By following the easy steps in this post, you will learn how to migrate legacy Cloud Foundry applications to a Red Hat OpenShift cluster on IBM Cloud.

Red Hat OpenShift on IBM Cloud (OpenShift) is a cluster-managed container service on a foundation of Red Hat Enterprise Linux that leverages the enterprise scale and security of IBM Cloud, enabling the customer to focus on developing the application logics and leveraging the mature container service.

IBM Cloud Foundry is a legacy application Platform-as-a-Service (PaaS) that runs applications in multiple programming languages. Cloud Foundry has many inherent limitations (especially configurability) when compared to OpenShift. If you have any Cloud Foundry applications on IBM Cloud, you can migrate them to OpenShift. There are many ways to achieve this, and this post will provide you with one straightforward migration path.


  • IBM Cloud account (you will need to be paid customer because OpenShift is a paid service)
  • IBM Cloud Foundry application (you can create a sample Cloud Foundry application by starting from Step 1.1or start from Step 1.2 if you have an existing Cloud Foundry application)
  • Red Hat OpenShift on IBM Cloud instance (you will need at least one node instance to serve your application)


In this blog post, we will cover the migration from Cloud Foundry to OpenShift from scratch, so we will include the steps to create a sample Cloud Foundry application and enablement steps in Section 1, then use the following steps to migrate it to a project on OpenShift.

  1. Prepare the Cloud Foundry application (source) to be migrated
    • 1.1: Create the sample Cloud Foundry application
    • 1.2: Enable Git access and record key parameters
  2. Migrate the source application to the OpenShift project
    • 2.1: Create a new project from the saved Git URL
    • 2.2: Build the new project
    • 2.3: Test the new project
    • 2.4: Enable HTTPS access for the new application

1. Prepare the Cloud Foundry application (source) to be migrated

1.1. Create the sample Cloud Foundry application

For the purposes of this tutorial, we will use a Java sample application from the IBM Cloud platform to start with: Tomcat Hello World sample.

Open the IBM Cloud console, login using your credentials, and then click the Create Resource button at the top-right corner:

Under Services, select the Cloud Foundry tile:

On the Cloud Foundry page, choose the Public Applications option and click the Create button:

IBM Cloud Foundry provides you with many choices, and we will use Tomcat for this sample. Click the Tomcat tile and input your unique App name (e.g., java-wf in this sample) and select the Dallas region/space and domain:

Click Create at the bottom right. When it finishes, we will have our sample application ready and can access it at any time via the Dashboard by clicking the top-right button and choosing Cloud Foundry > Public:

When you click your application name at the following page (expand the Applications section if it is collapsed), you will see your application details:

Click the Visit App URL link to be taken to your sample application’s main page:

1.2. Enable Git access and record key parameters

To migrate the existing sample Cloud Foundry application to OpenShift, we will need to enable the external access of source code, which is done via Git in this case.

On the same Overview page of the application, scroll down to the bottom and click the Enable continuous delivery link:

On the page that pops up, wait until all the default values are filled in and then do the following actions:

  1. Click the Delivery Pipeline tab.
  2. Click the New button and accept the system-generated ones in the following dialogue.
  3. Click the eye icon and record the API key.
  4. Click the Create button to finalize this step.

Wait a couple of seconds to let the process finish and then the Toolchains page will pop up. If it does not, click the Toolchains link to navigate to this page and then click the Git tile in the Overview page of Toolchains:

At the next window, record the Git URL and App Path as defined in the following figure:

After recording the URL and App Path, click User > Settings > Access Tokens. Input a name, select all access right, and then click Create for a new one—you will receive your access token immediately and you should record it for future use:

After these steps, we have finished the Git enablement step for this project and have the following key info recorded for future OpenShift usage:

  • Git URL (in this case,
  • Access Token (which will be used to pull project source code)
  • App Path (in this case, TomcatHelloWorldApp which will be used as an OpenShift path)

2. Migrate the source application to the OpenShift project

You will need an OpenShift cluster to complete this task. Click OpenShift > Clusters from the Overview page to view your existing OpenShift clusters:

You can also create one by clicking the Create an OpenShift cluster button from the OpenShift page:

After creation, you will be navigated to your OpenShift cluster overview.

2.1. Create new project from the saved Git URL

In this section, we will describe the steps to create the project using OpenShift’s console. To open the web console, simply click the blue button as seen in the following screen capture, wait couple of seconds, and the web console will pop up in a new tab:

At the console page, click Create Project at the top-right corner, input your project name (“java-wf” in this sample), and then click the Create button:

You will then see that your project is in the project list; if you click the project name, you will be taken to the project page:

Click the Browse Catalog button and click the Language tab to choose Java:

You will find that WildFly is the only choice—click it and then click Next:

Input the following info that we recorded at Step 1.2:

  • The Application Name that you want (e.g., java-wf for this sample)
  • Git Repository (the Git URL that we saved)
  • Click the advanced options link to input the access token

In the advanced options dialog, click the Create New Secret and input the access token that we saved at Step 1.2:

The popup screen will then close and let us scroll down to the bottom of this page, where we can click the Create button to create this project. After it is created, the resulting page will provide a webhook trigger as for you to record. You can use it in future for automation purpose:

Our new project has been successfully created after this step, and we will be able to review the details and access it with the following steps. 

2.2. Build the source project

OpenShift will clone the project from the provided Git URL, build it into a standard Docker image, and store it in the cluster’s internal address. The following address is an example—here, “java-wf” is the project name that we created and it will differ in your case: docker-registry.default.svc:5000/java-wf/java-wf:latest

You can monitor the build progress at any time by clicking Builds > Builds and then clicking the project name to enter the build details:

Then, choose Logs tab from the following page and you can see the detailed logs/steps of that OpenShift clone and build the image for our project:

From the Logs, you can see the detailed steps and output of the OpenShift build—you can use this for debugging purposes in case of any issue. Then, you can click the Rebuild button to trigger a manual rebuild of the application in case you have changed anything.

After the build has completed, our project is ready to visit and test.

2.3. Test the new project

Return to the project Overview page. There, you’ll see the URL at the top of application details; copy it and add the “TomcatHelloWorldApp” path that we stored at Step 1.2.

The result will be like the following image, identical with the Cloud Foundry application behavior:

However, you can notice there is a Not Secure notification in the address bar, which we’ll fix in the next step.

2.4. Enable HTTPS access

By default, the generated URL/route has not enabled HTTPS access (leading to the Not Secure notification from the previous image), and this section will describe how to enable security access.

First, click the Applications link on the left-side menu and select Routes. Then, click the route of our application at the following window to be taken to the route details page to edit. 

At the bottom of the following page, click the Edit link under TLS Settings:

Click the Secure Route checkbox to enable HTTPS access. You can choose the HTTP option at the Insecure Traffic dropdown; in this sample, we will use the Redirect option, which means you will be redirect to HTTPS when you visit the page using insecure HTTP.

After setting the value, click the Save button at the very bottom to save the changes. When you go back to the previous browser which held the insecure HTTP visit warning, refresh it and you will see the secure lock icon replace Not Secure this time.


This article has described the creation of a sample Cloud Foundry application from scratch and its migration to OpenShift. By following these steps, you are now able to migrate any Cloud Foundry application to Red Hat OpenShift Cluster on IBM Cloud.


More from devops

IBM Cloud Continuous Delivery Now Supports Event Notifications

2 min read - We are pleased to announce that IBM Cloud Continuous Delivery now includes a tool integration with IBM Cloud Event Notifications. This integration allows administrators to configure toolchains to send notifications of events in a toolchain or a tool integration to other users or human destinations. In addition, these event notifications can be sent to other applications (such as IBM Cloud Functions) to build logic by using event-driven programming using webhooks, for example. With the new Event Notifications integration, toolchain administrators…

New Java, Python and Node SDKs and APIs for IBM Cloud Continuous Delivery

2 min read - We are pleased to announce the general availability of new language support for Toolchains-as-Code capabilities in IBM Cloud Continuous Delivery. The new IBM Cloud Continuous Delivery Java, Python and Node.js SDKs allow developers to programmatically interact with the IBM Cloud Toolchain and Tekton Pipeline API services and add to the Go language support that was previously available. In a previous blog article, we discussed the benefits of managing your Toolchains- and Pipelines-as-Code, which include the following: Easier management of multiple…

Deploy Resources and Toolchains with Terraform

3 min read - The journey to modernize our delivery pipeline continues. Learn how we moved to a Tekton CI/CD pipeline that is deployed using Schematics-managed Terraform (Toolchain as Code). The IBM Cloud solution tutorial Apply end-to-end security to a cloud application, like many, comes with code and a related GitHub repository. As a reader, you can either follow all the steps and manually create services and deploy the application, or you can take a shortcut and use an automation. Over time, the automation…

IBM Cloud Continuous Delivery Is Now IBM Cloud for Financial Services Validated

2 min read - We are pleased to announce that IBM Cloud Continuous Delivery is now IBM Cloud for Financial Services Validated. IBM Cloud for Financial Services Validated designates that a service has evidenced compliance to the controls of the IBM Cloud Framework for Financial Services and can be used to build solutions that might themselves be validated. Through the shared responsibility model of the framework and the surrounding standardized processes, financial institutions and ecosystem partners get benefits like the following: Less time spent…