Description of problem: Given router enable namespace labels, eg. NAMESPACE_LABELS=team=red. After that added the label(team=red) to namespace z1, then the router will be reloaded and the routes of z1 can work well by the router. But when updated or deleted the label of z1. The router will NOT be reloaded. this cause the routes of z1 still can be works by the router. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. enable the router with NAMESPACE_LABELS=team=red oc set env dc router NAMESPACE_LABELS=team=red 2. Create namespaces z1 and test pod/svc/route oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/prometheus/service_pod.json -n z1 oc expose svc hello-pod -n z1 3. Added the label for namespace z1 using admin user oc label namespace z1 team=red 4. Check the router logs 5. Check the route can be worked 6. Delete the label or update the label oc label namespace z1 team=blue --overwrite 7. Check the route again 8. Check the router logs Actual results: step 4. there will have logs shown "Router reloaded:" according to the time step 6. the route still can be accessed step 7. the route still can be accessed step 8. NO new logs "Router reloaded:" shown Expected results: step 7. the route should NOT be accessed Additional info:
sorry for missing the version: oc v3.11.0-0.11.0 openshift3/ose-haproxy-router v3.11 fe466b455da1
Fixes in PR: https://github.com/openshift/origin/pull/20579
@zhaozhanqi fyi - changes in above PR. Thx @hongli - it would be good to test this with the haproxy config manager as well. Slight caveat there, this scenario is going to cause a reload. The reason is because of the way the code is currently structured - we are not deleting routes from the router but rather deleting the state and service units directly for namespace filtering. Maybe filing an RFE to reduce the reloads (for this scenario with haproxy config manager) would be good. I think I might have an idea on a fix for that but would rather it has more soak time (next release). Thx
Tested on v3.11.0-0.19.0 Issue has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2652