mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
134 lines
4.3 KiB
Plaintext
134 lines
4.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/routes/route-configuration.adoc
|
|
// * microshift_networking/microshift-configuring-routes.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-ingress-creating-a-route-via-an-ingress_{context}"]
|
|
= Creating a route through an Ingress object
|
|
|
|
[role="_abstract"]
|
|
To integrate ecosystem components that require Ingress resources, configure an Ingress object. {product-title} automatically manages the lifecycle of the corresponding route objects, creating and deleting them to ensure seamless connectivity.
|
|
|
|
.Procedure
|
|
|
|
. Define an Ingress object in the {product-title} console or by entering the `oc create` command:
|
|
+
|
|
.YAML Definition of an Ingress
|
|
[source,yaml]
|
|
----
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: frontend
|
|
annotations:
|
|
route.openshift.io/termination: "reencrypt"
|
|
route.openshift.io/destination-ca-certificate-secret: secret-ca-cert
|
|
spec:
|
|
rules:
|
|
- host: www.example.com
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: frontend
|
|
port:
|
|
number: 443
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- www.example.com
|
|
secretName: example-com-tls-certificate
|
|
# ...
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`route.openshift.io/termination`:: Specifies the `route.openshift.io/termination` annotation. You can configure the `spec.tls.termination` parameter of the `Route` because `Ingress` does not have this parameter. The accepted values are `edge`, `passthrough`, and `reencrypt`. All other values are silently ignored. When the annotation value is unset, `edge` is the default route. The TLS certificate details must be defined in the template file to implement the default edge route.
|
|
`rules.host`:: Specifies an explicit hostname for the `Ingress` object. Mandatory parameter. You can use the `<host_name>.<cluster_ingress_domain>` syntax, for example `apps.openshiftdemos.com`, to take advantage of the `*.<cluster_ingress_domain>` wildcard DNS record and serving certificate for the cluster. Otherwise, you must ensure that there is a DNS record for the chosen hostname.
|
|
`destination-ca-certificate-secret`:: Specifies the `route.openshift.io/destination-ca-certificate-secret` annotation. The annotation can be used on an Ingress object to define a route with a custom destination certificate (CA). The annotation references a kubernetes secret, `secret-ca-cert` that will be inserted into the generated route.
|
|
|
|
+
|
|
.. If you specify the `passthrough` value in the `route.openshift.io/termination` annotation, set `path` to `''` and `pathType` to `ImplementationSpecific` in the spec:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
# ...
|
|
spec:
|
|
rules:
|
|
- host: www.example.com
|
|
http:
|
|
paths:
|
|
- path: ''
|
|
pathType: ImplementationSpecific
|
|
backend:
|
|
service:
|
|
name: frontend
|
|
port:
|
|
number: 443
|
|
# ...
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f ingress.yaml
|
|
----
|
|
+
|
|
.. To specify a route object with a destination CA from an ingress object, you must create a `kubernetes.io/tls` or `Opaque` type secret with a certificate in PEM-encoded format in the `data.tls.crt` specifier of the secret.
|
|
|
|
. List your routes:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get routes
|
|
----
|
|
+
|
|
The result includes an autogenerated route whose name starts with `frontend-`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
|
|
frontend-gnztq www.example.com frontend 443 reencrypt/Redirect None
|
|
----
|
|
+
|
|
.YAML definition example of an autogenerated route
|
|
[source,yaml]
|
|
----
|
|
apiVersion: route.openshift.io/v1
|
|
kind: Route
|
|
metadata:
|
|
name: frontend-gnztq
|
|
ownerReferences:
|
|
- apiVersion: networking.k8s.io/v1
|
|
controller: true
|
|
kind: Ingress
|
|
name: frontend
|
|
uid: 4e6c59cc-704d-4f44-b390-617d879033b6
|
|
spec:
|
|
host: www.example.com
|
|
path: /
|
|
port:
|
|
targetPort: https
|
|
tls:
|
|
certificate: |
|
|
-----BEGIN CERTIFICATE-----
|
|
[...]
|
|
-----END CERTIFICATE-----
|
|
insecureEdgeTerminationPolicy: Redirect
|
|
key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
[...]
|
|
-----END RSA PRIVATE KEY-----
|
|
termination: reencrypt
|
|
destinationCACertificate: |
|
|
-----BEGIN CERTIFICATE-----
|
|
[...]
|
|
-----END CERTIFICATE-----
|
|
to:
|
|
kind: Service
|
|
name: frontend
|
|
----
|