Description of problem: Given I create a domain with wildcard policy enabled and host is *.test.wildcard.com When another user who creates a new route with host is *.wildcard.com Then the route will always point to the latter one. Version-Release number of selected component (if applicable): oc v3.4.0.22+5c56720 kubernetes v1.4.0+776c994 ose-haproxy-router:v3.4.0.22 How reproducible: always Steps to Reproduce: 1. Setup the router with wildcard route allowed 2. Create pod and service in user1's project1 $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json 3. Create wildcard route in user1's project1 $ oc create -f route.json cat route.json { "kind": "Route", "apiVersion": "v1", "metadata": { "name": "route" }, "spec": { "wildcardPolicy": "Subdomain", "host": "unsecure.test2.wildcard.com", "to": { "kind": "Service", "name": "service-unsecure" } } } 4. Access the route aaa.test2.wildcard.com 5. Create pod and service in user2's project2 $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker-2.json $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json 6. Create wildcard route in user2's project2 $ oc create -f route2.json cat route2.json { "kind": "Route", "apiVersion": "v1", "metadata": { "name": "route" }, "spec": { "wildcardPolicy": "Subdomain", "host": "unsecure.wildcard.com", "to": { "kind": "Service", "name": "service-unsecure" } } } 7. Access the route aaa.test2.wildcard.com Actual results: 4. Will point to the pod in user1's project1 when accessing the aaa.test2.wildcard.com 7. It will point to the pod in user2's project2 when accessing the aaa.test2.wildcard.com Expected results: The host which matches more should win the route. Or the older one should win the route. Additional info:
Fixed in PR: https://github.com/openshift/origin/pull/11819
This has been merged into ose and is in OSE v3.4.0.24 or newer.
Checked on ocp build v3.4.0.24, issue has been fixed. $ curl --resolve www.test.wildcard.com:80:10.66.140.165 http://www.test.wildcard.com Hello-OpenShift-1 http-8080 $ curl --resolve aaa.test.wildcard.com:80:10.66.140.165 http://aaa.test.wildcard.com Hello-OpenShift-1 http-8080 $ curl --resolve unsecure.wildcard.com:80:10.66.140.165 http://unsecure.wildcard.com Hello-OpenShift-2 http-8080 $ curl --resolve xxx.wildcard.com:80:10.66.140.165 http://xxx.wildcard.com Hello-OpenShift-2 http-8080
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0066