In this exercise you will set up your application to encrypt traffic with the OpenShift Wildcard certificate.
Step 1: Switch to an existing project
For this exercise, we will use an application that we created before. We will be using the binarydeploy-UserName that you created in the previous labs. Make sure you are switched to that project by using the oc project command. Remember to substitute UserName.
$ oc project binarydeploy-UserName
Step 2: View the routing config
To view the routing config you will need to use the oc get route
command
$ oc get route/myapp -o yaml
apiVersion: v1
kind: Route
metadata:
annotations:
openshift.io/host.generated: "true"
creationTimestamp: 2018-04-09T15:40:04Z
labels:
app: myapp
name: myapp
namespace: jimgarrett
resourceVersion: "127925718"
selfLink: /oapi/v1/namespaces/jimgarrett/routes/myapp
uid: 45bc5aec-3c0c-11e8-888a-02722ccca8d2
spec:
host: myapp-jimgarrett.apps.rhpds.openshift.opentlc.com
port:
targetPort: 8080-tcp
to:
kind: Service
name: myapp
weight: 100
wildcardPolicy: None
status:
ingress:
- conditions:
- lastTransitionTime: 2018-04-09T15:40:04Z
status: "True"
type: Admitted
host: myapp-jimgarrett.apps.rhpds.openshift.opentlc.com
routerName: router
wildcardPolicy: None
Note here that the host: is set to the FQDN that your application is
running on.
Currently the routing component of OpenShift 3 supports ports 80 and
443. When you first create your route, the mapping of 80 to your pod
is done automatically. There are a few things that need to be done in
order to get the 443 mapping to work.
Step 3: TLS Edge Termination
OpenShift has a wildcard SSL certificate that it can use for any application. We can use this SSL certificate to serve SSL from our application without having to generate a cert of our own (which is sometimes called SSL-offloading).
Edit your routing configuration:
oc edit route/myapp
You are going to add tls: termination: edge right below the host:
section. It should look something like this.
apiVersion: v1
kind: Route
metadata:
annotations:
openshift.io/host.generated: "true"
creationTimestamp: 2018-04-09T15:40:04Z
labels:
app: myapp
name: myapp
namespace: jimgarrett
resourceVersion: "127925718"
selfLink: /oapi/v1/namespaces/jimgarrett/routes/myapp
uid: 45bc5aec-3c0c-11e8-888a-02722ccca8d2
spec:
host: myapp-jimgarrett.apps.rhpds.openshift.opentlc.com
tls:
termination: edge
port:
targetPort: 8080-tcp
to:
kind: Service
name: myapp
weight: 100
wildcardPolicy: None
status:
ingress:
- conditions:
- lastTransitionTime: 2018-04-09T15:40:04Z
status: "True"
type: Admitted
host: myapp-jimgarrett.apps.rhpds.openshift.opentlc.com
routerName: router
wildcardPolicy: None
Step 4: Verify
Verify by visiting your page by using the https:// URI
Congratulations!! In this exercise you have learned about service SSL from your application
Let’s clean up the project.
oc delete project binarydeploy-UserName