Bootstrap FreeKB - OpenShift - Create Ingress Route
OpenShift - Create Ingress Route

Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

An OpenShift route or an Ingress route will provide a URL such as which is used to route a request onto a service, which is then routed onto a pod, and then to the container in the pod, and finally to the application running in the container.


Like this.


Egress provides a way for an application deployed on OpenShift to access an external URL, such as


The oc get services command can be used to list the services that have been created in a project. Let's say you want to create an Ingress route that will be used to route requests to foo-service.

~]$ oc get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
foo-service   ClusterIP   <none>         8080/TCP,8443/TCP,8778/TCP   177d
bar-service   ClusterIP   <none>         8080/TCP,8443/TCP,8778/TCP   240d


The oc create ingress command can be used to create an Ingress route that will be used to route requests onto a service.

  • The syntax of --rule is <url><path>=<service>:<port> (for example -
    • If the * (wildcard) character is NOT used in --rule, the pathType of the ingress route will be Exact and an OpenShift route will NOT be created.
    • If the * (wildcard) character is used in --rule, the pathType of the ingress route will be Prefix and an OpenShift route will be created. In this scenario, if the ingress route is not annotated with termination, the route will be set as an insecured route, not using SSL or TLS termination. --annotation can be included to set the OpenShift route as an edge, passthrough, or reencrypt route
~]$ oc create ingress my-ingress-route --rule*=foo-service:8080 --default-backend foo-service:8080 --annotation created


Optionally, the tls option can be used to create an ingress route that uses HTTPS. In this scenario, you would first need to create a secret that contains the appropriate public certificate and private key that can be used by the route.

~]# oc create secret tls my-tls-secret --cert tls.crt --key tls.key
secret/my-tls-secret created


And then create the ingress route, including tls=<secret name>.

~]$ oc create ingress my-ingress-tls-route --rule*=foo-service:8443,tls=my-tls-secret --default-backend foo-service:8443 --annotation created


The oc get ingress command can then be used the list the Ingress routes in the currently selected project.

~]$ oc get ingress
NAME                    CLASS    HOSTS                                                ADDRESS   PORTS        AGE
my-ingress-route        <none>                    80           15m
my-ingress-tls-route    <none>                80, 443      15m


The oc get ingress command with the --output yaml option can be used to show the YAML for each ingress route.

kind: Ingress
  name: my-ingress-route
  namespace: my-project
  annotations: passthrough
      name: my-service
        number: 8080
  - host:
      - backend:
            name: my-service
              number: 8080
        path: /my-endpoint
        pathType: Prefix
  loadBalancer: {}


I'm not sure why, but I have to label the route to get the route exposed on the default router

oc label ingress my-ingress-route route-type=default


And curl can be used to submit a request to the ingress route, which should forward the request onto the service, and then onto the pod.

curl -v


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 23d7ca in the box below so that we can be sure you are a human.