Configure domains

Last Updated February 19, 2025

This topic tells you how to create and manage the domains that Kubernetes applications can use in Tanzu Platform.

For conceptual information about domains in Tanzu Platform, see About network ingress.

To create a domain, you must:

Create a DNS provider: This is the service that Tanzu Platform uses to create DNS records for the Global Server Load Balancer (GSLB).
(Optional) Create a certificate provider: This is the service that Tanzu Platform uses to create and manage certificates to enable TLS for the GSLB. If you do not assign a certificate provider to a domain, the GSLB provides HTTP rather than HTTPS.
Create the domain.

After you create a domain, you can create a domain binding to associate a Space with the domain.

Configure DNS providers

Configuring a DNS provider allows you to configure DNS for the domains that your applications use.

Before you begin

Create a GSLB credential in Administration > Infrastructure accounts > Public Cloud services.

Create a DNS provider

To create a DNS provider on Tanzu Platform:

Go to Administration > Infrastructure configuration > Networking > DNS Providers.
Click Create DNS Provider.
Configure the following for the Route53 DNS provider:

Field Instructions

Name Enter a name for the DNS provider

Zone Provide the zone information

GSLB Credential ID From the drop-down menu, select a global server load balancing (GSLB) credential ID.

Field	Instructions
Name	Enter a name for the DNS provider
Zone	Provide the zone information
GSLB Credential ID	From the drop-down menu, select a global server load balancing (GSLB) credential ID.

(Optional) Under Health Check, configure health checks for your domain as follows:

Field	Instructions
Zone	Provide the health check zone information, or enable the Same as DNS Provider zone toggle
Interval	Enter the interval between health checks in seconds. For example, `50`.
Timeout	Enter the time to wait for the health check to fail in seconds. For example, `6`.
Failure Threshold	Enter the maximum number of times the health check can fail. For example, `3`.

Click Create.

Edit a DNS provider

After you create a DNS Provider, to edit the details for the DNS provider using the Tanzu Platform UI:

Go to Administration > Infrastructure configuration > Networking > DNS Providers.
Locate the DNS provider you want to edit.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Edit.
Make the changes you want to the DNS Provider.
Click Save.

Delete a DNS provider

To delete a DNS provider using the Tanzu Platform UI:

In the Tanzu Platform UI, go to Administration > Infrastructure configuration > Networking > DNS Providers.
Locate the DNS provider you want to delete.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Delete.
In the confirmation dialog box, click Delete.

(Optional) Configure a certificate provider

This enables you to add server certificates for the domains that applications use.

Create a certificate provider

To create a certificate provider using the Tanzu Platform UI:

Go to Administration > Infrastructure configuration > Networking > Certificate Providers
Click Create Certificate Provider.
Configure the text boxes with your server certificate as follows:

Field Instructions

Name Enter a name for the certificate provider

Certificate(s) Enter your PEM-encoded server certificate

Key Enter your PEM-encoded private key
Click Create.

Field	Instructions
Name	Enter a name for the certificate provider
Certificate(s)	Enter your PEM-encoded server certificate
Key	Enter your PEM-encoded private key

When the certificate provider is ready for a domain to use, its card will show Ready.

Edit a certificate provider

After you create a certificate provider, to edit the details for the certificate provider using the Tanzu Platform UI:

In the Tanzu Platform UI, go to Administration > Infrastructure configuration > Networking > Certificate Providers
Locate the certificate provider you want to edit.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Edit.
Enter the new certificate and key information.
Click Save.

Delete a certificate provider

To delete a certificate provider using the Tanzu Platform UI:

In the Tanzu Platform UI, go to Administration > Infrastructure configuration > Networking > Certificate Providers
Locate the certificate provider you want to delete.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Delete.
In the confirmation dialog box, click Delete.

Configure domains

This section describes how to create, edit, and delete domains in the Tanzu Platform UI.

Create a domain

To create a domain using the Tanzu Platform UI:

Go to Administration > Infrastructure configuration > Networking > Domains.
Click Create Domain.

Configure basic information for the domain as follows:

Field	Instructions
Name	Enter a name for the domain
DNS Provider	From the drop-down menu, select a DNS provider or choose to manage your own DNS solution. For instructions for creating a DNS provider, see Manage DNS providers earlier in this topic. The zone of the referenced DNS provider must match or be a parent of this domain.
Certificate Provider	From the drop-down menu, select a certificate provider or choose to use unencrypted traffic (HTTP/TCP). For instructions for creating a certificate provider, see Configure certificate providers earlier in this topic.
Subdomains	To allow app operators or developers to automatically generate subdomains for this domain, enable the Auto-assignable toggle
Allowed Subdomains	Specify the allowed subdomains using a comma separated list. If you leave this text box empty, no subdomains are allowed. Use `*` to permit any subdomain.
Ports	To allow app operators or developers to automatically assign a port on this domain, enable the Auto-assignable toggle
Allowed Ports	Specify the allowed ports as a comma separated list. Ranges are supported. If you leave this text box empty, no ports are allowed. Use `*` to permit any port.
Allowed Spaces	Specify the allowed Spaces as a comma separated list. If you leave this text box empty, no Spaces are allowed. Use `*` to permit any Space.

Click Create.

Edit a domain

After you create a domain, to edit the details for the domain using the Tanzu Platform UI:

Go to Administration > Infrastructure configuration > Networking > Domains.
Locate the domain you want to edit.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Edit.
Enter the new domain information.
Click Save.

Delete a domain

To delete a domain using the Tanzu Platform UI:

Go to Administration > Infrastructure configuration > Networking > Domains.
Locate the domain you want to delete.
Click the vertical ellipsis at the top-right of the card.
From the drop-down menu, click Delete.
In the confirmation dialog box, click Delete.

Configure domain bindings

Domain bindings associate a Space with a domain in Tanzu Platform.

Create a domain binding

Tanzu Platform UI

To create a domain binding using the Tanzu Platform UI:

Go to Spaces > Overview.
Select the Space in which you want to create the domain binding.
Go to the Ingress tab. You will see one or more domain bindings cards.
Click Create Domain Binding.

Configure the basic information for the domain binding as follows:

Field	Instructions
Name	Enter a descriptive name for this binding
Domain	Choose from the available domains in your Project
Subdomain	Select Auto-assign to automatically generate a subdomain based on the domain chosen. If you do not configure a subdomain, the binding is set to the exact FQDN of the domain object.
Port	Specify a port to be exposed with this domain, or select Auto-assign for a port to be automatically assigned

(Optional) Configure the advanced settings:

Field	Instructions
Connection	Specify the type of traffic you want the `DomainBinding` to support. The options are HTTP or TCP. HTTPS is included in the HTTP option.
EntryPoint	Specify an `EntryPoint` name. Routes use this to select this `DomainBinding`. If omitted, the platform defaults to `main`.

Tanzu CLI

To create a new DomainBinding resource using the Tanzu CLI:

Set your Space context by running:
```
tanzu space use SPACE-NAME
```
Where SPACE-NAME is the name of the Space you want to use.
Create a DomainBinding by running:
```
tanzu domain-binding create DOMAIN-BINDING-NAME FLAGS
```
Where:
- DOMAIN-BINDING-NAME is the name you want for your DomainBinding.
- FLAGS are the flags to configure domain, port, and entry point. For a complete list of the flags you can use, see tanzu domain-binding in the Tanzu CLI Documentation.
For example, to create a DomainBinding from the domain dev.corp.com and request both a subdomain and a port to be automatically assigned:
```
$ tanzu domain-binding create test --auto-assign-subdomain-of dev.corp.com --auto-assign-port
DomainBinding busy-goose.dev.corp.com created
```

Delete a domain binding

To delete a DomainBinding resource, use the Tanzu CLI:

Set your Space context by running:
```
tanzu space use SPACE-NAME
```
Where SPACE-NAME is the name of the Space you want to use.
Delete the DomainBinding by running:
```
tanzu domain-binding delete DOMAIN-BINDING-NAME
```
Where DOMAIN-BINDING-NAME is the name of the DomainBinding you want to delete.

For example:
```
$ tanzu domain-binding delete test
  DomainBinding test deleted
```

Content feedback and comments

Tanzu Platform SaaS

Configure domains

Configure DNS providers

Before you begin

Create a DNS provider

Edit a DNS provider

Delete a DNS provider

(Optional) Configure a certificate provider

Create a certificate provider

Edit a certificate provider

Delete a certificate provider

Configure domains

Create a domain

Edit a domain

Delete a domain

Configure domain bindings

Create a domain binding

Delete a domain binding