Red Hat Bugzilla – Bug 1461378
[free-int]reencrypt route should be supported for free-int
Last modified: 2017-11-09 14:00:00 EST
Description of problem:
Reencrypt route without specified destinationCA return 503 error.
this feature should be supported after https://github.com/openshift/origin/pull/13752
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create app pod/service on free-int env
$oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
2. Create reencrypt route
$ oc create route reencrypt reen --service=service-secure
3. Access the reencrypt route
step 3 return 503 error
step 3 the route should can be accessed and return 'hello-openshift'
*** This bug has been marked as a duplicate of bug 1462709 ***
You need https://github.com/openshift/origin/pull/13752 to make reencrypt routes work with your template.
this bug is not duplicated with bug 1462709. as your comment 2 said. the bug need to update the haproxy template. So please Miciah help check this.
@zhaozhanqi: Miciah is working on it under https://bugzilla.redhat.com/show_bug.cgi?id=1462709
Then the old routers not working with the new API is being addressed as https://bugzilla.redhat.com/show_bug.cgi?id=1461624
This is a duplicate of one or the other... so I'm closing it again :-)
*** This bug has been marked as a duplicate of bug 1461624 ***
Maybe I did express this issue clearly..
For free-int, it did not support reencrypt route before 3.6. but a new feature was merged https://github.com/openshift/origin/pull/13752..
So the reencrypt route should be supported since user do not need to provide the destination CA.
for bug 1462709 and 1461624. they are caused by the rencrypt CA blocked the router. that's mean all routes will be failed
I also changed the title in case of you are misunderstood it.
I'm confused. Free-int runs a custom router template. The changes introduced by https://github.com/openshift/origin/pull/13752 broke compatibility with the old router template and https://bugzilla.redhat.com/show_bug.cgi?id=1461624 will fix that.
The other way to fix that is for someone in Online to update the custom router template they use to incorporate the changes in https://github.com/openshift/origin/pull/13752, or to remove the custom template (since it now has the features Online needs) entirely. I believe Miciah is working on that.
What other outcome do you want from this bug? I'll assign it to Miciah in case he knows something I don't.
These three Bugzilla reports deal with distinct but subtly different issues:
Bug 1461624 "[free-int] Unable to access exposed service on cluster" — this is a defect in RHOCP/Origin (a change in the router breaks backwards compatibility with custom templates).
Bug 1462709 "[free][free-int]The route is not available" — this is an operational problem (broken router was blocking testing) caused by bug 1461624, which we mitigated for now by deleting problematic reencrypt routes.
Bug 1461378 "[free-int]reencrypt route should be supported for free-int" — this is a configuration change we intend to make to allow reencrypt routes, now that we have the "routes/custom-host" resource and improved validation.
I hope that clears things up!
Starter tier clusters now use the same default router template that ships with OCP. This issue should now be resolved.
Found free-int still using the custom template
- name: TEMPLATE_FILE
So please move this bug to ON_QA once it's upgrade, thanks
free-int and free-stg now should have the standard router template.
Verified this bug on free-int.
free-int version (v3.7.0-0.104.0)