsRoute, etc.) to create a rule that directs traffic from a specific path on your domain to your specific application.

Prerequisites

You must have an existing application (e.g., an Application manifest) already defined and running.
Your organization must own the custom domain name you wish to use.
You need to know the identity of your project: organization, organizational-unit, environment, and project.

Step 1: Create a Manifest for Your Public Ingress

First, create a new YAML file to define your public ingress. This resource acts as the secure front door for all public traffic to your project.

Note on File Location: The Engine discovers all manifest files automatically using metadata. You do not need to follow a strict directory structure, though grouping by project is recommended.

Step 2: Define Your `PublicIngress` manifest

Open your new file and add the following content. This manifest defines the load balancer and links it to your desired domain.

apiVersion: lowops.manifests.v1
kind: PublicIngress
metadata:
  name: api-gateway
  # Project identity is defined here:
  project: payment-gateway
  environment: production
  organizational-unit: retail-banking
  organization: fincorp
spec:
  domain: api.fincorp.com

  # (Optional) Secure your ingress with Identity-Aware Proxy (IAP).
  # This block defines who is allowed to access the applications behind this ingress.
  # If omitted, the ingress will be open to the public internet.
  iapPermissions:
    groups:
      - "fincorp-employees@fincorp.com"

Step 3: Create a Manifest for Your HTTP Route

Now that you've defined the front door, you need to create a route that tells traffic where to go. Create a new YAML file for your route.

Step 4: Define Your `HttpRoute` manifest

Open the new route file and add the following content. This manifest links a path on your ingress to your backend application.

apiVersion: lowops.manifests.v1
kind: HttpRoute
metadata:
  name: payment-api-route
  # This links the route to the ingress by name:
  public-ingress: api-gateway 
  project: payment-gateway
  environment: production
  organizational-unit: retail-banking
  organization: fincorp
spec:
  rules:
    - matches:
        # This rule matches requests to "api.fincorp.com/v1/payments/*"
        - prefixMatch: /v1/payments
      action:
        destinations:
          # The application to send the traffic to.
          # This must match the name of an existing Application manifest.
          - deploymentConfig: payment-processing-api
            port: 8080

Step 5: Commit, Review, and Merge

Commit the changes for both new manifest files in a single pull request. After your PR is reviewed and approved, merge it. The platform will automatically provision the new public load balancer and configure the routing rule.

Step 6: Update Your DNS Records (Manual Step)

This is the final, manual step to make your domain live.

Find the IP Address: After your PR is merged, the Infrastream Engine will output the external IP address assigned to your new public ingress. You can also find this address in the computed block of the PublicIngress manifest in the Git repository after the run completes.
Create a DNS Record: Go to your organization's DNS provider (e.g., Google Cloud DNS, GoDaddy, Cloudflare). Create a new A record that points your custom domain to the IP address from Step 1.
- Name: api (or the subdomain you are using)
- Type: A
- Value: [The IP Address provided by Infrastream]

After the DNS changes propagate (which can take a few minutes to a few hours), your application will be accessible at your custom domain.

Automatic vs. Custom Domain Management​

Prerequisites​

Step 1: Create a Manifest for Your Public Ingress​

Step 2: Define Your PublicIngress manifest​

Step 3: Create a Manifest for Your HTTP Route​

Step 4: Define Your HttpRoute manifest​

Step 5: Commit, Review, and Merge​

Step 6: Update Your DNS Records (Manual Step)​