Description of problem: Create a reencrypt route usig `oc create route reencrypt ` command,if I add --dest-ca-cert ,then I will get "Details: edge termination does not support destination certificates" . Version-Release number of selected component (if applicable): devenv-rhel7_3325 # oc version oc v1.1.1-400-g76ea550 kubernetes v1.2.0-alpha.4-851-g4a65fa1 How reproducible: Always Steps to Reproduce: 1.Create the pod, service # oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/nginx-pod.json # oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/reencrypt/service_secure.json 2.Create reencrypt route # oc create route reencrypt my-route1 --dest-ca-cert=example2.cert --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem 3. Actual results: 2.# oc create route reencrypt my-route1 --dest-ca-cert=example2.cert --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem The Route "my-route1" is invalid. tls.destinationCACertificate: invalid value '-----BEGIN CERTIFICATE----- MIIDJzCCAg+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx CzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl ZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3 dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu Y29tMB4XDTE2MDExMzE5NDEwNloXDTI2MDExMDE5NDEwNlowgYAxGTAXBgNVBAMT EHd3dy5leGFtcGxlMi5jb20xCzAJBgNVBAgTAlNDMQswCQYDVQQGEwJVUzEjMCEG CSqGSIb3DQEJARYUZXhhbXBsZTJAZXhhbXBsZS5jb20xETAPBgNVBAoTCEV4YW1w bGUyMREwDwYDVQQLEwhFeGFtcGxlMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAyNZ2LYb4rx9JPDSL2HV+Jn5x5dsxJXpOTsMnXCDt3thcU1XkdraJyameRGAN eyQwMDmw9QIz7VQ8keYD8oj86pXxAlJAcAAlOJk7QVQPCI96rfCFh7mIJvSkZDp3 qLXPa+Eh6A6BdDnH+k66NaKPA2r9CmlFOjQRegX7OoCT0DMCAwEAAaMNMAswCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAjZyGYv/Z/L34dI/QNZnj+giEi01+ zaNxVMGvg0MR0+Y+neTtoXD422rVoIM5OmwxdwtrtUxgjrNKeSCGFytnHbn/sgob L9pF5SbkS8nnbhahj1FEjjjIzRCng/TPp2pHlU13ccpHblffGrawyLzayBzQYFLB SdGBb8Brj3/XvjGuwx889Pxk0du00gl94b3Q8LQ+veHpwTA5KmvT2OrKZr3zv3zY o/WkbxE76DTRnXNHDD30BxhW5EMP9lpJKfOQjXd244S4ZxQ1sD/ecVQYt3I7TJfM BlKIfRJfzFLrI4wD/3Xz4ZA596KAbNt6Eb3liRRM+qh5cNab88640SKFAg== -----END CERTIFICATE----- ', Details: edge termination does not support destination certificates Expected results: Could create reencrypt route successfully Additional info: If I don't add --dest-ca-cert just use `oc create route reencrypt my-route --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem` , then after creating the route,the route TLS is shown "edge"
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/a38817a1ebeb85f7fdf21afa33e6c4e5d60c27e4 Bug 1304635: fix termination type for oc create route reencrypt
The bug was fixed in devenv-rhel7_3335.After the bug is moved to ON_QA,I'll verify it. Result: # oc create route reencrypt my-route-path --dest-ca-cert=reencrypt.cert --service=hello-nginx --hostname=www.example2.com --key=reencrypt.key --cert=reencrypt.pem --path=/test route "my-route-path" created # oc create route reencrypt my-route-no-path --dest-ca-cert=reencrypt.cert --service=hello-nginx --hostname=www.example2.com --key=reencrypt.key --cert=reencrypt.pem route "my-route-no-path" created # oc get route NAME HOST/PORT PATH SERVICE LABELS INSECURE POLICY TLS TERMINATION my-route-no-path www.example2.com hello-nginx reencrypt my-route-path www.example2.com /test hello-nginx reencrypt
Verified against devenv-rhel7_3421. The test results are: For step 2: result is as shown in comment 2. For "Additional info": If don't add --dest-ca-cert for `oc create route reencrypt`, then the command will fail with message "tls.destinationCACertificate: Required value" The bug is fixed, so move to VERIFIED