TLS Termination Types in OpenShift Routes

There are 3 types of TLS Termination types to select from when you are creating a route in OpenShift. These are:

– EDGE
– Passthrough
– Reencrypt

These TLS Termination types define which part of the communication from the client up to the backing pods behind a service should be encrypted when you are creating an ingress point using a route. Which at the end creates a DNS entry and enables external clients to reach the pods using a URL. This communication will be provided through the router(s) with router(L7) load balancing.

Briefly,
EDGE: Traffic between the browser and the router will be encrypted by TLS. On the backside of the things, between the router and the pods, it will be unencrypted HTTP traffic.

PASSTHROUGH: All the traffic from the browser to the pods/applications will be encrypted. Here, your applications have to be able to handle SSL/TLS communication.

REENCRYPT: In this case, there are 2 separate TLS connections. There is one between the browser and the router and another one between the router and the PODs.

Now, I think the best way to describe the differences is to use drawings. So here you go. Check out the drawings below to get a better understanding of TLS Termination types.

 

 

Hope this helps.

Good Luck,

Serdar