Bug 2010227
| Summary: | Path based routing is broken for some combinations | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Melvin Joseph <mjoseph> |
| Component: | Networking | Assignee: | Miheer Salunke <misalunk> |
| Networking sub component: | router | QA Contact: | Melvin Joseph <mjoseph> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | aiyengar, amcdermo, bverschu, cholman, hongli, johan-fedora, misalunk, mjoseph, mmasters, ops, palonsor, tnozicka |
| Version: | 4.9 | Flags: | mjoseph:
needinfo-
|
| Target Milestone: | --- | ||
| Target Release: | 4.9.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Let's say we have 2 routes like this:
- HTTP-only route for "myapp.apps.example.com" domain and "/mypath" path
- HTTPS-edge-redirect route for "myapp.apps.example.com" and no path
In such situation, redirect is sent for any query to "myapp.apps.example.com", including "myapp.apps.example.com/mypath", so the more specific path route is not taking precedence as expected.
With this fix we now set a flag on redirect in the map so haproxy checks if this flag is enabled in the map and then performs the redirect accordingly.
|
Story Points: | --- |
| Clone Of: | 1896474 | Environment: | |
| Last Closed: | 2022-07-05 22:04:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1896474 | ||
| Bug Blocks: | |||
|
Comment 1
Miciah Dashiel Butler Masters
2021-10-05 16:20:55 UTC
This is a backport and now right target release is set. Clearing the needinfo flags as justification is provided by Pablo % oc new-project service-route-issue Now using project "service-route-issue" on server "https://api.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app rails-postgresql-example to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname % oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/hello-openshift/hello-pod.json pod/hello-openshift created % oc label pod hello-openshift app=hello-openshift pod/hello-openshift labeled % oc get po NAME READY STATUS RESTARTS AGE hello-openshift 1/1 Running 0 10s % oc create service clusterip hello-openshift --tcp=80:8080 --tcp=443:8443 service/hello-openshift created % vi route.yaml % cat route.yaml apiVersion: route.openshift.io/v1 kind: Route metadata: creationTimestamp: null labels: app: hello-openshift name: hello-openshift spec: host: "" port: targetPort: 8080 tls: termination: edge to: kind: "" name: hello-openshift weight: null% % % oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-openshift ClusterIP 172.30.158.58 <none> 80/TCP,443/TCP 72s oc create -f route.yaml route.route.openshift.io/hello-openshift created % oc get route NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD hello-openshift hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com hello-openshift 8080 edge None % cat route-with-insecure-allow.yaml % vi route-with-insecure-allow.yaml % cat route-with-insecure-allow.yaml apiVersion: route.openshift.io/v1 kind: Route metadata: creationTimestamp: null labels: app: hello-openshift name: hello-openshift-http-allow spec: host: "hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com" port: targetPort: 8080 path: "/test" to: kind: Service name: hello-openshift weight: null status: ingress: null % oc create -f route-with-insecure-allow.yaml route.route.openshift.io/hello-openshift-http-allow created % oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD hello-openshift hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com hello-openshift 8080 edge None hello-openshift-http-allow hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com /test hello-openshift 8080 None % % curl -Ik http://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com HTTP/1.0 503 Service Unavailable pragma: no-cache cache-control: private, max-age=0, no-cache, no-store content-type: text/html % curl -Ik http://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com/test HTTP/1.1 200 OK date: Tue, 11 Jan 2022 09:21:06 GMT content-length: 17 content-type: text/plain; charset=utf-8 set-cookie: adbec88c545fa91f71ca5c51323dccf8=6f724422fa0872ec59434efcf87f7808; path=/; HttpOnly cache-control: private % curl -Ik https://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com HTTP/1.1 200 OK date: Tue, 11 Jan 2022 09:21:19 GMT content-length: 17 content-type: text/plain; charset=utf-8 set-cookie: 29df4ae9f33eb1d50113228c1151c2c9=6f724422fa0872ec59434efcf87f7808; path=/; HttpOnly; Secure; SameSite=None cache-control: private Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.9.41 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5434 |