Looks like I need to backport https://github.com/openshift/origin/commit/b08af4a7b7a9d9e216a46f4bbed4cf8f24e79bcb to our custom router template.
The custom router template is supposed to prohibit regular users from using reencrypt routes in dev-preview. Is the template failing to block reencrypt routes for regular users? Based on the commit, it appears the inverted logic is not specific to reencrypt routes, which means the healthcheck will wake up *any* idle application, irrespective of the route type (unsecure, edge, reencrypt, or passthrough). Also, it looks like the router will *not* perform healthchecks when it should for non-idle applications. Do I understand correctly?
Solly, maybe you can help with the second question in <https://bugzilla.redhat.com/show_bug.cgi?id=1379552#c2>.
Yeah, it's not specific to the re-encrypt routes. At some point during the PR, an extra "not" snuck in, causing the router to *only* perform health checks on idled services (and not on non-idled services). The commit above fixes that.
Dev-preview-stg has been updated with the latest change and the router has been redeployed with the new template. (Built into openshift-scripts-online-3.3.0.6-1.el7.x86_64)
Verified on STG after router redeployed, no issues found