Openshift: create passthrough secure route

0
votes

I'm new to Openshift and I'm currently trying to learn how to create a secure passthrough route. So far I have to create a private key, generate a CSR, and generate a self-signed certificate. I'm getting stuck on the next steps. I believe I have to create a TLS secret and then mount cert inside the container? Can anyone show me the next steps?

Generate private key

$ openssl genrsa -out php.key 2048

generate CSR

$ openssl req -new -key php.key -out php.csr  \
-subj "/C=GB/ST=London/L=London/O=IT/OU=IT/CN=www.example.com"

generate self-signed certificate

$ openssl x509 -req -days 366 -in php.csr  \
  -signkey php.key -out php.crt

After this step I'm not sure how to do the TLS secret and mount cert in container

1
opensslopenshift

1 Answers

1
votes

  1. create a secret under same project $ oc create secret tls php --cert=php.crt --key=php.key

  2. Inject secret in Deployment. $ oc set volumes dc php --add -t secret --secret-name=php -m /usr/local/etc/ssl/certs

  3. Expose your service $ oc create route passthrough php --service=php --hostname=php.apps.example.com

Note: /CN name should be "php.apps.example.com"