Bug 1861501
| Summary: | Ingress-Controller doesn't verify the generated haproxy config on a per-route level, allowing individual routes to break the whole ingress-controller | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | aaleman |
| Component: | Networking | Assignee: | aos-network-edge-staff <aos-network-edge-staff> |
| Networking sub component: | router | QA Contact: | Hongan Li <hongli> |
| Status: | CLOSED DEFERRED | Docs Contact: | |
| Severity: | high | ||
| Priority: | medium | CC: | amcdermo, aos-bugs, bbennett, bperkins, sgreene |
| Version: | 4.4 | Keywords: | Reopened |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-05 17:00:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
aaleman
2020-07-28 19:08:32 UTC
*** This bug has been marked as a duplicate of bug 1861383 *** @Andrew McDermott Why is this marked as duplicate of 1861383? 1861383 is about one concrete bug we found, this one is about limiting the impact of any bug in that area. A single route should never be able to break the ingress-controller. (In reply to aaleman from comment #2) > @Andrew McDermott Why is this marked as duplicate of 1861383? 1861383 is > about one concrete bug we found, this one is about limiting the impact of > any bug in that area. A single route should never be able to break the > ingress-controller. (In hindsight) Perhaps I should have done it the other way around. Verifying the config AOT would fix https://bugzilla.redhat.com/show_bug.cgi?id=1861383, though I still need to think how/where that error would be bubbled up. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1857025 "Creating faulty(bad formatted cert&key) route makes other existing routes inaccessible" I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint. Target reset from 4.6 to 4.7 while investigation is either ongoing or not yet started. Will be considered for earlier release versions when diagnosed and resolved. I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint. Tagging with UpcomingSprint while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved. Tagging with UpcomingSprint while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved. Tagging with UpcomingSprint while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved. Tagging with UpcomingSprint while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved. Close/deferred as will add this to our Jira backlog for enhancements. (In reply to Andrew McDermott from comment #13) > Close/deferred as will add this to our Jira backlog for enhancements. https://issues.redhat.com/browse/NE-557 |