Bug 1860136
| Summary: | default ingress does not propagate annotations to route object on update | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ben Parees <bparees> |
| Component: | Networking | Assignee: | Miheer Salunke <misalunk> |
| Networking sub component: | router | QA Contact: | Arvind iyengar <aiyengar> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | medium | CC: | amcdermo, aos-bugs, bbennett, hgomes, hongli, misalunk |
| Version: | 4.5 | Keywords: | UpcomingSprint |
| Target Milestone: | --- | ||
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-24 15:13:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ben Parees
2020-07-23 18:57:23 UTC
I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint. Target reset from 4.6 to 4.7 while investigation is either ongoing or not yet started. Will be considered for earlier release versions when diagnosed and resolved. I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint. Tagging with UpcomingSprint while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved. PR - https://github.com/openshift/openshift-controller-manager/pull/149 Units tests have passed -> [miheer@miheer openshift-controller-manager]$ GO111MODULE=on go test -v -run TestController_sync ./pkg/route/ingress/ === RUN TestController_sync === RUN TestController_sync/no_changes === RUN TestController_sync/sync_namespace_-_no_ingress === RUN TestController_sync/sync_namespace_-_two_ingress === RUN TestController_sync/ignores_incomplete_ingress_-_no_host === RUN TestController_sync/ignores_incomplete_ingress_-_no_service === RUN TestController_sync/ignores_incomplete_ingress_-_no_paths === RUN TestController_sync/ignores_incomplete_ingress_-_service_does_not_exist === RUN TestController_sync/create_route === RUN TestController_sync/create_route_-_targetPort_string,_service_port_with_name === RUN TestController_sync/create_route_-_blocked_by_expectation === RUN TestController_sync/update_route === RUN TestController_sync/no-op === RUN TestController_sync/no-op_-_ignore_partially_owned_resource === RUN TestController_sync/update_ingress_with_missing_secret_ref === RUN TestController_sync/update_ingress_to_not_reference_secret === RUN TestController_sync/update_route_-_tls_config_missing === RUN TestController_sync/update_route_-_termination_policy_changed_to_passthrough === RUN TestController_sync/update_route_-_termination_policy_changed_to_reencrypt === RUN TestController_sync/update_route_-_termination_policy_changed_to_reencrypt_and_no_tls_secret === RUN TestController_sync/termination_policy_on_ingress_invalid,_nothing_happens === RUN TestController_sync/termination_policy_on_ingress_invalid,_disables_tls === RUN TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert === RUN TestController_sync/update_route_-_secret_values_changed === RUN TestController_sync/no-op_-_has_TLS === RUN TestController_sync/no-op_-_has_secret_with_empty_keys === RUN TestController_sync/no-op_-_termination_policy_has_been_changed_by_the_user === RUN TestController_sync/update_route_-_router_admitted_route === RUN TestController_sync/update_route_-_second_router_admitted_route === RUN TestController_sync/no-op_-_ingress_status_already_updated === RUN TestController_sync/no-op_-_router_rejected_route === RUN TestController_sync/delete_route_when_referenced_secret_is_not_TLS === RUN TestController_sync/delete_route_when_referenced_secret_is_not_valid === RUN TestController_sync/ignore_route_when_parent_ingress_no_longer_exists_(gc_will_handle) === RUN TestController_sync/update_route_-_termination_policy_changed_to_passthrough_and_timeout_set --- PASS: TestController_sync (0.00s) --- PASS: TestController_sync/no_changes (0.00s) --- PASS: TestController_sync/sync_namespace_-_no_ingress (0.00s) --- PASS: TestController_sync/sync_namespace_-_two_ingress (0.00s) --- PASS: TestController_sync/ignores_incomplete_ingress_-_no_host (0.00s) --- PASS: TestController_sync/ignores_incomplete_ingress_-_no_service (0.00s) --- PASS: TestController_sync/ignores_incomplete_ingress_-_no_paths (0.00s) --- PASS: TestController_sync/ignores_incomplete_ingress_-_service_does_not_exist (0.00s) --- PASS: TestController_sync/create_route (0.00s) --- PASS: TestController_sync/create_route_-_targetPort_string,_service_port_with_name (0.00s) --- PASS: TestController_sync/create_route_-_blocked_by_expectation (0.00s) --- PASS: TestController_sync/update_route (0.00s) --- PASS: TestController_sync/no-op (0.00s) --- PASS: TestController_sync/no-op_-_ignore_partially_owned_resource (0.00s) --- PASS: TestController_sync/update_ingress_with_missing_secret_ref (0.00s) --- PASS: TestController_sync/update_ingress_to_not_reference_secret (0.00s) --- PASS: TestController_sync/update_route_-_tls_config_missing (0.00s) --- PASS: TestController_sync/update_route_-_termination_policy_changed_to_passthrough (0.00s) --- PASS: TestController_sync/update_route_-_termination_policy_changed_to_reencrypt (0.00s) --- PASS: TestController_sync/update_route_-_termination_policy_changed_to_reencrypt_and_no_tls_secret (0.00s) --- PASS: TestController_sync/termination_policy_on_ingress_invalid,_nothing_happens (0.00s) --- PASS: TestController_sync/termination_policy_on_ingress_invalid,_disables_tls (0.00s) --- PASS: TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert (0.00s) --- PASS: TestController_sync/update_route_-_secret_values_changed (0.00s) --- PASS: TestController_sync/no-op_-_has_TLS (0.00s) --- PASS: TestController_sync/no-op_-_has_secret_with_empty_keys (0.00s) --- PASS: TestController_sync/no-op_-_termination_policy_has_been_changed_by_the_user (0.00s) --- PASS: TestController_sync/update_route_-_router_admitted_route (0.00s) --- PASS: TestController_sync/update_route_-_second_router_admitted_route (0.00s) --- PASS: TestController_sync/no-op_-_ingress_status_already_updated (0.00s) --- PASS: TestController_sync/no-op_-_router_rejected_route (0.00s) --- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_TLS (0.00s) --- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_valid (0.00s) --- PASS: TestController_sync/ignore_route_when_parent_ingress_no_longer_exists_(gc_will_handle) (0.00s) --- PASS: TestController_sync/update_route_-_termination_policy_changed_to_passthrough_and_timeout_set (0.00s) PASS ok github.com/openshift/openshift-controller-manager/pkg/route/ingress (cached) [miheer@miheer openshift-controller-manager]$ Tested in "4.7.0-0.ci.test-2020-11-30-072352-ci-ln-wkrp2j2" CI image. With this payload, the ingress timeout annotation appears to be getting honored and gets applied on the corresponding route:
-----
Ingress definition used:
$ cat ingress-route-timout-example.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-route
annotations:
haproxy.router.openshift.io/timeout: 5m <---
spec:
rules:
- host: service-unsecure-test1.internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com
http:
paths:
- path: "/"
pathType: "Prefix"
backend:
service:
name: service-unsecure
port:
number: 27017
After creating the ingress object the corresponding route could be seen getting created with the defined timeout annotation :
$ oc create -f ingress-route-timout-example.yaml
ingress.networking.k8s.io/ingress-route created
$ oc get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-route <none> service-unsecure-test1.internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com apps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com,internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com 80 21s
$ oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
ingress-route-h57f6 service-unsecure-test1.internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com ... 1 more / service-unsecure http None
$ oc describe route ingress-route-h57f6
Name: ingress-route-h57f6
Namespace: test1
Created: About a minute ago
Labels: <none>
Annotations: haproxy.router.openshift.io/timeout=5m <-----
Requested Host: service-unsecure-test1.internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com
exposed on router internalapps (host internalapps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com) about a minute ago
exposed on router default (host apps.ci-ln-wkrp2j2-002ac.ci.azure.devcluster.openshift.com) about a minute ago
Path: /
TLS Termination: <none>
Insecure Policy: <none>
Endpoint Port: http
Service: service-unsecure
Weight: 100 (100%)
Endpoints: 10.128.2.13:8080, 10.129.2.24:8080
-----
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days |