I have OKD (openshift) project and when I create edge route to terminate HTTPS it works fine here is YAML of edge route
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: mydemo-route
namespace: my-demo
spec:
host: my-demo.com
to:
name: nginx-service
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
certificate: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
caCertificate: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
A problem arises when I want to use a secret to conceal private key. Here is TLS secret:
oc create secret tls my-demo-secret --cert=my-demo.key --key=my-demo.cer --namespace=my-demo
Lots of route examples didn't work, here is the error:
oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
mydemo-route ExtendedValidationFailed nginx-service http edge None
here is one of faulty route.yaml that I tried:
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: mydemo-route
namespace: my-demo
spec:
host: my-demo.com
to:
kind: Service
name: nginx-service
port:
targetPort: http
tls:
termination: edge
certificate: my-demo-secret
Any help would be appriciated
You cannot reference a secret in a Route resource. The certificate and key need to be embedded in the resource itself.
You can create an Ingress resource instead, with appropriate references to a secret, and OpenShift will convert this into a Route with the certificate and key embedded.
You can read more about this here:
I put together a demo repository recent that shows how to use this automatic conversion of Ingress resources to Routes to integrate with cert-manager.