Skip to content

Latest commit

 

History

History
116 lines (96 loc) · 2.81 KB

8-using-ssl-app.adoc

File metadata and controls

116 lines (96 loc) · 2.81 KB
Raw

Using SSL in your application

In this exercise you will set up your application to encrypt traffic with the OpenShift Wildcard certificate.

Step 1: Switch to an existing project

For this exercise, we will use an application that we created before. We will be using the myjbossapp-userxx that you created in the previous labs. Make sure you are switched to that project by using the oc project command.

Important
 Please replace userxx with the username assigned to you in the commands below. 
$ oc project myjbossapp-userxx

Step 2: View the routing config

To view the routing config you will need to use the oc get route command

$ oc get route/ks -o yaml

apiVersion: v1
kind: Route
metadata:
  annotations:
    openshift.io/host.generated: "true"
  creationTimestamp: 2016-10-06T06:28:23Z
  labels:
    app: ks
  name: ks
  namespace: myjbossapp-userxx
  resourceVersion: "33256"
  selfLink: /oapi/v1/namespaces/myjbossapp-userxx/routes/ks
  uid: 14cf078c-8b8e-11e6-ba5b-080027782cf7
spec:
  host: ks-myjbossapp-userxx.{{APPS_ADDRESS}}
  port:
    targetPort: 8080-tcp
  to:
    kind: Service
    name: ks
    weight: 100
status:
  ingress:
  - conditions:
    - lastTransitionTime: 2016-10-06T06:28:23Z
      status: "True"
      type: Admitted
    host: ks-myjbossapp-userxx.{{APPS_ADDRESS}}
    routerName: router

Note here that the host: is set to the FQDN that your application is running on.

Currently the routing component of OpenShift 3 supports ports 80 and 443. When you first create your route, the mapping of 80 to your pod is done automatically. There are a few things that need to be done in order to get the 443 mapping to work.

Step 3: TLS Edge Termination

OpenShift has a wildcard SSL certificate that it can use for any application. We can use this SSL certificate to serve SSL from our application without having to generate a cert of our own (which is sometimes called SSL-offloading).

Edit your routing configuration:

oc edit route/ks

You are going to add tls: termination: edge right below the host: section. It should look something like this.

apiVersion: v1
kind: Route
metadata:
  annotations:
    openshift.io/host.generated: "true"
  creationTimestamp: 2015-12-22T03:56:30Z
  labels:
    app: ks
  name: ks
  namespace: myjbossapp-shchan
  resourceVersion: "2903142"
  selfLink: /oapi/v1/namespaces/myjbossapp-userxx/routes/ks
  uid: fba5d1e6-a85f-11e5-be21-fa163ec58dad
spec:
  host: ks-myjbossapp-userxx.{{APPS_ADDRESS}}
  tls:
    termination: edge
  port:
    targetPort: "8080"
  to:
    kind: Service
    name: ks
status: {}

Step 4: Verify

Verify by visiting your page by using the https:// URI

Congratulations!! In this exercise you have learned about service SSL from your application