Bug 1401338 - Allow host claims to be disabled in the router
Summary: Allow host claims to be disabled in the router
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.3.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
: ---
Assignee: Ram Ranganathan
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-04 23:01 UTC by Josep 'Pep' Turro Mauri
Modified: 2018-01-09 09:52 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-09 09:52:32 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Josep 'Pep' Turro Mauri 2016-12-04 23:01:30 UTC
This RFE is to have the ability to disable the hostname uniqueness checks for routes across namespaces.

This is a spin-off from Bug 1344746 where more elaborate / longer term work is being done to improve handling route host/path claims. See that BZ for more details.

While waiting for that longer term option, this request is to have the ability to disable the checks - allowing full flexibility in Routes. 

This implies that collisions can happen, and an additional "external" control mechanism is expected from administrators that disable this check in their cluster (for example: a tighter set of permissions/manual controls on Routes for someone/some team to control host/path allocation).

Comment 1 Ram Ranganathan 2016-12-05 20:56:56 UTC
Adding associated trello card:  https://trello.com/c/jd6RksVX

Comment 4 Josep 'Pep' Turro Mauri 2018-01-09 09:52:32 UTC
The change requested here was implemented in OCP 3.5:

$ oc adm router -h | grep ownership

      --disable-namespace-ownership-check=false: Disables the
        namespace ownership check and allows different namespaces
        to claim either different paths to a route host or
        overlapping host names in case of a wildcard route. The
        default behavior (false) to restrict claims to the oldest
        namespace that has claimed either the host or the
        subdomain. Please be aware that if namespace ownership
        checks are disabled, routes in a different namespace can
        use this mechanism to 'steal' sub-paths for existing
        domains. This is only safe if route creation privileges
        are restricted, or if all the users can be trusted.

Somehow the RFE remained open though. Closing it now.


Note You need to log in before you can comment on or make changes to this bug.