stackrox · newgoliath · Jan 23, 2025 · Jan 23, 2025
diff --git a/util-scripts/rhacs-route-reencrypt-tls-certs/README.md b/util-scripts/rhacs-route-reencrypt-tls-certs/README.md
@@ -0,0 +1,23 @@
+# Set up ACS Passthrough TLS Routes with Central's CA
+
+Get rid of the cert errors when accessing the Central web UI by
+adding the Central certs to Central's Route
+
+This is a one liner.
+
+Must be logged in to OpenShift as cluster-admin.
+
+**Required Environment Vars:**
+* logged into OpenShift as cluster-admin.
+
+**Required Tools:**
+* `bash`
+* `oc` logged into the OpenShift Cluster with ACS already installed.
+* `sed`
+
+**Output:**
+* No output
+
+**Usage:**
+`./acs-route-passthrough-tls-certs.sh`
+
diff --git a/util-scripts/rhacs-route-reencrypt-tls-certs/acs-route-reencrypt-tls-certs.sh b/util-scripts/rhacs-route-reencrypt-tls-certs/acs-route-reencrypt-tls-certs.sh
@@ -0,0 +1,18 @@
+!#/bin/bash
+
+# on openshift, set up acs reencrypt routes with Central's CA
+
+oc apply -f - <<EOF
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: central
+  namespace: {{ .Values.stackrox_namespace }}
+spec:
+  tls:
+    termination: reencrypt
+    destinationCACertificate: |
+$(oc extract secret/central-tls -n {{ .Values.stackrox_namespace }} --keys ca.pem --to=- | sed 's/^/      /' )
+EOF
+
+