I am using the free tier deployment for a REST API with Node / Express. I already have the server up and running and it responds to requests over just HTTP.
I'm trying to follow this guide to setup the certs using certbot: https://blog.openshift.com/create-https-based-encrypted-urls-using-routes/
When I try to run the command:
oc scale dc/router --replicas=0 -n default
I get back:
Error from server (Forbidden): deploymentconfigs.apps.openshift.io
"router" is forbidden: User "myUserName" cannot get
deploymentconfigs.apps.openshift.io in the namespace "default": no
RBAC policy matched
Any advice would be appreciated.
The linked blog post is slightly dated; one of the initial assumptions states that "You have OpenShift (either Enterprise or Origin) running.". That would be OpenShift Container Platform (formerly OpenShift Enterprise) or OKD in today's naming, deployed in your data center/cloud and fully managed by yourself. The OpenShift Online is a multi-tenant environment where users do not have administrative privileges. You won't be able to manage the cluster router, or generally manipulate with anything that is not within your project there.
Custom route hosts (with custom certificates) are not supported on OpenShift Online Starter (the free tier), but for external accessibility of your service via HTTPs, you can use the provided wildcard certificate for the default route host (*.<shard>.<cluster>.openshiftapps.com
). Simply create a secure route for your existing service (the Edge TLS termination). This can be easily done in the web console, or alternatively using the oc create route edge --service=<service-name>
command. Both methods are mentioned on the above linked documentation page.