Bug 2072739

Summary: [release-4.10] Domain validation fails when TLD contains a digit.
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: NetworkingAssignee: Candace Holman <cholman>
Networking sub component: router QA Contact: Arvind iyengar <aiyengar>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aiyengar, cholman, dahernan, hongli, htbthach, jorbell, juqiao, kahara, mharri, mjoseph, mmasters, nstamate, openshift-bugs-escalate, sorth, stanislav.polasek, vwalek
Version: 4.10   
Target Milestone: ---   
Target Release: 4.10.z   
Hardware: Unspecified   
OS: All   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: OpenShift 4.8 added an API for customizing platform routes, such as the routes for OpenShift console and OAuth. This API includes status and spec fields in the cluster ingress configuration for reporting the current host names of customizable routes as well as the user's desired host names for these routes, respectively. The API also defined constraints for these values. These constraints were overly restrictive and excluded some valid potential host names, such as host names with top-level domains (TLDs) that contained decimal digits. Consequence: The overly restrictive validation for the new API had two important consequences. First, the restriction on spec prevented users from specifying custom host names that should have been permitted. Second, the restriction on status prevented users from being able to install clusters with domains that should have been permitted, because the operators that report the status would fail when trying to update status. For example, installing a cluster with the domain m3558001.ocptest1 would fail because of the "1" in the TLD. Fix: The constraints on host names in the new API were relaxed to allow all host names that are valid for routes. Result: OpenShift once again allows users to use cluster domains with TLDs that contain decimal digits. OpenShift additionally allows users to customize the console and OAuth routes using any host names that are valid for routes.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-11 10:31:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2039256    
Bug Blocks: 1980363, 2009709, 2075551    

Comment 9 Arvind iyengar 2022-04-26 11:25:09 UTC
Verified with the latest CI image. With the fix in place, the error no more occurs with the component route containing numeric values in the hostname:

oc get clusterversion                    
NAME      VERSION                                                   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.0-0.ci.test-2022-04-26-104627-ci-ln-vcn7b9b-latest   True        False         60s     Cluster version is 4.10.0-0.ci.test-2022-04-26-104627-ci-ln-vcn7b9b-latest

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: config.openshift.io/v1
kind: Ingress
  creationTimestamp: "2022-04-26T10:58:31Z"
  generation: 2
  name: cluster
  resourceVersion: "28399"
  uid: 4f56b4b9-9013-4577-b738-84b40e33b4ac
  - hostname: custom-route-inval3d.doma2n
    name: downloads
    namespace: openshift-console
  domain: apps.ci-ln-vcn7b9b-76ef8.origin-ci-int-aws.dev.rhcloud.com

Comment 12 Arvind iyengar 2022-05-02 07:03:37 UTC
Re-Verified in the latest nightly release [4.10.0-0.nightly-2022-04-30-165345]. Marking as "verified"

Comment 16 errata-xmlrpc 2022-05-11 10:31:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.13 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.