Consum certificate and key from a secret in a route in openshift

Question

How to create a secret with already available certificate and key in openshift, then add it to the route

Answer 1

You can use oc create secret tls to create a new Secret of type "tls" (see documentation):

# Create a new TLS secret named tls-secret with the given key pair:
oc create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

To create a secured Route, you have two options (reencrypt or edge). For both of these options, you'll want to have your certificate / key as files (certificate/key pair in PEM-encoded files).

1. reencrypt will create a Route with a custom certificate and reencrypt TLS termination, which means that your OpenShift Router will terminate TLS and then re-encrypt the traffic with the certificate that you specify:

$ oc create route reencrypt --service=frontend --cert=tls.crt --key=tls.key --dest-ca-cert=destca.crt --ca-cert=ca.crt --hostname=www.example.com

2. edge termination means that when you query your application via the Route, the OpenShift Router will serve the certificate that you specify:

$ oc create route edge --service=frontend --cert=tls.crt --key=tls.key --ca-cert=ca.crt --hostname=www.example.com

If you want to read up on the details, check the documentation.

Answer 2

Routes currently can not access secrets that way.

There is an open issue with a long history(2015): https://github.com/openshift/origin/issues/2162

The openshift acme operator can automatically secure routes, maybe that helps.