Securing Applications with Pass-through Routes

The previous example demonstrates how to create an edge route, that is, an OKD route that presents a certificate at the edge. Pass-through routes offer a secure alternative because the application exposes its TLS certificate. As such, the traffic is encrypted between the client and the application.

To create a pass-through route, you need a certificate and a way for your application to access it. The best way to accomplish this is by using OKD TLS secrets. Secrets are exposed via a mount point into the container.

The following diagram shows how you can mount a secret resource in your container. The application is then able to access your certificate. With this mode, there is no encryption between the client and the router.