I have a certificate
-----BEGIN CERTIFICATE-----
MIIC3jCCAcagAwIBAgIRAMVxQYnfOmukOqdI7EkOujMwDQYJKoZIhvcNAQELBQAw
ADAeFw0yMjA2MDcwOTQ3MDlaFw0yMjA5MDUwOTQ3MDlaMAAwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDRrmSirAmqSsM3WtJ0/2wEwMw5aMH0tagfDDEy
Fofr64UkxCw/e6gZYhOTY5TPMyK9XZkSf81lsRdYyo/t5WtNhYZgHkAaNTK8WVeJ
LCGP1VQSjwZq82 edRfiJ0xIXD1JWlARhh7uXToZxYUXQXhJYtjJg9qCtISOv3/C
S6V rMNaCq8yegLfb3RdXz5KAiHs/ xAAKlOmhn2Ab3XUVFCBPpVIWZpCrcnAag3
ev8dDm28g9oRjJzC0jeOrLz1gbUn6M/B8VsYLTGFSjiopPkYZsmcFY0DHe7FopWe
hDQueVkmFtYdrRUZaT/r1R 65dCmS1YtQu83mhCDZQ7oNW XAgMBAAGjUzBRMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMCIGA1Ud
EQEB/wQYMBaCFHdvLXNyZS48Y2x1c3RlciBVUkw MA0GCSqGSIb3DQEBCwUAA4IB
AQB86t7SguZySp7C0vjqqAECEHOS34xyhecOYbmxyu aaQTu2Ryzxh9ymSUlI9oa
qUqjMYXSeQY244bt2jgqh9yLWe7VtMu9IMX3DAXlV5Hogmt4BKNtJTRwB8hTBZHl
26e UiHe72BW28xCL5zYNkLG4fE5r pMWUrAQzIsVmkfiGSb OZpwJ7EoOz5wnBm
Q/85ehlufxYwpywnZZcM3FKcDwxiDm1VDo jU70KsZ4f1zxWpXqnUEUBQ0Y8ca 7
oMneoZi4/VeBC82qDmTfvigi0NE VTCglVeU2jgKFDodChaJbHXIpg8UKVpmvGsO
CfUXffVNI/PErCgY3e4vH/65
-----END CERTIFICATE-----
It is stored in the variable after converting into the base64 encoding.
export certificateData=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQU1WeFFZbmZPbXVrT3FkSTdFa091ak13RFFZSktvWklodmNOQVFFTEJRQXcKQURBZUZ3MHlNakEyTURjd09UUTNNRGxhRncweU1qQTVNRFV3T1RRM01EbGFNQUF3Z2dFaU1BMEdDU3FHU0liMwpEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURScm1TaXJBbXFTc00zV3RKMC8yd0V3TXc1YU1IMHRhZ2ZEREV5CkZvZnI2NFVreEN3L2U2Z1pZaE9UWTVUUE15SzlYWmtTZjgxbHNSZFl5by90NVd0TmhZWmdIa0FhTlRLOFdWZUoKTENHUDFWUVNqd1pxODIrZWRSZmlKMHhJWEQxSldsQVJoaDd1WFRvWnhZVVhRWGhKWXRqSmc5cUN0SVNPdjMvQwpTNlYrck1OYUNxOHllZ0xmYjNSZFh6NUtBaUhzLyt4QUFLbE9taG4yQWIzWFVWRkNCUHBWSVdacENyY25BYWczCmV2OGREbTI4ZzlvUmpKekMwamVPckx6MWdiVW42TS9COFZzWUxUR0ZTamlvcFBrWVpzbWNGWTBESGU3Rm9wV2UKaERRdWVWa21GdFlkclJVWmFUL3IxUis2NWRDbVMxWXRRdTgzbWhDRFpRN29OVytYQWdNQkFBR2pVekJSTUIwRwpBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1DSUdBMVVkCkVRRUIvd1FZTUJhQ0ZIZHZMWE55WlM0OFkyeDFjM1JsY2lCVlVrdytNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCODZ0N1NndVp5U3A3QzB2anFxQUVDRUhPUzM0eHloZWNPWWJteHl1K2FhUVR1MlJ5enhoOXltU1VsSTlvYQpxVXFqTVlYU2VRWTI0NGJ0MmpncWg5eUxXZTdWdE11OUlNWDNEQVhsVjVIb2dtdDRCS050SlRSd0I4aFRCWkhsCjI2ZStVaUhlNzJCVzI4eENMNXpZTmtMRzRmRTVyK3BNV1VyQVF6SXNWbWtmaUdTYitPWnB3SjdFb096NXduQm0KUS84NWVobHVmeFl3cHl3blpaY00zRktjRHd4aURtMVZEbytqVTcwS3NaNGYxenhXcFhxblVFVUJRMFk4Y2ErNwpvTW5lb1ppNC9WZUJDODJxRG1UZnZpZ2kwTkUrVlRDZ2xWZVUyamdLRkRvZENoYUpiSFhJcGc4VUtWcG12R3NPCkNmVVhmZlZOSS9QRXJDZ1kzZTR2SC82NQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Am trying to create a route with the below Yaml and failing to get the certificate back inside the yaml :
cat <<EOF | oc apply -f -
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: test
namespace: default
annotations:
openshift.io/host.generated: 'true'
spec:
path: /ts/test
to:
kind: Service
name: test1
weight: 100
port:
targetPort: https
tls:
termination: reencrypt
destinationCACertificate: |
${certificateData}
wildcardPolicy: None
EOF
CodePudding user response:
Your yaml should be like the following:
- Set the different certificates or remove any entry which is not required
- In your question you mentioned that you store it in
base64and this is your confution, if you would store it in secret it can be stores asOpaquewhich isBase64
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: frontend
spec:
host: www.example.com
to:
kind: Service
name: frontend
tls:
termination: reencrypt
key: |-
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
certificate: |-
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
caCertificate: |-
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
destinationCACertificate: |-
-----BEGIN CERTIFICATE----- <------------------ Not Base64
[...]
-----END CERTIFICATE-----
CodePudding user response:
You need to create secret of the certificate files and load in deployment as below
env:
- name: testCA
valueFrom:
secretKeyRef:
key: testCA.pem
name: testSecretCert
inside the container it will be loaded into environment