[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Origin V3 router update



All,

The beta1 refactor for adding TLS support to the OpenShift template router plugin is being merged soon [1].  For the most part all the changes are behind the scenes and should not affect your existing route files.  There are some items I'd like to call out:

1.  The router now binds to host port 80 and 443 (previously only 80)
2.  The Route object now supports a new, optional TLS configuration object that identifies TLS termination strategies and certificates [2]
3.  Certificates in the JSON file must be single line strings with \\n line breaks
4.  For beta1, much of the config relies on SNI (to determine passthroughs, etc).  Traffic that is not SNI based that arrives on :443 will have TLS termination completed with a generic certificate.  Discussions of custom frontends with user specified ports have been brought up for future iterations. 

Installation of the router has also recently changed (not in this PR) and is worth noting.  When installing the router via hack/install-router.sh you now provide the full master url instead of just the ip address (ex https://1.1.1.1:8443).  This was to support the new secure master urls.  

A walk through of the use cases supported in beta1 along with examples of the corresponding configurations is available [3]. Please note, this walk through is using an nginx pod to simulate an application, it is not an nginx implementation of a template router.

If there are any questions or issues please feel free to contact me at this email address or on IRC (nick: pweil).

Thanks!

Paul


[1] PR: https://github.com/openshift/origin/pull/652
[2] Docs: https://github.com/pweil-/origin/blob/router-ssl/docs/routing.md#securing-your-routes
[3] Demo: https://github.com/pweil-/hello-nginx-docker


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]