mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
137 lines
3.3 KiB
Plaintext
137 lines
3.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/understanding-networking.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-understanding-networking-routes-ingress-example_{context}"]
|
|
= Example: Configuring routes and ingress to expose a web application
|
|
|
|
A web application is running on your {product-title} cluster. You want to make the application accessible to external users. The application should be accessible through a specific domain name, and the traffic should be securely encrypted using TLS. The following example shows how to configure both routes and ingress to expose your web application to external traffic securely.
|
|
|
|
[id="nw-understanding-networking-routes-ingress-example-routes_{context}"]
|
|
== Configuring Routes
|
|
|
|
. Create a new project.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc new-project webapp-project
|
|
----
|
|
|
|
. Deploy the web application.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc new-app nodejs:12~https://github.com/sclorg/nodejs-ex.git --name=webapp
|
|
----
|
|
|
|
. Expose the service with a Route.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc expose svc/webapp --hostname=webapp.example.com
|
|
----
|
|
|
|
. Secure the Route with TLS.
|
|
|
|
.. Create a TLS secret with your certificate and key.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc create secret tls webapp-tls --cert=path/to/tls.crt --key=path/to/tls.key
|
|
----
|
|
|
|
.. Update the route to use the TLS secret.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc patch route/webapp -p '{"spec":{"tls":{"termination":"edge","certificate":"path/to/tls.crt","key":"path/to/tls.key"}}}'
|
|
----
|
|
|
|
[id="nw-understanding-networking-routes-ingress-example-ingress_{context}"]
|
|
== Configuring ingress
|
|
|
|
. Create an ingress resource.
|
|
+
|
|
Ensure your ingress Controller is installed and running in the cluster.
|
|
|
|
. Create a service for the web application. If not already created, expose the application as a service.
|
|
+
|
|
[source, yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: webapp-service
|
|
namespace: webapp-project
|
|
spec:
|
|
selector:
|
|
app: webapp
|
|
ports:
|
|
- protocol: TCP
|
|
port: 80
|
|
targetPort: 8080
|
|
----
|
|
|
|
. Create the ingress resource.
|
|
+
|
|
[source, yaml]
|
|
----
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: webapp-ingress
|
|
namespace: webapp-project
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
spec:
|
|
rules:
|
|
- host: webapp.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: webapp-service
|
|
port:
|
|
number: 80
|
|
----
|
|
|
|
. Secure the ingress with TLS.
|
|
|
|
.. Create a TLS secret with your certificate and key.
|
|
+
|
|
[source, terminal]
|
|
----
|
|
$ oc create secret tls webapp-tls --cert=path/to/tls.crt --key=path/to/tls.key -n webapp-project
|
|
----
|
|
|
|
.. Update the ingress resource to use the TLS secret.
|
|
+
|
|
[source, yaml]
|
|
----
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: webapp-ingress
|
|
namespace: webapp-project
|
|
spec:
|
|
tls: <1>
|
|
- hosts:
|
|
- webapp.example.com
|
|
secretName: webapp-tls <2>
|
|
rules:
|
|
- host: webapp.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: webapp-service
|
|
port:
|
|
number: 80
|
|
----
|
|
<1> The `TLS` section specifies TLS settings.
|
|
<2> The `secretName` field is the name of Kubernetes secret that contains the TLS certificate and key. |