diff --git a/README.md b/README.md
index 3200e2bcb..91466f3d6 100644
--- a/README.md
+++ b/README.md
@@ -178,7 +178,7 @@ docker build -t <registry>/<your-username>/console-operator:<version> .
 # following: docker.io/openshift/origin-console-operator:latest
 # for development, you are going to push to an alternate registry.
 # specifically it can look something like this:
-docker build -t quay.io/benjaminapetersen/console-operator:latest .
+docker build -f Dockerfile.rhel7 -t quay.io/benjaminapetersen/console-operator:latest .
 ```
 You can optionally build a specific version.
 
diff --git a/bindata/assets/services/console-nodeport-service.yaml b/bindata/assets/services/console-nodeport-service.yaml
new file mode 100644
index 000000000..6a2f0eb0a
--- /dev/null
+++ b/bindata/assets/services/console-nodeport-service.yaml
@@ -0,0 +1,20 @@
+# This 'console' service manifest is used when the ingress cluster capability is disabled.
+# Service will be exposed using a NodePort to enable the alternative ingress.
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  namespace: openshift-console
+  labels:
+    app: console
+spec:
+  ports:
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8443
+  selector:
+    app: console
+    component: ui
+  type: NodePort
+  sessionAffinity: None
diff --git a/bindata/assets/services/downloads-nodeport-service.yaml b/bindata/assets/services/downloads-nodeport-service.yaml
new file mode 100644
index 000000000..4f9046072
--- /dev/null
+++ b/bindata/assets/services/downloads-nodeport-service.yaml
@@ -0,0 +1,18 @@
+# This 'downloads' service manifest is used when the ingress cluster capability is disabled.
+# Service will be exposed using a NodePort to enable the alternative ingress.
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: openshift-console
+  name: downloads
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: console
+    component: downloads
+  type: NodePort
+  sessionAffinity: None
diff --git a/docs/alb-ingress-rosa-hcp.md b/docs/alb-ingress-rosa-hcp.md
new file mode 100644
index 000000000..ce8b19307
--- /dev/null
+++ b/docs/alb-ingress-rosa-hcp.md
@@ -0,0 +1,115 @@
+# Use AWS ALB as alternative ingress on ROSA HCP
+
+This doc aims at showing the effort needed to expose the OpenShift console via AWS ALB on a ROSA HCP cluster.
+The use case in mind is [HyperShift hosted clusters where the Ingress capability is disabled](https://github.com/openshift/enhancements/pull/1415).
+
+## Requirements
+
+- ROSA HCP OpenShift cluster.
+- [AWS Load Balancer Operator installed and its controller created](https://docs.openshift.com/rosa/networking/aws-load-balancer-operator.html).
+- User logged as a cluster admin.
+
+## Procedure
+
+### Create certificate in AWS Certificate Manager
+
+In order to configure an HTTPS listener on AWS ALB you need to have a certificate created in AWS Certificate Manager.
+You can import an existing certificate or request a new one. Make sure the certificate is created in the same region as your cluster.
+Note the certificate ARN, you will need it later.
+
+### Create Ingress resources for the NodePort services
+
+To provision ALBs create the following resources:
+```bash
+cat <<EOF | oc apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: instance
+    alb.ingress.kubernetes.io/backend-protocol: HTTPS
+    alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
+  name: console
+  namespace: openshift-console
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: console
+                port:
+                  number: 443
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: instance
+    alb.ingress.kubernetes.io/backend-protocol: HTTP
+    alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
+  name: downloads
+  namespace: openshift-console
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: downloads
+                port:
+                  number: 80
+EOF
+```
+
+### Update console config
+
+Once the console ALBs are ready you need to let the console operator know which urls to use.
+Update the console operator config providing the custom urls:
+```bash
+$ CONSOLE_ALB_HOST=$(oc -n openshift-console get ing console -o yaml | yq .status.loadBalancer.ingress[0].hostname)
+$ DOWNLOADS_ALB_HOST=$(oc -n openshift-console get ing downloads -o yaml | yq .status.loadBalancer.ingress[0].hostname)
+$ oc patch console.operator.openshift.io cluster --type=merge -p "{\"spec\":{\"ingress\":{\"consoleURL\":\"https://${CONSOLE_ALB_HOST}\",\"clientDownloadsURL\":\"https://${DOWNLOADS_ALB_HOST}\"}}}"
+```
+
+## Notes
+
+1. ROSA HCP does not have the authentication operator, the authentication server is managed centrally by the HyperShift layer:
+```bash
+$ oc -n openshift-authentication-operator get deploy,route
+No resources found
+
+$ oc -n openshift-authentication get pods,routes
+No resources found
+
+$ oc get oauthclient | grep -v console
+NAME                           SECRET                                        WWW-CHALLENGE   TOKEN-MAX-AGE   REDIRECT URIS
+openshift-browser-client                                                     false           default         https://oauth.mytestcluster.5199.s3.devshift.org:443/oauth/token/display
+openshift-challenging-client                                                 true            default         https://oauth.mytestcluster.5199.s3.devshift.org:443/oauth/token/implicit
+
+$ oc -n openshift-console rsh deploy/console curl -k https://openshift.default.svc/.well-known/oauth-authorization-server
+{
+"issuer": "https://oauth.mytestcluster.5199.s3.devshift.org:443",
+"authorization_endpoint": "https://oauth.mytestcluster.5199.s3.devshift.org:443/oauth/authorize",
+"token_endpoint": "https://oauth.mytestcluster.5199.s3.devshift.org:443/oauth/token",
+```
+
+2. When the ingress capability is disabled, the console operator relies on the end user to provide the console and download URLs (using the operator API) for health checks and oauthclient.
+
+3. When the ingress capability is disabled, the console operator skips the implementation of the component route customization.
+
+4. To simulate the absence of ingress connectivity when the ingress capability is disabled, set the desired replicas to zero in the default ingress controller:
+```bash
+$ oc -n openshift-ingress-operator patch ingresscontroller default --type='json' -p='[{"op": "replace", "path": "/spec/replicas", "value":0}]'
+```
+
+## Links
+- [Demo of ALB ingress for the console on ROSA HCP](https://drive.google.com/file/d/1uWZgFbSeZTlDzlFyPW7QcH-625JsbSbw/view)
diff --git a/pkg/console/controllers/clidownloads/controller.go b/pkg/console/controllers/clidownloads/controller.go
index 6fb19710b..f38f97112 100644
--- a/pkg/console/controllers/clidownloads/controller.go
+++ b/pkg/console/controllers/clidownloads/controller.go
@@ -4,6 +4,7 @@ import (
 	// standard lib
 	"context"
 	"fmt"
+	"net/url"
 	"time"
 
 	// kube
@@ -114,25 +115,37 @@ func (c *CLIDownloadsSyncController) Sync(ctx context.Context, controllerContext
 	}
 
 	statusHandler := status.NewStatusHandler(c.operatorClient)
-	ingressConfig, err := c.ingressConfigLister.Get(api.ConfigResourceName)
-	if err != nil {
-		return statusHandler.FlushAndReturn(err)
-	}
 
-	activeRouteName := api.OpenShiftConsoleDownloadsRouteName
-	routeConfig := routesub.NewRouteConfig(updatedOperatorConfig, ingressConfig, activeRouteName)
-	if routeConfig.IsCustomHostnameSet() {
-		activeRouteName = api.OpenshiftDownloadsCustomRouteName
-	}
+	var (
+		downloadsURI *url.URL
+		downloadsErr error
+	)
+	if len(operatorConfig.Spec.Ingress.ClientDownloadsURL) == 0 {
+		ingressConfig, err := c.ingressConfigLister.Get(api.ConfigResourceName)
+		if err != nil {
+			return statusHandler.FlushAndReturn(err)
+		}
 
-	downloadsRoute, downloadsRouteErr := c.routeLister.Routes(api.TargetNamespace).Get(activeRouteName)
-	if downloadsRouteErr != nil {
-		return downloadsRouteErr
-	}
+		activeRouteName := api.OpenShiftConsoleDownloadsRouteName
+		routeConfig := routesub.NewRouteConfig(updatedOperatorConfig, ingressConfig, activeRouteName)
+		if routeConfig.IsCustomHostnameSet() {
+			activeRouteName = api.OpenshiftDownloadsCustomRouteName
+		}
+
+		downloadsRoute, downloadsRouteErr := c.routeLister.Routes(api.TargetNamespace).Get(activeRouteName)
+		if downloadsRouteErr != nil {
+			return downloadsRouteErr
+		}
 
-	downloadsURI, _, downloadsRouteErr := routeapihelpers.IngressURI(downloadsRoute, downloadsRoute.Spec.Host)
-	if downloadsRouteErr != nil {
-		return downloadsRouteErr
+		downloadsURI, _, downloadsErr = routeapihelpers.IngressURI(downloadsRoute, downloadsRoute.Spec.Host)
+		if downloadsErr != nil {
+			return downloadsErr
+		}
+	} else {
+		downloadsURI, downloadsErr = url.Parse(operatorConfig.Spec.Ingress.ClientDownloadsURL)
+		if downloadsErr != nil {
+			return fmt.Errorf("failed to parse downloads url: %w", downloadsErr)
+		}
 	}
 
 	ocConsoleCLIDownloads := PlatformBasedOCConsoleCLIDownloads(downloadsURI.String(), api.OCCLIDownloadsCustomResourceName)
diff --git a/pkg/console/controllers/healthcheck/controller.go b/pkg/console/controllers/healthcheck/controller.go
index 5f5a70e0b..6756bcba9 100644
--- a/pkg/console/controllers/healthcheck/controller.go
+++ b/pkg/console/controllers/healthcheck/controller.go
@@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"fmt"
 	"net/http"
+	"net/url"
 	"time"
 
 	// k8s
@@ -78,7 +79,6 @@ func NewHealthCheckController(
 			util.IncludeNamesFilter(api.ConfigResourceName),
 			operatorConfigInformer.Informer(),
 			configV1Informers.Ingresses().Informer(),
-			configV1Informers.Infrastructures().Informer(),
 		).WithFilteredEventsInformers( // service
 		util.IncludeNamesFilter(api.TrustedCAConfigMapName, api.OAuthServingCertConfigMapName),
 		configMapInformer.Informer(),
@@ -153,10 +153,22 @@ func (c *HealthCheckController) CheckRouteHealth(ctx context.Context, operatorCo
 		retry.DefaultRetry,
 		func(err error) bool { return err != nil },
 		func() error {
-			url, _, err := routeapihelpers.IngressURI(route, route.Spec.Host)
-			if err != nil {
-				reason = "RouteNotAdmitted"
-				return fmt.Errorf("console route is not admitted")
+			var (
+				url *url.URL
+				err error
+			)
+			if len(operatorConfig.Spec.Ingress.ConsoleURL) == 0 {
+				url, _, err = routeapihelpers.IngressURI(route, route.Spec.Host)
+				if err != nil {
+					reason = "RouteNotAdmitted"
+					return fmt.Errorf("console route is not admitted")
+				}
+			} else {
+				url, err = url.Parse(operatorConfig.Spec.Ingress.ConsoleURL)
+				if err != nil {
+					reason = "FailedParseConsoleURL"
+					return fmt.Errorf("failed to parse console url: %w", err)
+				}
 			}
 
 			caPool, err := c.getCA(ctx, route.Spec.TLS)
diff --git a/pkg/console/controllers/oauthclients/oauthclients.go b/pkg/console/controllers/oauthclients/oauthclients.go
index 557247499..bad50bd6d 100644
--- a/pkg/console/controllers/oauthclients/oauthclients.go
+++ b/pkg/console/controllers/oauthclients/oauthclients.go
@@ -3,6 +3,7 @@ package oauthclients
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
@@ -131,15 +132,26 @@ func (c *oauthClientsController) sync(ctx context.Context, controllerContext fac
 		return err
 	}
 
-	routeName := api.OpenShiftConsoleRouteName
-	routeConfig := routesub.NewRouteConfig(operatorConfig, ingressConfig, routeName)
-	if routeConfig.IsCustomHostnameSet() {
-		routeName = api.OpenshiftConsoleCustomRouteName
-	}
-
-	_, consoleURL, _, routeErr := routesub.GetActiveRouteInfo(c.routesLister, routeName)
-	if routeErr != nil {
-		return routeErr
+	var consoleURL *url.URL
+
+	if len(operatorConfig.Spec.Ingress.ConsoleURL) == 0 {
+		routeName := api.OpenShiftConsoleRouteName
+		routeConfig := routesub.NewRouteConfig(operatorConfig, ingressConfig, routeName)
+		if routeConfig.IsCustomHostnameSet() {
+			routeName = api.OpenshiftConsoleCustomRouteName
+		}
+
+		_, url, _, routeErr := routesub.GetActiveRouteInfo(c.routesLister, routeName)
+		if routeErr != nil {
+			return routeErr
+		}
+		consoleURL = url
+	} else {
+		url, err := url.Parse(operatorConfig.Spec.Ingress.ConsoleURL)
+		if err != nil {
+			return fmt.Errorf("failed to parse console url: %w", err)
+		}
+		consoleURL = url
 	}
 
 	waitCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
diff --git a/pkg/console/controllers/route/controller.go b/pkg/console/controllers/route/controller.go
index b3867b368..a6343ed16 100644
--- a/pkg/console/controllers/route/controller.go
+++ b/pkg/console/controllers/route/controller.go
@@ -40,11 +40,13 @@ type RouteSyncController struct {
 	routeName            string
 	isHealthCheckEnabled bool
 	// clients
-	operatorClient       v1helpers.OperatorClient
-	routeClient          routeclientv1.RoutesGetter
-	operatorConfigLister operatorv1listers.ConsoleLister
-	ingressConfigLister  configlistersv1.IngressLister
-	secretLister         corev1listers.SecretLister
+	operatorClient             v1helpers.OperatorClient
+	routeClient                routeclientv1.RoutesGetter
+	operatorConfigLister       operatorv1listers.ConsoleLister
+	ingressConfigLister        configlistersv1.IngressLister
+	secretLister               corev1listers.SecretLister
+	infrastructureConfigLister configlistersv1.InfrastructureLister
+	clusterVersionLister       configlistersv1.ClusterVersionLister
 }
 
 func NewRouteSyncController(
@@ -63,13 +65,15 @@ func NewRouteSyncController(
 	recorder events.Recorder,
 ) factory.Controller {
 	ctrl := &RouteSyncController{
-		routeName:            routeName,
-		isHealthCheckEnabled: isHealthCheckEnabled,
-		operatorClient:       operatorClient,
-		operatorConfigLister: operatorConfigInformer.Lister(),
-		ingressConfigLister:  configInformer.Config().V1().Ingresses().Lister(),
-		routeClient:          routev1Client,
-		secretLister:         secretInformer.Lister(),
+		routeName:                  routeName,
+		isHealthCheckEnabled:       isHealthCheckEnabled,
+		operatorClient:             operatorClient,
+		operatorConfigLister:       operatorConfigInformer.Lister(),
+		ingressConfigLister:        configInformer.Config().V1().Ingresses().Lister(),
+		routeClient:                routev1Client,
+		secretLister:               secretInformer.Lister(),
+		infrastructureConfigLister: configInformer.Config().V1().Infrastructures().Lister(),
+		clusterVersionLister:       configInformer.Config().V1().ClusterVersions().Lister(),
 	}
 
 	configV1Informers := configInformer.Config().V1()
@@ -114,6 +118,35 @@ func (c *RouteSyncController) Sync(ctx context.Context, controllerContext factor
 
 	statusHandler := status.NewStatusHandler(c.operatorClient)
 
+	// Do not proceed to the route checks if alternative ingress is requested.
+	switch c.routeName {
+	case api.OpenShiftConsoleRouteName:
+		if len(operatorConfig.Spec.Ingress.ConsoleURL) != 0 {
+			return statusHandler.FlushAndReturn(nil)
+		}
+	case api.OpenShiftConsoleDownloadsRouteName:
+		if len(operatorConfig.Spec.Ingress.ClientDownloadsURL) != 0 {
+			return statusHandler.FlushAndReturn(nil)
+		}
+	}
+
+	infrastructureConfig, err := c.infrastructureConfigLister.Get(api.ConfigResourceName)
+	if err != nil {
+		return statusHandler.FlushAndReturn(err)
+	}
+
+	clusterVersionConfig, err := c.clusterVersionLister.Get("version")
+	if err != nil {
+		return statusHandler.FlushAndReturn(err)
+	}
+
+	// Disable the route check for external control plane topology (hypershift) if the ingress capability is disabled.
+	// The components will miss the required RBAC to implement the custom hostname or TLS.
+	// Link: https://github.com/openshift/enhancements/blob/f5290a98ea4f23f8e76621806b656a3849c74a17/enhancements/ingress/optional-ingress-hypershift.md#component-routes.
+	if util.IsExternalControlPlaneWithIngressDisabled(infrastructureConfig, clusterVersionConfig) {
+		return statusHandler.FlushAndReturn(nil)
+	}
+
 	ingressConfig, err := c.ingressConfigLister.Get(api.ConfigResourceName)
 	if err != nil {
 		return statusHandler.FlushAndReturn(err)
diff --git a/pkg/console/controllers/service/controller.go b/pkg/console/controllers/service/controller.go
index 93b558c4d..50397339f 100644
--- a/pkg/console/controllers/service/controller.go
+++ b/pkg/console/controllers/service/controller.go
@@ -38,8 +38,10 @@ type ServiceSyncController struct {
 	operatorClient v1helpers.OperatorClient
 	serviceClient  coreclientv1.ServicesGetter
 
-	operatorConfigLister operatorv1listers.ConsoleLister
-	ingressConfigLister  configlistersv1.IngressLister
+	operatorConfigLister       operatorv1listers.ConsoleLister
+	ingressConfigLister        configlistersv1.IngressLister
+	infrastructureConfigLister configlistersv1.InfrastructureLister
+	clusterVersionLister       configlistersv1.ClusterVersionLister
 }
 
 // factory func needs clients and informers
@@ -60,11 +62,13 @@ func NewServiceSyncController(
 ) factory.Controller {
 
 	ctrl := &ServiceSyncController{
-		serviceName:          serviceName,
-		operatorClient:       operatorClient,
-		operatorConfigLister: operatorConfigInformer.Lister(),
-		ingressConfigLister:  configInformer.Config().V1().Ingresses().Lister(),
-		serviceClient:        corev1Client,
+		serviceName:                serviceName,
+		operatorClient:             operatorClient,
+		operatorConfigLister:       operatorConfigInformer.Lister(),
+		ingressConfigLister:        configInformer.Config().V1().Ingresses().Lister(),
+		serviceClient:              corev1Client,
+		infrastructureConfigLister: configInformer.Config().V1().Infrastructures().Lister(),
+		clusterVersionLister:       configInformer.Config().V1().ClusterVersions().Lister(),
 	}
 
 	configV1Informers := configInformer.Config().V1()
@@ -110,10 +114,22 @@ func (c *ServiceSyncController) Sync(ctx context.Context, controllerContext fact
 	if err != nil {
 		return statusHandler.FlushAndReturn(err)
 	}
+	infrastructureConfig, err := c.infrastructureConfigLister.Get(api.ConfigResourceName)
+	if err != nil {
+		return statusHandler.FlushAndReturn(err)
+	}
+	clusterVersionConfig, err := c.clusterVersionLister.Get("version")
+	if err != nil {
+		return statusHandler.FlushAndReturn(err)
+	}
+
+	// Change the type of the service to NodePort if the ingress capability is disabled.
+	ingressDisabled := util.IsExternalControlPlaneWithIngressDisabled(infrastructureConfig, clusterVersionConfig)
+
 	// Service name matches the Route's so it can be used as well, for creating RouteConfig
 	routeConfig := routesub.NewRouteConfig(updatedOperatorConfig, ingressConfig, c.serviceName)
 
-	requiredSvc := c.getDefaultService()
+	requiredSvc := c.getDefaultService(ingressDisabled)
 	_, _, svcErr := resourceapply.ApplyService(ctx, c.serviceClient, controllerContext.Recorder(), requiredSvc)
 	statusHandler.AddConditions(status.HandleProgressingOrDegraded("ServiceSync", "FailedApply", svcErr))
 	if svcErr != nil {
@@ -152,8 +168,13 @@ func (c *ServiceSyncController) removeService(ctx context.Context, serviceName s
 	return err
 }
 
-func (c *ServiceSyncController) getDefaultService() *corev1.Service {
-	service := resourceread.ReadServiceV1OrDie(bindata.MustAsset(fmt.Sprintf("assets/services/%s-service.yaml", c.serviceName)))
+func (c *ServiceSyncController) getDefaultService(ingressDisabled bool) *corev1.Service {
+	var service *corev1.Service
+	if !ingressDisabled {
+		service = resourceread.ReadServiceV1OrDie(bindata.MustAsset(fmt.Sprintf("assets/services/%s-service.yaml", c.serviceName)))
+	} else {
+		service = resourceread.ReadServiceV1OrDie(bindata.MustAsset(fmt.Sprintf("assets/services/%s-nodeport-service.yaml", c.serviceName)))
+	}
 
 	return service
 }
diff --git a/pkg/console/controllers/util/util.go b/pkg/console/controllers/util/util.go
index c2c18fa4a..968f66dc6 100644
--- a/pkg/console/controllers/util/util.go
+++ b/pkg/console/controllers/util/util.go
@@ -1,8 +1,6 @@
 package util
 
 import (
-	//k8s
-
 	"context"
 	"fmt"
 
@@ -11,7 +9,9 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/klog/v2"
 
+	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
+
 	"github.com/openshift/library-go/pkg/controller/factory"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
 )
@@ -84,3 +84,17 @@ func HandleManagementState(ctx context.Context, c consoleOperatorController, ope
 		return fmt.Errorf("console is in an unknown state: %v", managementState)
 	}
 }
+
+// IsExternalControlPlaneWithIngressDisabled returns true if the cluster is in external control plane topology (hypershift)
+// and the ingress cluster capability is disabled.
+func IsExternalControlPlaneWithIngressDisabled(infrastructureConfig *configv1.Infrastructure, clusterVersionConfig *configv1.ClusterVersion) bool {
+	isIngressCapabilityEnabled := false
+	for _, capability := range clusterVersionConfig.Status.Capabilities.EnabledCapabilities {
+		if capability == configv1.ClusterVersionCapabilityIngress {
+			isIngressCapabilityEnabled = true
+			break
+		}
+	}
+
+	return infrastructureConfig.Status.ControlPlaneTopology == configv1.ExternalTopologyMode && !isIngressCapabilityEnabled
+}
diff --git a/pkg/console/controllers/util/util_test.go b/pkg/console/controllers/util/util_test.go
index b3aff3c4b..35a32566f 100644
--- a/pkg/console/controllers/util/util_test.go
+++ b/pkg/console/controllers/util/util_test.go
@@ -6,6 +6,8 @@ import (
 	"github.com/go-test/deep"
 	v1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	configv1 "github.com/openshift/api/config/v1"
 )
 
 var (
@@ -141,3 +143,85 @@ func TestLabelFilter(t *testing.T) {
 	}
 
 }
+
+func TestIsExternalControlPlaneWithIngressDisabled(t *testing.T) {
+	type args struct {
+		infraConfig    *configv1.Infrastructure
+		clusterVersion *configv1.ClusterVersion
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "Test ingress capability disabled",
+			args: args{
+				infraConfig: &configv1.Infrastructure{
+					Status: configv1.InfrastructureStatus{
+						ControlPlaneTopology: configv1.ExternalTopologyMode,
+					},
+				},
+				clusterVersion: &configv1.ClusterVersion{
+					Status: configv1.ClusterVersionStatus{
+						Capabilities: configv1.ClusterVersionCapabilitiesStatus{
+							EnabledCapabilities: []configv1.ClusterVersionCapability{
+								configv1.ClusterVersionCapabilityOpenShiftSamples,
+							},
+						},
+					},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "Test ingress capability enabled",
+			args: args{
+				infraConfig: &configv1.Infrastructure{
+					Status: configv1.InfrastructureStatus{
+						ControlPlaneTopology: configv1.ExternalTopologyMode,
+					},
+				},
+				clusterVersion: &configv1.ClusterVersion{
+					Status: configv1.ClusterVersionStatus{
+						Capabilities: configv1.ClusterVersionCapabilitiesStatus{
+							EnabledCapabilities: []configv1.ClusterVersionCapability{
+								configv1.ClusterVersionCapabilityOpenShiftSamples,
+								configv1.ClusterVersionCapabilityIngress,
+							},
+						},
+					},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "Test control plane topology is not external",
+			args: args{
+				infraConfig: &configv1.Infrastructure{
+					Status: configv1.InfrastructureStatus{
+						ControlPlaneTopology: configv1.HighlyAvailableTopologyMode,
+					},
+				},
+				clusterVersion: &configv1.ClusterVersion{
+					Status: configv1.ClusterVersionStatus{
+						Capabilities: configv1.ClusterVersionCapabilitiesStatus{
+							EnabledCapabilities: []configv1.ClusterVersionCapability{
+								configv1.ClusterVersionCapabilityOpenShiftSamples,
+							},
+						},
+					},
+				},
+			},
+			want: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if diff := deep.Equal(IsExternalControlPlaneWithIngressDisabled(tt.args.infraConfig, tt.args.clusterVersion), tt.want); diff != nil {
+				t.Error(diff)
+			}
+		})
+	}
+}
diff --git a/pkg/console/operator/sync_v400.go b/pkg/console/operator/sync_v400.go
index a56a38cd8..3db923a11 100644
--- a/pkg/console/operator/sync_v400.go
+++ b/pkg/console/operator/sync_v400.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 
@@ -50,28 +51,42 @@ import (
 // the loop.
 func (co *consoleOperator) sync_v400(ctx context.Context, controllerContext factory.SyncContext, updatedOperatorConfig *operatorv1.Console, set configSet) error {
 	klog.V(4).Infoln("running sync loop 4.0.0")
-	statusHandler := status.NewStatusHandler(co.operatorClient)
 
-	// track changes, may trigger ripples & update operator config or console config status
-	toUpdate := false
+	var (
+		statusHandler = status.NewStatusHandler(co.operatorClient)
+		// track changes, may trigger ripples & update operator config or console config status
+		toUpdate     = false
+		consoleRoute *routev1.Route
+		consoleURL   *url.URL
+	)
 
-	routeName := api.OpenShiftConsoleRouteName
-	routeConfig := routesub.NewRouteConfig(updatedOperatorConfig, set.Ingress, routeName)
-	if routeConfig.IsCustomHostnameSet() {
-		routeName = api.OpenshiftConsoleCustomRouteName
-	}
+	if len(set.Operator.Spec.Ingress.ConsoleURL) == 0 {
+		routeName := api.OpenShiftConsoleRouteName
+		routeConfig := routesub.NewRouteConfig(updatedOperatorConfig, set.Ingress, routeName)
+		if routeConfig.IsCustomHostnameSet() {
+			routeName = api.OpenshiftConsoleCustomRouteName
+		}
 
-	route, consoleURL, routeReasoneErr, routeErr := routesub.GetActiveRouteInfo(co.routeLister, routeName)
-	// TODO: this controller is no longer responsible for syncing the route.
-	//   however, the route is essential for several of the components below.
-	//   - the loop should exit early and wait until the RouteSyncController creates the route.
-	//     there is nothing new in this flow, other than 2 controllers now look
-	//     at the same resource.
-	//     - RouteSyncController is responsible for updates
-	//     - ConsoleOperatorController (future ConsoleDeploymentController) is responsible for reads only.
-	statusHandler.AddConditions(status.HandleProgressingOrDegraded("SyncLoopRefresh", routeReasoneErr, routeErr))
-	if routeErr != nil {
-		return statusHandler.FlushAndReturn(routeErr)
+		route, url, routeReasonErr, routeErr := routesub.GetActiveRouteInfo(co.routeLister, routeName)
+		// TODO: this controller is no longer responsible for syncing the route.
+		//   however, the route is essential for several of the components below.
+		//   - the loop should exit early and wait until the RouteSyncController creates the route.
+		//     there is nothing new in this flow, other than 2 controllers now look
+		//     at the same resource.
+		//     - RouteSyncController is responsible for updates
+		//     - ConsoleOperatorController (future ConsoleDeploymentController) is responsible for reads only.
+		statusHandler.AddConditions(status.HandleProgressingOrDegraded("SyncLoopRefresh", routeReasonErr, routeErr))
+		if routeErr != nil {
+			return statusHandler.FlushAndReturn(routeErr)
+		}
+		consoleRoute = route
+		consoleURL = url
+	} else {
+		url, err := url.Parse(set.Operator.Spec.Ingress.ConsoleURL)
+		if err != nil {
+			return statusHandler.FlushAndReturn(fmt.Errorf("failed to get console url: %w", err))
+		}
+		consoleURL = url
 	}
 
 	authnConfig, err := co.authnConfigLister.Get(api.ConfigResourceName)
@@ -107,8 +122,9 @@ func (co *consoleOperator) sync_v400(ctx context.Context, controllerContext fact
 		set.OAuth,
 		authServerCAConfig,
 		authnConfig,
-		route,
+		consoleRoute,
 		controllerContext.Recorder(),
+		consoleURL.Hostname(),
 	)
 	toUpdate = toUpdate || cmChanged
 	statusHandler.AddConditions(status.HandleProgressingOrDegraded("ConfigMapSync", cmErrReason, cmErr))
@@ -325,6 +341,7 @@ func (co *consoleOperator) SyncConfigMap(
 	authConfig *configv1.Authentication,
 	activeConsoleRoute *routev1.Route,
 	recorder events.Recorder,
+	consoleHost string,
 ) (consoleConfigMap *corev1.ConfigMap, changed bool, reason string, err error) {
 
 	managedConfig, mcErr := co.managedNSConfigMapLister.ConfigMaps(api.OpenShiftConfigManagedNamespace).Get(api.OpenShiftConsoleConfigMapName)
@@ -398,6 +415,7 @@ func (co *consoleOperator) SyncConfigMap(
 		nodeOperatingSystems,
 		copiedCSVsDisabled,
 		telemetryConfig,
+		consoleHost,
 	)
 	if err != nil {
 		return nil, false, "FailedConsoleConfigBuilder", err
diff --git a/pkg/console/subresource/configmap/configmap.go b/pkg/console/subresource/configmap/configmap.go
index 8e5064c55..5aa812327 100644
--- a/pkg/console/subresource/configmap/configmap.go
+++ b/pkg/console/subresource/configmap/configmap.go
@@ -47,12 +47,13 @@ func DefaultConfigMap(
 	nodeOperatingSystems []string,
 	copiedCSVsDisabled bool,
 	telemeterConfig map[string]string,
+	consoleHost string,
 ) (consoleConfigMap *corev1.ConfigMap, unsupportedOverridesHaveMerged bool, err error) {
 
 	apiServerURL := infrastructuresub.GetAPIServerURL(infrastructureConfig)
 
 	defaultBuilder := &consoleserver.ConsoleServerCLIConfigBuilder{}
-	defaultConfig, err := defaultBuilder.Host(activeConsoleRoute.Spec.Host).
+	defaultConfig, err := defaultBuilder.Host(consoleHost).
 		LogoutURL(defaultLogoutURL).
 		Brand(DEFAULT_BRAND).
 		DocURL(DEFAULT_DOC_URL).
@@ -71,7 +72,10 @@ func DefaultConfigMap(
 
 	extractedManagedConfig := extractYAML(managedConfig)
 	userDefinedBuilder := &consoleserver.ConsoleServerCLIConfigBuilder{}
-	userDefinedConfig, err := userDefinedBuilder.Host(activeConsoleRoute.Spec.Host).
+	if activeConsoleRoute != nil {
+		userDefinedBuilder = userDefinedBuilder.CustomHostnameRedirectPort(isCustomRoute(activeConsoleRoute))
+	}
+	userDefinedConfig, err := userDefinedBuilder.Host(consoleHost).
 		LogoutURL(consoleConfig.Spec.Authentication.LogoutRedirect).
 		Brand(operatorConfig.Spec.Customization.Brand).
 		DocURL(operatorConfig.Spec.Customization.DocumentationBaseURL).
@@ -86,7 +90,6 @@ func DefaultConfigMap(
 		CustomDeveloperCatalog(operatorConfig.Spec.Customization.DeveloperCatalog).
 		ProjectAccess(operatorConfig.Spec.Customization.ProjectAccess).
 		QuickStarts(operatorConfig.Spec.Customization.QuickStarts).
-		CustomHostnameRedirectPort(isCustomRoute(activeConsoleRoute)).
 		AddPage(operatorConfig.Spec.Customization.AddPage).
 		Perspectives(operatorConfig.Spec.Customization.Perspectives).
 		StatusPageID(statusPageId(operatorConfig)).
diff --git a/pkg/console/subresource/configmap/configmap_test.go b/pkg/console/subresource/configmap/configmap_test.go
index a93033711..3567eb746 100644
--- a/pkg/console/subresource/configmap/configmap_test.go
+++ b/pkg/console/subresource/configmap/configmap_test.go
@@ -1069,6 +1069,7 @@ providers: {}
 				tt.args.nodeOperatingSystems,
 				tt.args.copiedCSVsDisabled,
 				tt.args.telemetryConfig,
+				tt.args.rt.Spec.Host,
 			)
 
 			// marshall the exampleYaml to map[string]interface{} so we can use it in diff below