Access the GitOps console through a domain name - Container Service for Kubernetes

To access the GitOps console of Distributed Cloud Container Platform for Kubernetes (ACK One) through a custom domain name, you can create a CNAME record to map the custom domain name to the default domain name of GitOps, and configure an SSL certificate. Then, you can use a CloudSSO account to access the GitOps console through https://${your-domain}.

Prerequisites

The kubeconfig file of the Fleet instance is obtained in the Distributed Cloud Container Platform for Kubernetes (ACK One) console and a kubectl client is connected to the Fleet instance.

Procedure

Use the kubeconfig file of the Fleet instance to run the following command to obtain the ArgoCD server LB IP:
```
kubectl get svc -nargocd argocd-server -ojsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Log on to Alibaba Cloud DNS and add the custom domain name to the record A of ArgoCD Server LB IP.
Install the SSL certificate in GitOps to allow your browser to trust the domain name.
After the certificate is downloaded, run the following command on the ACK One Fleet instance to create a Secret named argocd-server-tls:
```
kubectl create -n argocd secret tls argocd-server-tls \
  --cert=/path/to/cert.pem \
  --key=/path/to/key.pem
```
Note
When the certificate is about to expire, use a new SSL certificate to renew the Secret.
Replace the default SSO domain name in the argocd-cm file with the custom domain name and restart argocd-server for the modification to take effect.
Note
Replace ${your-domain} with the your domain name.
```
kubectl patch cm -nargocd argocd-cm --type=merge -p '{"data":{"url":"https://${your-domain}"}}'
kubectl -nargocd rollout restart deployment argocd-server
```
Add the custom domain name to the callback URL of the OAuth application in Resource Access Management (RAM).
1. Log on to the RAM console as a RAM administrator.
2. In the left-side navigation pane, choose Integrations > OAuth Preview.
3. On the Enterprise Applications tab, click the ackone-argo-cd-${your-fleet-id}@app.${your-uid}.onaliyun.com application. ${your-fleet-id}} indicates the ID of your ACK One Fleet instance and ${your-uid} indicates the ID of your Alibaba Cloud account.
4. In the Basic Information section, click Edit Basic Information and set Callback URL to https://${your-domain}/auth/callback. Replace ${your-domain} with the custom domain name.
Enter https://${your-domain} into the address bar of the browser and use a CloudSSO account to log on to the GitOps console. Replace ${your-domain} with the custom domain name.

References

For more information about how to use ACK One GitOps to release multi-cluster applications, see Best practice for ACK One GitOps.