Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1534488

Summary: [3.9] Path based routing is broken for mixed tls
Product: OpenShift Container Platform Reporter: Tomáš Nožička <tnozicka>
Component: NetworkingAssignee: Jacob Tanenbaum <jtanenba>
Status: CLOSED CURRENTRELEASE QA Contact: Hongan Li <hongli>
Severity: high Docs Contact:
Priority: high    
Version: 3.9.0CC: aos-bugs, bbennett, eparis, zzhao
Target Milestone: ---   
Target Release: 3.9.z   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Splitting up the route types into separate map files Consequence: Because haproxy looks for the first match and a route with no path is a catch all for all other paths would cause haproxy to match the wrong route with some configurations Fix: Merge maps that make sense and make sure that they are searched appropriately Result: Correctly match the incoming requests with the corresponding backends
 Story Points: ---
Clone Of:
: 1534816 (view as bug list) Environment:
Last Closed: 2018-06-05 13:43:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1534816    

Description Tomáš Nožička 2018-01-15 11:08:54 UTC 
Description of problem:
If you mix 2 Routes (edge terminated) one with InsecureEdgeTerminationPolicy Redirect and the other one with Allow, path based routing doesn't work and the redirect Route always wins.

Version-Release number of selected component (if applicable):
All current versions are broken.

How reproducible:
Always.

Actual results:
All traffic goes to Redirect Route.

Expected results:
Traffic goes by the rules of path based routing as declared in: 
https://docs.openshift.org/latest/architecture/networking/routes.html#path-based-routes


Additional info:
related issues:
 - https://github.com/openshift/origin/issues/14950
 - https://github.com/tnozicka/openshift-acme/issues/16


There is already a pull from community to fix it 

  https://github.com/openshift/origin/pull/15847

waiting for a review from networking team since Aug 18, 2017.
Comment 3 zhaozhanqi 2018-04-13 09:05:20 UTC 
hi, Ben Bennett

I have tested this bug and it has been fixed on the 3.10 version 

From comment 2, the bug also needs to backports the old version. I did not seen the related PR for the old version and I did a testing on 3.7.44, it still not fixed yet.

Do we have plan for the old version?
Comment 7 Ben Bennett 2018-06-05 13:43:05 UTC 
@hongli: Sorry, things got tangled.  The other was supposed to be a 3.9 backport clone but wasn't annotated correctly.  I'll make this the 3.9 backport bug.

BUT since this is not a regression, I think the 3.10 fix is fine and needn't be backported, so I am closing this bug.