We are running Liberty on RedHat Openshift and are deploying our images using the Liberty operator. In the OpenLibertyApplication we specify `expose: true` so that the OLA-Operator creates an OpenshiftRoute the deployment. For the Route we can specify a path as a string only. 

If no `path` is  specified or the `path` is specified as "/" all requests matching the route's hostname are served. Which is fine as long as all context roots should be served via the route. But we are seeking advise on how we can block certain context root(s) from being served via the route. 

For example: Our application exposes the following context roots namely /api and /openapi/ui. But we are using the `microProfile-6.0` feature and therefore the `mpMetrics` feature is loaded implicitly  exposing the /metrics endpoint.

However we don't want to expose the /metrics to the users and therefore would need for this example a way to configure the environment so that:

• /api is served 
• /openapi is served 
• /metrics is not served

Thanks a lot in advance for any advise how we can set this up.

Thanks, Hermann

------------------------------
Hermann Huebler
Cloud Architect
Alpium IT Solutions GmbH
Vienna
Austria

#IBMChampion
------------------------------

Hi, you can limit the /metrics to authorized users only using a separate config for authentication and authorization. 

Brian 

------------------------------
Brian S Paskin
Sr. Technology Engineer
IBM Cloud Engineering
------------------------------

Original Message:
Sent: Fri December 12, 2025 06:04 AM
From: Hermann Huebler
Subject: How to serve only certain context roots via an OpenLibertyApplication deployment

We are running Liberty on RedHat Openshift and are deploying our images using the Liberty operator. In the OpenLibertyApplication we specify `expose: true` so that the OLA-Operator creates an OpenshiftRoute the deployment. For the Route we can specify a path as a string only. 

If no `path` is  specified or the `path` is specified as "/" all requests matching the route's hostname are served. Which is fine as long as all context roots should be served via the route. But we are seeking advise on how we can block certain context root(s) from being served via the route. 

For example: Our application exposes the following context roots namely /api and /openapi/ui. But we are using the `microProfile-6.0` feature and therefore the `mpMetrics` feature is loaded implicitly  exposing the /metrics endpoint.

However we don't want to expose the /metrics to the users and therefore would need for this example a way to configure the environment so that:

• /api is served 
• /openapi is served 
• /metrics is not served

Thanks a lot in advance for any advise how we can set this up.

Thanks, Hermann

------------------------------
Hermann Huebler
Cloud Architect
Alpium IT Solutions GmbH
Vienna
Austria

#IBMChampion
------------------------------