Overview

An OpenShift Online route exposes a service at a host name, like www.example.com, so that external clients can reach it by name.

DNS resolution for a host name is handled separately from routing; your administrator may have configured a cloud domain that will always correctly resolve to the OpenShift Online router, or if using an unrelated host name you may need to modify its DNS records independently to resolve to the router.

Creating Routes

You can create unsecured and secured routes routes using the web console or the CLI.

Using the web console, you can navigate to the Browse → Routes page, then click Create Route to define and create a route in your project:

Creating a Route Using the Web Console
Figure 1. Creating a Route Using the Web Console

Using the CLI, the following example creates an unsecured route:

$ oc expose svc/frontend

The new route inherits the name from the service unless you specify one using the --name option.

Example 1. YAML Definition of the Unsecured Route Created Above
apiVersion: v1
kind: Route
metadata:
  name: frontend
spec:
  to:
    kind: Service
    name: frontend

Unsecured routes are the default configuration, and are therefore the simplest to set up. However, secured routes offer security for connections to remain private. To create a secured HTTPS route encrypted with the default certificate for OpenShift Online 3 you can use the create route command.

TLS is the replacement of SSL for HTTPS and other encrypted protocols.

$ oc create route edge --service=frontend
Example 2. YAML Definition of the Secured Route Created Above
apiVersion: v1
kind: Route
metadata:
  name: frontend
spec:
  to:
    kind: Service
    name: frontend
  tls:
    termination: edge

Further information on all types of TLS termination as well as path-based routing are available in the Architecture section.

Restrictions

Custom route hosts are not permitted. Instead, the following host template is enforced on all user routes:

<route-name>-<namespace>.1d35.starter-us-east-1.openshiftapps.com

Also, custom certificates are not permitted. Only unencrypted routes, edge routes using the default certificate, and passthrough routes work. Edge routes with custom certificates and re-encrypt routes (which necessarily have custom certificates) do not work.

These restrictions are enforced in the router. Inspecting the route in the console or using oc get routes displays the host and certificates specified by the user. However, custom hosts are not respected, and routes with custom certificates do not work.