Securing an OpenShift Route

Hands-On Lab

 

Length

01:00:00

Difficulty

Advanced

Go Longhorns! Arlen high is ready to build a Ruby website for their mascot, the Longhorn, that requires TLS security. Use the ruby-ex template to create a new app named longhorns, then use origin clients to create a secure route with TLS termination.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Securing an OpenShift Route

Introduction

Go Longhorns! Arlen high is ready to build a Ruby website for their mascot, the Longhorn, that requires TLS security. Use the ruby-ex template to create a new app named longhorns, then use origin clients to create a secure route with TLS termination.

Solution

  • Log in to the OpenShift cluster using the credentials provided on the hands-on lab page:

    ssh cloud_user@<IP_ADDRESS>
  • Become the root user:

    sudo -i
  • Create projects associated with the labs:

    for i in strickland-propane arlen-high megalomart
        do
        oc new-project $i --description="Arlen Tx Engineering project"
    done
  • Switch to the arlen-high project:

    oc project arlen-high
  • Start the longhorns app using the ruby-ex template:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git --name="longhorns"
  • View the logs for our application's build config:

    oc logs -f bc/longhorns
  • Verify the app is running:

    oc get pods
  • Download the script used to generate SSL certificates:

    wget https://raw.githubusercontent.com/linuxacademy/content-openshift-ex280/release-3.9/labs/gen-crt.sh
  • Create the SSL certificates to be used for TLS termination:

    bash gen-crt.sh longhorns.arlen-high.10.0.2.204.xip.io
  • Get the name of our service:

    oc get svc
  • Expose the route with edge termination:

    oc create route edge --service=longhorns 
    --cert=longhorns.arlen-high.10.0.2.204.xip.io.crt --key=longhorns.arlen-high.10.0.2.204.xip.io.key 
    --hostname=longhorns.arlen-high.10.0.2.204.xip.io
  • Verify the route was created successfully:

    oc get routes
  • Verify the application is serving requests:

> Note: Since our certificates are self-signed, we will need to use the "display insecure routes" option with curl.

```
curl -k https://longhorns.arlen-high.10.0.2.204.xip.io
```

Conclusion

Congratulations, you've completed this hands-on lab!