Create an edge route for an example application on a Red Hat OpenShift Cluster on IBM Cloud

This blog post is about an example usage of the awesome tutorial made by Masa Abushamleh at IBM Developer called Secure routes for your microservices on Red Hat OpenShift. I applied the content, with some small modifications, to my existing example application. It’s the same application I used in this blog post Using the internal OpenShift container registry to deploy an application.

Let us begin with a recap of route/router definitions:

“An OpenShift route is a way to expose a service by giving it an externally-reachable hostname like http://www.example.com . A defined route and the endpoints identified by its service can be consumed by a router to provide named connectivity that allows external clients to reach your applications.” Source Red Hat OpenShift documentation

“An edge router is a specialized router located at a network boundary that enables an internal network to connect to external networks. They are primarily used at two demarcation points: the wide area network (WAN) and the internet.” Source What is an edge router? written by Ben Lutkevich, Technical Writer

I reused the existing tls secret and the given domain of the ingress configuration for the running Red Hat OpenShift cluster on IBM Cloud to create that secured route.

The next few steps are included in the bash script implementation to create a custom secured route. The automation in this bash script is the same for all other remaining steps except for route creation, which is a part of that blog post. For details and dependencies, see my related blog post Using the internal OpenShift container registry to deploy an application. That means, you can follow the application installation instructions in that blog post, you only need to ensure you are in the branch “vend-sec-rout“.

This is the branch (“vend-sec-rout“) of my GitHub repository that contains the following extracted automation, and here is the direct link to this bash script that you can find in the createSecureRoute function. In case if you want to check it out by yourself ;-).

Step 1: Get the ingress domain of the cluster

echo "-> get ingress domain of the cluster"
OS_DOMAIN=$(oc get ingresses.config/cluster -o jsonpath={.spec.domain})
echo "-> domain: $OS_DOMAIN"

Step 2: Get the ingress secret of the cluster

echo "-> get ingress secret of the cluster"
export INGRESS_SECRET=$(oc get secrets -n openshift-ingress | grep "$OS_CLUSTERNAME" | awk '{print $1;}')
echo "-> secret: $INGRESS_SECRET"

Step 3: Save the ingress secret key and the certificate in temporay files

echo "-> export secret"
oc extract secret/$INGRESS_SECRET --to=../secrets -n openshift-ingress

Step 4: Create a custom hostname with the existing domain and your custom name

  echo "-> create hostname"
  NAME=vend-sec
  export OS_HOSTNAME=$NAME.$OS_DOMAIN

Step 5: Now create an edge route

I’m not using a yaml file for this automation. I’m using the OpenShift CLI to create the route with the following parameters.

  • Servicevend-service My service name
  • Key../secrets/tls.key The tls.key file I extracted in step 3.
  • Cert../secrets/tls.crt The tls.crt file I extracted in step 3.
  • Hostname$OS_HOSTNAME The hostname I created in step 4.
  • Port3000 My Node.js application is listen on port 3000.

Then I delete the secret files that are no longer needed.

echo "-> create route"
oc create route edge vend-sec-route \
                       --service vend-service \
                       --key ../secrets/tls.key \
                       --cert ../secrets/tls.crt \
                       --hostname=$OS_HOSTNAME \
                       --port=3000
rm -f ../secrets/tls.crt
rm -f ../secrets/tls.key

Summary

As a first step for an example implementation of an example application, it’s awesome just to reuse the existing tls secret and the given domain of the ingress configuration for the running Red Hat OpenShift cluster on IBM Cloud, to create a customized route for a running application at the cluster.


I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#ibmcloud, #container, #roks, #route, #openshift, #ingress, #edge

2 thoughts on “Create an edge route for an example application on a Red Hat OpenShift Cluster on IBM Cloud

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.