Bug 1401338

Summary: Allow host claims to be disabled in the router
Product: OpenShift Container Platform Reporter: Josep 'Pep' Turro Mauri <pep>
Component: RFEAssignee: Ram Ranganathan <ramr>
Status: CLOSED CURRENTRELEASE QA Contact: Meng Bo <bmeng>
Severity: medium Docs Contact:
Priority: high    
Version: 3.3.0CC: aos-bugs, bmeng, erich, jokerman, jswensso, mmccomas, pep, sjr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-09 09:52:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Josep 'Pep' Turro Mauri 2016-12-04 23:01:30 UTC
This RFE is to have the ability to disable the hostname uniqueness checks for routes across namespaces.

This is a spin-off from Bug 1344746 where more elaborate / longer term work is being done to improve handling route host/path claims. See that BZ for more details.

While waiting for that longer term option, this request is to have the ability to disable the checks - allowing full flexibility in Routes. 

This implies that collisions can happen, and an additional "external" control mechanism is expected from administrators that disable this check in their cluster (for example: a tighter set of permissions/manual controls on Routes for someone/some team to control host/path allocation).

Comment 1 Ram Ranganathan 2016-12-05 20:56:56 UTC
Adding associated trello card:  https://trello.com/c/jd6RksVX

Comment 4 Josep 'Pep' Turro Mauri 2018-01-09 09:52:32 UTC
The change requested here was implemented in OCP 3.5:

$ oc adm router -h | grep ownership

      --disable-namespace-ownership-check=false: Disables the
        namespace ownership check and allows different namespaces
        to claim either different paths to a route host or
        overlapping host names in case of a wildcard route. The
        default behavior (false) to restrict claims to the oldest
        namespace that has claimed either the host or the
        subdomain. Please be aware that if namespace ownership
        checks are disabled, routes in a different namespace can
        use this mechanism to 'steal' sub-paths for existing
        domains. This is only safe if route creation privileges
        are restricted, or if all the users can be trusted.

Somehow the RFE remained open though. Closing it now.