Bug 1657094 - cannot access exposed URL: "Service Unavailable" for registry-webconsole [NEEDINFO]
Summary: cannot access exposed URL: "Service Unavailable" for registry-webconsole
Keywords:
Status: NEW
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Registry Console
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.11.z
Assignee: Martin Pitt
QA Contact: Yanping Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-07 04:51 UTC by Rutvik
Modified: 2019-04-05 15:11 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
mpitt: needinfo? (rkshirsa)


Attachments (Terms of Use)

Description Rutvik 2018-12-07 04:51:29 UTC
Description of problem:

The registry-console is exposed but not accessible via a route as well service.

The route is exposed as a passthrough and I could match that with oauth client URI as well.

Other application routes are working fine in the same cluster, the registry-console pod is also up and running.

As there is ELB present infront of OCP cluster hence just to eliminate traffic routing from ELB, we tried to add the route entry in "/etc/hosts" but no luck.

Pod logs:
>>
oc logs registry-console-1-c45vj 
INFO: cockpit-ws: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert
>> 

The cluster is configured with the OVS-multitenant plugin and default project has "0" netnamespace id.

$ sudo oc version
oc v3.11.16
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://master.abc.xyz.com:443
openshift v3.11.16
kubernetes v1.11.0+d4cacc0

Comment 3 Martin Pitt 2018-12-14 15:54:15 UTC
I suppose "ELB" means something like a load balancer, or a proxy? Other people reported that a service providing the registry-console does work with a TLS passthrough route, just not with reencrypt (see bug 1599227 - however, I don't fully understand the details of that either).

Does it work without the ELB, with directly accessing the route?

I'm afraid this report does not contain any useful information to try and reproduce the problem. Please test without ELB or describe how to set that up. Reproducing also requires a YAML description of the involved service and route. Something like

  oc get pods -o yaml registry-console-1-c45vj 

and the same for the route. I. e. the precise steps to replicate this on a completely  blank OCP cluster.

Thanks!


Note You need to log in before you can comment on or make changes to this bug.