1571133 – Ingress backend should use service port instead of service targetPort

Bug 1571133 - Ingress backend should use service port instead of service targetPort

Summary: Ingress backend should use service port instead of service targetPort

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Routing
Sub Component:
Version:	3.9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	3.9.z
Assignee:	Rajat Chopra
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-24 07:26 UTC by Hongan Li
Modified:	2018-04-30 19:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-04-30 19:20:18 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Hongan Li 2018-04-24 07:26:43 UTC

Description of problem:
The Ingress doesn't work if its backend.servicePort use service port, but it works if use service targetPort.


Version-Release number of selected component (if applicable):
openshift v3.9.24
kubernetes v1.9.1+a0ce1bc657


How reproducible:
always

Steps to Reproduce:
1. enable Ingress and add related cluster role to router
    #oc adm policy add-cluster-role-to-user system:openshift:controller:service-serving-cert-controller system:serviceaccount:default:router
    #oc env dc/router -e ROUTER_ENABLE_INGRESS=true

2. create your project, pod and svc
   #oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
   #oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json

3. ensure the service port is 27017 and targetPort is 8080.
# oc get svc -o yaml
<---snip--->
  spec:
    clusterIP: 172.30.139.190
    ports:
    - name: http
      port: 27017
      protocol: TCP
      targetPort: 8080
    selector:
      name: caddy-docker
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}

4. create ingress and its backend.servicePort use service port 27017, then curl the host "foo.bar.com".
# oc create -f test-ingress.json 
# cat test-ingress.json
{
    "apiVersion": "extensions/v1beta1",
    "kind": "Ingress",
    "metadata": {
        "name": "test-ingress"
    },
    "spec": {
        "rules": [
            {
                "host": "foo.bar.com",
                "http": {
                    "paths": [
                        {
                            "backend": {
                                "serviceName": "service-unsecure",
                                "servicePort": 27017
                            }
                        }
                    ]
                }
            }
        ]
    }
}
5. edit the ingress and change the backend.servicePort to use 8080, then curl the host.


Actual results:
In step 4, Ingress doesn't work, execute "curl --resolve foo.bar.com:80:$router_ip http://foo.bar.com" will get "503 Service Unavailable".
In step 5, Ingress works and can curl the host successfully. 

Expected results:
Ingress backend should use service port instead of targetPort.

Additional info:
1. in OCP 3.10, Ingress works well if backend use service port and cannot work if use targetPort.
2. this issue exists in 3.9 and previous release.

Comment 2 Ben Bennett 2018-04-30 19:20:18 UTC

This works in 3.10, and ingress support was in tech preview in 3.9.  There is a  work-around (use the same target port for the service and endpoints) for 3.9.

Note You need to log in before you can comment on or make changes to this bug.