OpenShift: Create Edge Secured Route

If you run a webserver, chances are that you will need a secure edge terminated route with TLS termination occurring on the router before traffic is proxied to the destination.

Create Edge Secured Route

The secure edge terminated route requires a certificate and a key. The TLS certificate is served by the router front end. We want to create a secured route for our PHP application.

Generate a private key:

$ openssl genrsa -out php.key 2048

Generate a CSR:

$ openssl req -new -key php.key -out php.csr  \
  -subj "/C=GB/ST=London/L=London/O=IT/OU=IT/CN=www.example.com"

Generate a self-signed certificate:

$ openssl x509 -req -days 366 -in php.csr  \
      -signkey php.key -out php.crt

Get the name of the service that the route will be created for:

$ oc get svc

Create a route using the certificate and the key:

$ oc create route edge \
  --service=php-service \
  --hostname=www.example.com \
  --key=php.key \
  --cert=php.crt \
  --insecure-policy=Redirect

2 thoughts on “OpenShift: Create Edge Secured Route

  1. Nice, I am studying for the OpenShift v4.2 exam and this is really helpful. The issue I was also running into was creating a pass-through route since you then have to mount the certs inside the container. I’ve seen the yaml for it which involves a VolumeMount: and Volume: section or I just ran into this command to get it working without editing the yaml directly.

    After you’ve made the TLS secret in the same namespace.
    oc set volume dc/dcName –add –type=secret –secret-name=secretName -m /usr/local/etc/ssl/certs/

Leave a Reply

Your email address will not be published. Required fields are marked *