fannullone
Flight Engineer
Flight Engineer
  • 335 Views

do280 ch4 - guided exercise: Protect external traffic step 3.1 - missing cert and key parameter

The route is created without specifying --cert and --key parameters.
TLS can not possibly work without a cert. How is this possible?
According to doc these parameters should be specified:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/networking/conf...

 

[student@workstation ~]$ oc get route/todo-https -oyaml
apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: "2024-02-17T07:28:04Z"
labels:
app: todo-http
name: todo-http
name: todo-https
namespace: network-ingress
resourceVersion: "1427346"
uid: 57d32074-a1ca-4d6d-aacf-ac33c6f4e45d
spec:
host: todo-https.apps.ocp4.example.com
tls:
termination: edge
to:
kind: Service
name: todo-http
weight: 100
wildcardPolicy: None

1 Reply
  • 161 Views

I couldn't find an documentation reference, but here's post from blog - https://www.redhat.com/architect/encryption-secure-routes-openshift . 

MalborBoss_0-1713089232761.png

 

If you dont specify certificate, default one is used.

You can see it by looking at deployment of router-default in namespace openshift-ingress, mounted via secret:

MalborBoss_0-1713089540221.png

Once you dump the certificate you can see that there's an wildcard that matches all domains within apps.ocp4.example.com:

MalborBoss_1-1713089589575.png

0 Kudos
Join the discussion
You must log in to join this conversation.