Bug 1306216 - Two routes for a service with same hostname [NEEDINFO]
Two routes for a service with same hostname
Status: CLOSED DEFERRED
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ben Bennett
Johnny Liu
: Reopened
Depends On:
Blocks: 1267746
  Show dependency treegraph
 
Reported: 2016-02-10 05:47 EST by Christophe Augello
Modified: 2018-03-12 09:54 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-12 09:54:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
erich: needinfo? (caugello)


Attachments (Terms of Use)

  None (edit)
Description Christophe Augello 2016-02-10 05:47:34 EST
Description of problem:

For a service exposing two ports 8080(http) and 8443(https):
When creating a route for one or the other port, the routing to it's hostname will work.
When the use case would be to have a single hostname routing to 2 ports (8080 amd 8443), only the first create route will work. During the process, trough cli or webUI, no errors are showed.

Version-Release number of selected component (if applicable):
3.1.1

How reproducible:


Steps to Reproduce:
1. deploy an app that expose 2 ports
2. create a route for http for hostname app.example.com
3. create a route for https passtrough for hostname app.example.com

Actual results:

http://app.example.com will be accessible
https://app.example.com will return 503 error code

Expected results:
http://app.example.com forwarded to the service listening on 8080
https://app.example.com forwarded to the service listening on 8443

Additional info:

oc get route,ep,svc
NAME           HOST/PORT                       PATH      SERVICE   LABELS       INSECURE POLICY   TLS TERMINATION
tomcat         tomcat.cloudapps.xpaas.xyz                tomcat    app=tomcat                     
tomcat-https   tomcat.cloudapps.xpaas.xyz                tomcat    app=tomcat                     passthrough
NAME           ENDPOINTS                       AGE
tomcat         10.1.1.21:8080,10.1.1.21:8443   20h
NAME           CLUSTER_IP                      EXTERNAL_IP   PORT(S)             SELECTOR                             AGE
tomcat         172.30.41.4                     <none>        8080/TCP,8443/TCP   app=tomcat,deploymentconfig=tomcat   20h

http route:
~~~
apiVersion: v1
kind: Route
metadata:
  creationTimestamp: 2016-02-10T10:20:43Z
  labels:
    app: tomcat
  name: tomcat
  namespace: test
  resourceVersion: "214317"
  selfLink: /oapi/v1/namespaces/test/routes/tomcat
  uid: f0de569a-cfdf-11e5-b815-525400ed4449
spec:
  host: tomcat.cloudapps.xpaas.xyz
  port:
    targetPort: 8080
  to:
    kind: Service
    name: tomcat
status: {}
~~~

https route:
~~~
apiVersion: v1
kind: Route
metadata:
  creationTimestamp: 2016-02-10T10:21:36Z
  labels:
    app: tomcat
  name: tomcat-https
  namespace: test
  resourceVersion: "214356"
  selfLink: /oapi/v1/namespaces/test/routes/tomcat-https
  uid: 109cb15f-cfe0-11e5-b815-525400ed4449
spec:
  host: tomcat.cloudapps.xpaas.xyz
  port:
    targetPort: 8443
  tls:
    termination: passthrough
  to:
    kind: Service
    name: tomcat
status: {}

~~~

# curl http://172.30.41.4:8080  | head
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <title>Apache Tomcat/8.0.30</title>
        <link href="favicon.ico" rel="icon" type="image/x-icon" />
        <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />

# curl -k https://172.30.41.4:8443  | head
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <title>Apache Tomcat/8.0.30</title>
        <link href="favicon.ico" rel="icon" type="image/x-icon" />
        <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />

# curl http://tomcat.cloudapps.xpaas.xyz  | head                                                                                                                        
 <!DOCTYPE html>
 <html lang="en">
     <head>
       <meta charset="UTF-8" />
         <title>Apache Tomcat/8.0.30</title>
         <link href="favicon.ico" rel="icon" type="image/x-icon" />
         <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />

# curl -k https://tomcat.cloudapps.xpaas.xyz  | head
  <body>
    <h1>503 Service Unavailable</h1>
    No server available to handle the request.
  </body>
</html>
Comment 1 Eric Paris 2016-02-15 13:04:06 EST

*** This bug has been marked as a duplicate of bug 1243664 ***
Comment 3 Ben Bennett 2016-06-10 13:56:28 EDT
We deliberately don't allow two routes to have the same hostname (so that someone can't "steal" an https route by publishing an http one and tricking people into going to the http one).

With the change in:
  https://github.com/openshift/origin/pull/5224

We allow you request that if you have set up a secured route then it can send a redirect for the http traffic to https.

Unfortunately, at the moment only edge-terminated routes can use the redirection.  This bz is tracking that change:
  https://bugzilla.redhat.com/show_bug.cgi?id=1317159
Comment 6 Eric Rich 2018-03-12 09:54:36 EDT
This bug has been identified as a dated (created more than 3 months ago) bug. 
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, 
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. 

As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, 
as it is currently not part of the products immediate priorities.

Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.

Note You need to log in before you can comment on or make changes to this bug.