使用OpenShift的oc命令可以将Service内部访问转为(oc的expose子命令)可从外部访问的Route,这种转换缺省是使用http协议访问应用的。如果要支持https协议,除了需要生成证书外,还需要用“oc create route”来创建Route对象。
- 首先部署一个测试应用
$ oc new-project https
$ oc new-app openshift/hello-openshift
- 创建密钥和证书,其中hello-openshift-my-https.apps-crc.testing是缺省Route的FQDN。
$ openssl genrsa -out example.key 2048
$ openssl req -new -key example.key -out example.csr
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:BJ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:RedHat
Organizational Unit Name (eg, section) []:SA
Common Name (e.g. server FQDN or YOUR name) []:hello-openshift-my-https.apps-crc.testing
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt
- 根据密钥、证书和Service创建Route
$ oc create route edge --service=hello-openshift --key=example.key --cert=example.crt
- 用https协议访问Route
curl --cacert example.crt https://hello-openshift-my-https.apps-crc.testing
