Ingress Operator implements the IngressController API and is the component responsible for enabling external access to OpenShift Container Platform cluster services. This Operator makes this possible by deploying and managing one or more HAProxy-based Ingress Controllers to handle routing.
To find the details of the default IngressController instance:
oc -n openshift-ingress-operator get IngressController default -o jsonpath='{.spec}' | jq '.'
{
"defaultCertificate": {
"name": "xxx-0b75760e30ayyyf686044987e00a0-0000"
},
"endpointPublishingStrategy": {
"loadBalancer": {
"scope": "External"
},
"type": "LoadBalancerService"
},
"nodePlacement": {
"tolerations": [
{
"key": "dedicated",
"value": "edge"
}
]
}
}
As you can see, spec of IngressController has the name of the defaultCertificate Secret it uses for the domain. If domain is not defined in the spec of IngressController, Openshift gets it from Ingress config for the cluster (don’t confuse this Ingress resource (ingress.config.openshift.io) with Ingress resource (ingress.networking.k8s.io) for the apps)
oc get ingress.config.openshift.io cluster -o jsonpath='{.spec}' | jq '.'
{
"domain": "xxx-0b75760e30a12a6a5fyyyy7e00a0-0000.upi.containers.appdomain.cloud"
}
Certificate for the Ingress domain is created in openshift-ingress namespace
More details on IngressController: https://docs.openshift.com/container-platform/4.6/networking/ingress-operator.html