OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

2 min read

After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

$ kubectl get pods NAME READY STATUS RESTARTS AGE router-10-rh8vf 1/1 Running 0 32m router-10-f2dt2 0/1 CrashLoopBackOff 6 7m router-10-m45b7 1/1 Running 0 31m 

Checking it's logs we'll get a quite misleading message:

$ kubectl logs router-10-f2dt2 -n default Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid 

04/07/2023

OpenShift route TLS termination: edge, passthrough and reencrypt

2 min read

To be able to expose a service externally on OpenShift we can use the Route object. Generally speaking, Routes can be either secured or unsecured, in case we choose to use a secured route we can configured it to work in three different ways: edge, passthrough and reencrypt.

28/11/2022