In this exercise you will set up your application to encrypt traffic with the OpenShift Wildcard certificate.
Step 1: Switch to an existing project
For this exercise, we will use an application that we created before. We will be using the myjbossapp-userxx that you created in the previous labs. Make sure you are switched to that project by using the oc project command.
Important
|
Please replace userxx with the username assigned to you in the commands below. |
$ oc project myjbossapp-userxx
Step 2: View the routing config
To view the routing config you will need to use the oc get route
command
$ oc get route/ks -o yaml apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: 2016-10-06T06:28:23Z labels: app: ks name: ks namespace: myjbossapp-userxx resourceVersion: "33256" selfLink: /oapi/v1/namespaces/myjbossapp-userxx/routes/ks uid: 14cf078c-8b8e-11e6-ba5b-080027782cf7 spec: host: ks-myjbossapp-userxx.{{APPS_ADDRESS}} port: targetPort: 8080-tcp to: kind: Service name: ks weight: 100 status: ingress: - conditions: - lastTransitionTime: 2016-10-06T06:28:23Z status: "True" type: Admitted host: ks-myjbossapp-userxx.{{APPS_ADDRESS}} routerName: router
Note here that the host:
is set to the FQDN that your application is
running on.
Currently the routing component of OpenShift 3 supports ports 80
and
443
. When you first create your route, the mapping of 80
to your pod
is done automatically. There are a few things that need to be done in
order to get the 443
mapping to work.
Step 3: TLS Edge Termination
OpenShift has a wildcard SSL certificate that it can use for any application. We can use this SSL certificate to serve SSL from our application without having to generate a cert of our own (which is sometimes called SSL-offloading).
Edit your routing configuration:
oc edit route/ks
You are going to add tls: termination: edge
right below the host:
section. It should look something like this.
apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: 2015-12-22T03:56:30Z labels: app: ks name: ks namespace: myjbossapp-shchan resourceVersion: "2903142" selfLink: /oapi/v1/namespaces/myjbossapp-userxx/routes/ks uid: fba5d1e6-a85f-11e5-be21-fa163ec58dad spec: host: ks-myjbossapp-userxx.{{APPS_ADDRESS}} tls: termination: edge port: targetPort: "8080" to: kind: Service name: ks status: {}
Step 4: Verify
Verify by visiting your page by using the https://
URI
Congratulations!! In this exercise you have learned about service SSL from your application