Skip to content
This repository was archived by the owner on Aug 11, 2021. It is now read-only.

8-Using-SSL-In-your-Application.adoc

Latest commit

 

History

History
115 lines (95 loc) · 2.83 KB

8-Using-SSL-In-your-Application.adoc

File metadata and controls

115 lines (95 loc) · 2.83 KB

Using SSL in your application

In this exercise you will set up your application to encrypt traffic with the OpenShift Wildcard certificate.

Step 1: Switch to an existing project

For this exercise, we will use an application that we created before. We will be using the myjbossapp-UserName that you created in the previous labs. Make sure you are switched to that project by using the oc project command. Remember to substitute UserName.

$ oc project myjbossapp-UserName

Step 2: View the routing config

To view the routing config you will need to use the oc get route command

$ oc get route/ks -o yaml

apiVersion: v1
kind: Route
metadata:
  annotations:
    openshift.io/host.generated: "true"
  creationTimestamp: 2016-10-06T06:28:23Z
  labels:
    app: ks
  name: ks
  namespace: myjbossapp-admin
  resourceVersion: "33256"
  selfLink: /oapi/v1/namespaces/myjbossapp-admin/routes/ks
  uid: 14cf078c-8b8e-11e6-ba5b-080027782cf7
spec:
  host: ks-myjbossapp-UserName.apps.workshop.osecloud.com
  port:
    targetPort: 8080-tcp
  to:
    kind: Service
    name: ks
    weight: 100
status:
  ingress:
  - conditions:
    - lastTransitionTime: 2016-10-06T06:28:23Z
      status: "True"
      type: Admitted
    host: ks-myjbossapp-UserName.apps.workshop.osecloud.com
    routerName: router

Note here that the host: is set to the FQDN that your application is running on.

Currently the routing component of OpenShift 3 supports ports 80 and 443. When you first create your route, the mapping of 80 to your pod is done automatically. There are a few things that need to be done in order to get the 443 mapping to work.

Step 3: TLS Edge Termination

OpenShift has a wildcard SSL certificate that it can use for any application. We can use this SSL certificate to serve SSL from our application without having to generate a cert of our own (which is sometimes called SSL-offloading).

Edit your routing configuration:

oc edit route/ks

You are going to add tls: termination: edge right below the host: section. It should look something like this.

apiVersion: v1
kind: Route
metadata:
  annotations:
    openshift.io/host.generated: "true"
  creationTimestamp: 2015-12-22T03:56:30Z
  labels:
    app: ks
  name: ks
  namespace: myjbossapp-shchan
  resourceVersion: "2903142"
  selfLink: /oapi/v1/namespaces/myjbossapp-shchan/routes/ks
  uid: fba5d1e6-a85f-11e5-be21-fa163ec58dad
spec:
  host: ks-myjbossapp-UserName.apps.workshop.osecloud.com
  tls:
    termination: edge
  port:
    targetPort: "8080"
  to:
    kind: Service
    name: ks
status: {}

Step 4: Verify

Verify by visiting your page by using the https:// URI

Congratulations!! In this exercise you have learned about service SSL from your application