Bug 1314553
| Summary: | [RFE] Feature to provide certificate or keys to templates for routes and other objects using secrets or secure method. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ryan Howe <rhowe> |
| Component: | RFE | Assignee: | Ben Parees <bparees> |
| Status: | CLOSED ERRATA | QA Contact: | zhaozhanqi <zzhao> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.1.0 | CC: | aos-bugs, jokerman, mmccomas, tdawson |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-01-18 12:39:28 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ryan Howe
2016-03-03 22:01:05 UTC
Since secrets can now be defined in terms of string values using the stringdata field on secrets, this is now achievable. Reading parameters from a file path is being handled elsewhere and is orthogonal to this RFE: https://github.com/openshift/origin/pull/10952/files since this PR 10952 have not been merged and also the bug was reported to OCP. So I changed the status to Assigned. please feel free change to ON_QA once this PR 10952 was merged to OCP. thanks The pr is unrelated to this rfe. We are not concerned with reading parameters from a file in this rfe. Secrets can be defined via parameters using the stringData mechanism, so the rfe is complete. Thanks Ben
I checked the bug again. and this bug should already fixed as my understanding. we can use CLI to create tls route with related cert/key. example:
$oc create route edge -h
Create a route that uses edge TLS termination
Specify the service (either just its name or using type/name syntax) that the
generated route should expose via the --service flag.
Usage:
oc create route edge [NAME] --service=SERVICE [options]
Examples:
# Create an edge route named "my-route" that exposes frontend service.
oc create route edge my-route --service=frontend
# Create an edge route that exposes the frontend service and specify a path.
# If the route name is omitted, the service name will be re-used.
oc create route edge --service=frontend --path /assets
Options:
--ca-cert='': Path to a CA certificate file.
--cert='': Path to a certificate file.
--hostname='': Set a hostname for the new route
--insecure-policy='': Set an insecure policy for the new route
--key='': Path to a key file.
-o, --output='': Output mode. Use "-o name" for shorter output (resource/name).
--path='': Path that the router watches to route traffic to the service.
--port='': Name of the service port or number of the container port the route will route traffic to
--schema-cache-dir='~/.kube/schema': If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
--service='': Name of the service that the new route is exposing
--validate=false: If true, use a schema to validate the input before sending it
Use "oc options" for a list of global command-line options (applies to all commands).
so verified this bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0066 |