K
Q

Converting an Openshift Route to Kubernetes Ingress

5/12/2021

I have multiple openshift routes of type: 

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: <name>
  labels:
    app.kubernetes.io/name: <app-name>
spec:
  host: <host>
  port:
    targetPort: <targetPort>
  tls:
    termination: reencrypt
    destinationCACertificate: |-
      -----BEGIN CERTIFICATE-----
      MIIDejCCAmICCQCNHBN8tj/FwzANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
      UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNVBAoM
      BlNwbHVuazEXMBUGA1UEAwwOU3BsdW5rQ29tbW9uQ0ExITAfBgkqhkiG9w0BCQEW
      EnN1cHBvcnRAc3BsdW5rLmNvbTAeFw0xNzAxMzAyMDI2NTRaFw0yNzAxMjgyMDI2
      NTRaMH8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy
      YW5jaXNjbzEPMA0GA1UECgwGU3BsdW5rMRcwFQYDVQQDDA5TcGx1bmtDb21tb25D
      QTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBzcGx1bmsuY29tMIIBIjANBgkqhkiG
      9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB9ltVEGk73QvPlxXtA0qMW/SLDQlQMFJ/C/
      tXRVJdQsmcW4WsaETteeWZh8AgozO1LqOa3I6UmrWLcv4LmUAh/T3iZWXzHLIqFN
      WLSVU+2g0Xkn43xSgQEPSvEK1NqZRZv1SWvx3+oGHgu03AZrqTj0HyLujqUDARFX
      sRvBPW/VfDkomHj9b8IuK3qOUwQtIOUr+oKx1tM1J7VNN5NflLw9NdHtlfblw0Ys
      5xI5Qxu3rcCxkKQuwzdask4iijOIRMAKX28pbakxU9Nk38Ac3PNadgIk0s7R829k
      980sqGWkd06+C17OxgjpQbvLOR20FtmQybttUsXGR7Bp07YStwIDAQABMA0GCSqG
      SIb3DQEBCwUAA4IBAQCxhQd6KXP2VzK2cwAqdK74bGwl5WnvsyqdPWkdANiKksr4
      ZybJZNfdfRso3fA2oK1R8i5Ca8LK3V/UuAsXvG6/ikJtWsJ9jf+eYLou8lS6NVJO
      xDN/gxPcHrhToGqi1wfPwDQrNVofZcuQNklcdgZ1+XVuotfTCOXHrRoNmZX+HgkY
      gEtPG+r1VwSFowfYqyFXQ5CUeRa3JB7/ObF15WfGUYplbd3wQz/M3PLNKLvz5a1z
      LMNXDwN5Pvyb2epyO8LPJu4dGTB4jOGpYLUjG1UUqJo9Oa6D99rv6sId+8qjERtl
      ZZc1oaC0PKSzBmq+TpbR27B8Zra3gpoA+gavdRZj
      -----END CERTIFICATE-----
  to:
    kind: Service
    name: <ServiceName>

I want to convert it into a Ingress Object as there are no routes in bare k8s. I see we don't have definition of termination type in Ingress Object, so can anyone recommend what is the optimal way to achieve this same functionality of openshift route using k8s ingress?

Thanks in advance

-- Kumud Jain
cloud
kubernetes
kubernetes-helm
kubernetes-ingress
openshift

Similar Questions

FailedScheduling: 0/3 nodes are available: 3 Insufficient pods
jenkins kubernetes plugin connect to cluster via proxy
Editing Kubernetes pod on-the-fly
Kubernets creating statefulset fail
How to setup scalable Jenkins on top of a EKS Cluster with persistent Volumes?

1 Answer

5/12/2021

The option reencrypt is not available in NGINX ingress controller. TLS cert in bare metal ingress is just stored in a secret. In the case of NGINX ingress controller, TLS termination takes place at the controller. In the case of openshift's route, it is similar to edge termination. So it is impossible to achieve similar TLS termination to openshift's route using bare k8s. You can achive this using istio. Here is tutorial how to setup Mutual TLS Migration.

-- Mikołaj Głodziak
Source: StackOverflow