openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
ba8f17ee17e5e75a8399089159cf3cedcdbf61cd
openshift-docs/modules/nw-ingress-edge-route-default-certificate.adoc

80 lines
2.0 KiB
Plaintext
Raw Blame History

// This is included in the following assemblies:
//
// * networking/routes/route-configuration.adoc
// * microshift_networking/microshift-configuring-routes.adoc
:_mod-docs-content-type: PROCEDURE
[id="nw-ingress-edge-route-default-certificate_{context}"]
= Creating a route using the default certificate through an Ingress object
[role="_abstract"]
To generate a secure, edge-terminated route that uses the default ingress certificate, specify an empty TLS configuration in the Ingress object. This configuration overrides the default behavior, preventing the creation of an insecure route.
.Prerequisites
* You have a service that you want to expose.
* You have access to the {oc-first}.
.Procedure
. Create a YAML file for the Ingress object. In the following example, the file is called `example-ingress.yaml`:
+
.YAML definition of an Ingress object
[source,yaml]
----
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend
...
spec:
rules:
...
tls:
- {}
----
+
where:
+
`spec.tls`:: Specifies the TLS configuration. Use the exact syntax shown to specify TLS without specifying a custom certificate.
. Create the Ingress object by running the following command:
+
[source,terminal]
----
$ oc create -f example-ingress.yaml
----
.Verification
* Verify that {product-title} has created the expected route for the Ingress object by running the following command:
+
[source,terminal]
----
$ oc get routes -o yaml
----
+
.Example output
[source,yaml]
----
apiVersion: v1
items:
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: frontend-j9sdd
# ...
spec:
...
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
# ...
----
+
where:
+
`metadata.name`:: Specifies the name of the route, which includes the name of the Ingress object followed by a random suffix.
`spec.tls`:: To use the default certificate, the route should not specify `spec.certificate`.
`tls.termination`:: Specifies the termination policy for the route. The route should specify the `edge` termination policy.
View Git Blame Copy Permalink