• OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
    NAME                          READY   STATUS             RESTARTS   AGE
    router-10-rh8vf               1/1     Running            0          32m
    router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
    router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
    Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid


  • OpenShift route TLS termination: edge, passthrough and reencrypt

    2 min read

    openshift route TLS edge passthrough reencrypt

    To be able to expose a service externally on OpenShift we can use the Route object. Generally speaking, Routes can be either secured or unsecured, in case we choose to use a secured route we can configured it to work in three different ways: edge, passthrough and reencrypt.



From pet to cattle
Treat your kubernetes clusters like cattle, not pets