Connecting to Db2 or Db2 Warehouse with a Red Hat OpenShift TLS route

You can set up an OpenShift TLS route to connect to the Db2 or Db2 Warehouse service on Red Hat OpenShift and Kubernetes from a Db2 or Db2 Warehouse client.

About this task

You can use the NodePort to access the Db2 or Db2 Warehouse database with a supported Db2 client (such as a JDBC client). If you don not want to use the NodePort, you can edit the service that exposes the NodePort to transform the NodePort back into a ClusterIP. In place, you can define an OpenShift® route over the Db2 or Db2 Warehouse TLS port.

The OpenShift TLS route that you create needs to have the following values set:
  • Route termination set to passthrough.
  • insecureEdgeTerminationPolicy set to None.
  • The target port 50001 or the label associated with the port ssl-server.

Procedure

  1. Determine the DB2U_IDENTIFIER to use that matches your Db2 deployment. The identifier matches the name of the custom resource (CR) that is used to deploy Db2.
    Note: If you used a Db2uCluster CR to deploy Db2, run the following command to retrieve the name of the CR:
    oc get db2ucluster

    If you used a Db2uInstance CR to deploy Db2 or Db2 Warehouse, run the following command to retrieve the name of the CR:

    oc get db2uinstance
  2. Create an OpenShift route named db2-route. Substitute DB2U_IDENTIFIER with the value that matches the desired Db2 or Db2 Warehouse deployment: 
    oc apply -f - <<EOF
apiVersion: route.openshift.io/v1
kind: Route
metadata:
 name: db2-route
 labels:
   formation_id: ${DB2U_IDENTIFIER}
spec:
 port:
   targetPort: 50001
 tls:
   insecureEdgeTerminationPolicy: None
   termination: passthrough
 to:
   kind: Service
   name: c-${DB2U_IDENTIFIER}-db2u-engn-svc
   weight: 100
 wildcardPolicy: None
EOF
  3. Retrieve the URL that is needed to connect to Db2 or Db2 Warehouse: 
    oc get route db2-route -o custom-columns=:{spec.host}