@kenjiro-san we could probably still get away with calling it insecureEdgeTerminationPolicy as the term is generic enough that it applies to any requests that get terminated at the edge (which both edge terminated and re-encrypt routes do) - the re-encrypt part applies to encrypting the traffic we send to the backend (pod). 

I agree its a bit overloaded given our use of edge-terminated routes. But we could spin that as a re-encrypted route is really an edge-terminated route with encrypted traffic to the backends.

The insecureEdgeTerminationPolicy=allow for a re-encrypted route might sound a bit awkward though. And there is also passthrough routes to consider here.

@clayton, any preferences on terminology / thoughts? Thx

Somewhat related to this discussion is also this RFE: https://github.com/openshift/origin/issues/5946

Hi,

I have started to add the possibility for other tls methodes to be able to redirect.

The pull request

https://github.com/openshift/origin/pull/8258

Do yo think this option will be able to reach 3.2?

In case not please can you provide a workaround for the case schema redirect http -> https, thanks.

BR Aleks

Given the need for API backcompat i'm ok with repurposing the existing field to cover all types of passthrough.

Origin PR https://github.com/openshift/origin/pull/11953

docs PR: https://github.com/openshift/openshift-docs/pull/3244

This has been merged into ocp and is in OCP v3.5.0.18 or newer.

Verified this bug on OCP v3.5.0.18

Reencrypt already support 'Redircte/Allow'

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0884