Description of problem: The Ingress doesn't work if its backend.servicePort use service port, but it works if use service targetPort. Version-Release number of selected component (if applicable): openshift v3.9.24 kubernetes v1.9.1+a0ce1bc657 How reproducible: always Steps to Reproduce: 1. enable Ingress and add related cluster role to router #oc adm policy add-cluster-role-to-user system:openshift:controller:service-serving-cert-controller system:serviceaccount:default:router #oc env dc/router -e ROUTER_ENABLE_INGRESS=true 2. create your project, pod and svc #oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json #oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json 3. ensure the service port is 27017 and targetPort is 8080. # oc get svc -o yaml <---snip---> spec: clusterIP: 172.30.139.190 ports: - name: http port: 27017 protocol: TCP targetPort: 8080 selector: name: caddy-docker sessionAffinity: None type: ClusterIP status: loadBalancer: {} 4. create ingress and its backend.servicePort use service port 27017, then curl the host "foo.bar.com". # oc create -f test-ingress.json # cat test-ingress.json { "apiVersion": "extensions/v1beta1", "kind": "Ingress", "metadata": { "name": "test-ingress" }, "spec": { "rules": [ { "host": "foo.bar.com", "http": { "paths": [ { "backend": { "serviceName": "service-unsecure", "servicePort": 27017 } } ] } } ] } } 5. edit the ingress and change the backend.servicePort to use 8080, then curl the host. Actual results: In step 4, Ingress doesn't work, execute "curl --resolve foo.bar.com:80:$router_ip http://foo.bar.com" will get "503 Service Unavailable". In step 5, Ingress works and can curl the host successfully. Expected results: Ingress backend should use service port instead of targetPort. Additional info: 1. in OCP 3.10, Ingress works well if backend use service port and cannot work if use targetPort. 2. this issue exists in 3.9 and previous release.
This works in 3.10, and ingress support was in tech preview in 3.9. There is a work-around (use the same target port for the service and endpoints) for 3.9.