Exposing OpenShift Services to External Domain Using Ingress Controller

I have an OpenShift cluster set up with the default Ingress controller for an internal domain, let's say app.internal.com. I need to expose specific services to the internet and access them via Ingress with an existing external domain, for example, app.external.com/api/....

I attempted to create a second Ingress controller for this external domain, but I've encountered an issue. All of my routes and Ingress resources seem to automatically get assigned to the default internal Ingress controller.

I'm seeking guidance on how to successfully set up an external Ingress controller to handle these routes and direct traffic to the appropriate services. I would greatly appreciate insights into potential configurations, best practices, and any considerations regarding security and scalability.

Thank you in advance for your assistance!

This process of having different multiple routers (Ingress Controllers) is called ingress sharing, or router sharing. There are multiple methods of determining which routes go to which IngressController such as matching labels or matching namespaces.

See the docs for the details: https://docs.openshift.com/container-platform/4.12/networking/ingress-sharding.html

But here is one example directly from the docs for matching on a label selector:

apiVersion: v1
items:
- apiVersion: operator.openshift.io/v1
  kind: IngressController
  metadata:
    name: dev-router
    namespace: openshift-ingress-operator
  spec:
    namespaceSelector:
      matchLabels:
        name: dev