{"id":23527922,"url":"https://github.com/nerdingitout/oc-route","last_synced_at":"2026-01-21T08:39:10.841Z","repository":{"id":84626950,"uuid":"333726210","full_name":"nerdingitout/oc-route","owner":"nerdingitout","description":"Learn how to secure routes on Red Hat OpenShift in different ways","archived":false,"fork":false,"pushed_at":"2021-05-20T05:20:40.000Z","size":59,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-25T20:19:18.441Z","etag":null,"topics":["cloud-native","networking","openshift","passthrough-route","security"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nerdingitout.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-28T10:38:52.000Z","updated_at":"2023-07-19T00:02:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"53beecc7-2ddb-4a1b-9309-84bc6a07678b","html_url":"https://github.com/nerdingitout/oc-route","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdingitout%2Foc-route","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdingitout%2Foc-route/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdingitout%2Foc-route/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdingitout%2Foc-route/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nerdingitout","download_url":"https://codeload.github.com/nerdingitout/oc-route/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239223382,"owners_count":19602769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","networking","openshift","passthrough-route","security"],"created_at":"2024-12-25T20:18:55.305Z","updated_at":"2025-10-31T18:30:38.390Z","avatar_url":"https://github.com/nerdingitout.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oc-route\n## Introduction\nIn OpenShift, there are different types of routes in which you can expose your applications, which are: clear, edge, re-encrypt, pass-through. The clear route is insecure and doesn't require any certifications, as for the rest of the routes, they are encrypted on different levels and require certificates.\nIn this tutorial, you will learn how to create 3 types of routes for your applications: clear, edge and passthroug and you will learn the difference in creating each type of route.\n## Prerequisites\nFor this tutorial you will need:\n- Sign up for your IBM Cloud account – \n- Red Hat OpenShift Cluster 4 on IBM Cloud.\n- oc CLI (can be downloaded from this link or you can use it at http://shell.cloud.ibm.com/.\n## Estimated Time\nIt will take you around 30 minutes to complete this tutorial.\n## Steps\n- [Login from the CLI \u0026 Create Project](https://github.com/nerdingitout/oc-route#login-from-the-cli--create-project)\n- [Setting up](https://github.com/nerdingitout/oc-route#setting-up)\n- [Create Application](https://github.com/nerdingitout/oc-route#create-application)\n- [Expose the Route](https://github.com/nerdingitout/oc-route#expose-the-route)\n- [Extract the SSL Cert Secret](https://github.com/nerdingitout/oc-route#extract-the-ssl-cert-secret)\n- [Create Edge Route](https://github.com/nerdingitout/oc-route#create-edge-route)\n- [Create Golang Application](https://github.com/nerdingitout/oc-route/blob/main/README.md#create-golang-application)\n- [Create Passthrough Route](https://github.com/nerdingitout/oc-route#create-passthrough-route)\n## Login from the CLI \u0026 Create Project\n- Go to the web console and click on your username at the top right then 'Copy Login Command', then display the token and copy the ```oc login``` command in your terminal.\u003cbr\u003e\n![login](https://user-images.githubusercontent.com/36239840/97104809-26821500-16d0-11eb-936e-c2b7fb914523.JPG)\u003cbr\u003e\n- Create ```my-route-project``` project.\n```\noc new-project my-route-project\n```\n## Setting up\nIn this section, you will view details about your OpenShift Cluster on IBM Cloud. Details you would be interested in are hostname, SSL Cert Secret Name, and the namespace that holds the secret.\n- First, this is the Overview page that shows some details about your cluster like Cluster ID and resource group they can be useful when using ibmcloud CLI to grab some information about your cluster.\n![image](https://user-images.githubusercontent.com/36239840/113106747-2b656a80-9214-11eb-82ef-4cc6efcd967b.png)\n- on the top right, click on your profile and select \"Log in to CLI and API\"\n![image](https://user-images.githubusercontent.com/36239840/113106901-551e9180-9214-11eb-8d61-15445a3b7215.png)\n- Copy the IBM Cloud CLI login command and paste it in your CLI\n![image](https://user-images.githubusercontent.com/36239840/113106986-6b2c5200-9214-11eb-857f-46d7dcdd266d.png)\n![image](https://user-images.githubusercontent.com/36239840/113107025-75e6e700-9214-11eb-8a95-a04005b3002a.png)\n- Select the resource group where your cluster resides (in my case it is default)\n```\nibmcloud target -g default\n```\n![image](https://user-images.githubusercontent.com/36239840/113107089-8ac37a80-9214-11eb-948a-4b1548b5df81.png)\n- View information about your cluster\n```\nibmcloud oc nlb-dns ls --cluster \u003ccluster_name_or_id\u003e\n```\n![image (18)](https://user-images.githubusercontent.com/36239840/113107233-bcd4dc80-9214-11eb-8eae-25c4b6a2c201.png)\n\n## Create Application\n- Create a new deployment resource using the [ibmcom/guestbook:v2](https://hub.docker.com/r/ibmcom/guestbook/tags) docker image in the project we just created.\n```\noc expose deployment myguestbook --type=\"NodePort\" --port=3000\n```\n- This deployment creates the corresponding Pod that's in running state. Use the following command to see the list of pods in your namespace.\n```\noc get pods\n```\n![get pods](https://user-images.githubusercontent.com/36239840/97298061-5534f280-186c-11eb-9dbb-982f2f1c20e0.JPG)\n- reate a Kubernetes ClusterIP service for your app deployment. The service provides an internal IP address for the app that the router can send traffic to.\n```\noc expose deployment myguestbook --type=\"NodePort\" --port=3000\n```\n## Expose the route\n- To view the service that we need to expose. Use the following command.\u003cbr\u003e\n```\noc get svc\n```\n![image](https://user-images.githubusercontent.com/36239840/113107705-484e6d80-9215-11eb-8b4c-3ff6ff9f0895.png)\n- Notice that the application isn't accessible externally, we have only exposed the deployment internally, to make it externally accessible use the following command\n```\noc expose svc myguestbook \n```\n- Now to get the route using the following command\n```\noc get routes\n```\n![image (20)](https://user-images.githubusercontent.com/36239840/113109494-1c33ec00-9217-11eb-8c96-675a6efdff35.png)\n- copy and paste the link in your browser, you will be redirected to a web page like the following screenshot. Notice that the webpage is not secure because we haven't used any type of encryption yet.\n![image](https://user-images.githubusercontent.com/36239840/113109564-281fae00-9217-11eb-843c-6a01474ace7a.png)\n- Since you will be using the same application to create an edge route, make sure to delete the route before moving to the next step\n```\noc delete route myguestbook\n```\n## Extract the SSL Cert Secret\n- Now let's take a look at the secrets in openshift-ingress project. You will need a TLS secret that's generated for your cluster which is of type kubernetes.io/tls.\n```\noc get secrets -n openshift-ingress\n```\n![image](https://user-images.githubusercontent.com/36239840/113153878-8e70f480-9248-11eb-843c-5884a84cd398.png)\n- View the secret values in your command line, notice that the key and certificate pair are saved in PEM encoded files.\n```\noc extract secret/\u003cYOUR-TLS-SECRET-NAME\u003e --to - -n openshift-ingress\n```\n![image](https://user-images.githubusercontent.com/36239840/113154158-c8da9180-9248-11eb-8cb5-acf2c3bd3423.png)\n- Save the secret in a temporary directory\n```\noc extract secret/\u003cYOUR-TLS-SECRET-NAME\u003e --to=/tmp -n openshift-ingress\n```\n![image](https://user-images.githubusercontent.com/36239840/113154290-f0315e80-9248-11eb-843f-18bc881c6d12.png)\n## Create Edge Route\n- Create the edge route using the following command\n```\noc create route edge --service myguestbook --key /tmp/tls.key --cert /tmp/tls.crt\n```\n- Get the route of your application and open it from your browser\n```\noc get routes\n```\n- The application has been deployed successfully\n![image](https://user-images.githubusercontent.com/36239840/113154769-68981f80-9249-11eb-965d-3a2f6048df46.png)\n- You can check information about the secured website and certificate from the lock icon at the top left of the browser\n![image](https://user-images.githubusercontent.com/36239840/113154821-764da500-9249-11eb-8916-559c5e4fd575.png)\n![image](https://user-images.githubusercontent.com/36239840/113154850-7c438600-9249-11eb-8b58-2bc906abac9d.png)\n## Create Golang Application\nIn this section, you will be deploying a new application that you will be using for passthrough route, then you will create a secret and mount it to the volume so you can create the routes.\n- Create the deployment config and service using oc create command.\n```\noc create -f https://raw.githubusercontent.com/nerdingitout/oc-route/main/golang-https.yml\n```\n![image](https://user-images.githubusercontent.com/36239840/113155813-7bf7ba80-924a-11eb-81b0-1b574e925707.png)\n- Create TLS secret using the same secret you extracted earlier. \n```\noc create secret tls mycert --cert /tmp/tls.crt --key /tmp/tls.key\n```\n![image](https://user-images.githubusercontent.com/36239840/113155891-903bb780-924a-11eb-911e-573ca4289450.png)\n- Mount the secret to your volume.\n```\noc set volume dc/golang-https --add -t secret -m /go/src/app/certs --name cert --secret-name mycert\n```\n## Create Passthrough Route\n- Create the passthrough route\n```\noc create route passthrough golang-https --service golang-https\n```\n- Get the URL, notice that the termination type is passthrough\n```\noc get routes\n```\n![routes](https://user-images.githubusercontent.com/36239840/115992000-63c25380-a5dc-11eb-9ccb-45bca9ef2213.JPG)\n\n- Access the application and view the certificate\n![golang](https://user-images.githubusercontent.com/36239840/115991931-07f7ca80-a5dc-11eb-9305-d1ecea5e601c.JPG)\n\n## Resources\nYou can learn more using the following resources:\n- [OpenShift Routes on IBM Cloud](https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_routes)\n- [OpenSSL](https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm)\n- [Self-Serviced End-to-end Encryption Approaches for Applications Deployed in OpenShift](https://www.openshift.com/blog/self-serviced-end-to-end-encryption-approaches-for-applications-deployed-in-openshift)\n- [Secured Routes](https://docs.openshift.com/container-platform/4.5/networking/routes/secured-routes.html)\n- [End to End Encryption with OpenShift: Part 1](https://developers.redhat.com/blog/2017/01/24/end-to-end-encryption-with-openshift-part-1-two-way-ssl/)\n- [End to End Encryption with OpenShift: Part 2](https://www.openshift.com/blog/self-serviced-end-to-end-encryption-for-kubernetes-applications-part-2-a-practical-example)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdingitout%2Foc-route","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnerdingitout%2Foc-route","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdingitout%2Foc-route/lists"}