Network and Exposure
Expose services, use default gh0stcloud hostnames, bring your own domain, and request egress safely.
Use Network & Exposure for public hostnames, ingress/TLS, BYOD DNS, service-to-service connections, and external egress.
Default gh0stcloud hostname
For a first app, use the platform-managed hostname pattern shown in the portal. The portal reports allowed hostname patterns and ingress classes for the selected assignment.
Your GitOps ingress should include:
- allowed hostname;
- allowed ingress class;
- TLS host;
cert-manager.io/cluster-issuer;- namespace-local TLS secret name.
Compare with: example network docs.
Bring your own domain
BYOD is a separate exposure path. Before adding a custom domain to GitOps:
- Open Network & Exposure.
- Check the hostname validation state.
- Create the required DNS records.
- Use the BYOD issuer only when the portal reports that the domain path is ready.
Do not guess BYOD _acme-challenge CNAME values. Use the portal-provided
target.
Network intent and egress
Network intent defines allowed namespace connections and approved external egress catalog entries. If an egress destination is outside your current bounds, create a change request.
Do not create broad allow-all policies in GitOps. Tenant isolation and egress guardrails are platform-owned.
RPC/function map
| Portal action | gh0stplane surface |
|---|---|
| Load network graph, intent, rendered policy, and observed flow state | GetNetworkWorkspace |
| Save or clear namespace/external egress intent | UpdateTenantNetworkIntent, ClearTenantNetworkIntent |
| Load exposure bounds, route inventory, and BYOD data | GetTenantExposureWorkspace |
| Save or clear exposure intent | UpdateTenantExposureIntent, ClearTenantExposureIntent |
| Validate hostname/DNS readiness | ValidateTenantHostname |
| Request more exposure/egress bounds | CreateTenantChangeRequest |
Common route symptoms
| Symptom | Meaning | Next action |
|---|---|---|
404 | No matching live route. | Check ingress host and route inventory. |
503 | Route exists but no ready backend endpoint. | Check Service selector and pod readiness. |
| TLS missing | Ingress or cert-manager state is incomplete. | Check issuer, TLS hosts, and secret name. |
| Duplicate host | More than one route owns the same host. | Remove stale ingress or request cleanup. |
Questions or ready to get started?
Talk to us