Bug 1678267
| Summary: | The Object Count Quotas limitation for Route does not limit if the object is created from web-console. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Sanket N <snalawad> |
| Component: | openshift-apiserver | Assignee: | Stefan Schimanski <sttts> |
| Status: | CLOSED WONTFIX | QA Contact: | Xingxing Xia <xxia> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 3.11.0 | CC: | aos-bugs, dapark, jokerman, mfojtik, mmccomas, spadgett, sttts, xxia |
| Target Milestone: | --- | ||
| Target Release: | 3.11.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-26 11:04:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sanket N
2019-02-18 11:52:02 UTC
Can you confirm exactly how you created the route? Did you use the route editor or did you import YAML? I would add an additional entry to the quota for `routes` without the API group. If you are creating the route using YAML without specifying the API group, it would not check against the `routes.route.openshift.io` limit (to my knowledge). Note that quota is enforced by the API server and is not enforced by the web console. Changing component to master. Hi,
The routes were created using the navigation tabs from the console.
Application-->Routes-->CreateRoute
The YAML for the route was self-generated by OCP
#######################################################################################3
--------------/YAML output of route created using console-------------->
[root@master-0 ~]# oc get route httpd2 -o yaml
apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: 2019-02-18T11:35:29Z
labels:
app: httpd
name: httpd2
namespace: quota
resourceVersion: "278903"
selfLink: /apis/route.openshift.io/v1/namespaces/quota/routes/httpd2
uid: 4ad60807-3371-11e9-baac-fa163ef0c742
spec:
host: httpd2-quota.apps.**redhat.com
port:
targetPort: 8080-tcp
to:
kind: Service
name: httpd1
weight: 100
wildcardPolicy: None
status:
ingress: null
[root@master-0 ~]#
------------------------------------------------------------------>
--------------/YAML output of route created using cli-------------->
[root@master-0 ~]# oc get route httpd -o yaml
apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
openshift.io/host.generated: "true"
creationTimestamp: 2019-02-18T11:25:56Z
labels:
app: httpd
name: httpd
namespace: quota
resourceVersion: "277450"
selfLink: /apis/route.openshift.io/v1/namespaces/quota/routes/httpd
uid: f5b4a68f-336f-11e9-8891-fa163ef0c742
spec:
host: httpd-quota.apps.***redhat.com
port:
targetPort: 8080-tcp
to:
kind: Service
name: httpd
weight: 100
wildcardPolicy: None
status:
ingress: null
----------------------------------------------------------------------->
#######################################################################################3
Additional info:
--------------Yaml output of created quota------------>
[root@master-0 ~]# oc get quota test -o yaml
apiVersion: v1
kind: ResourceQuota
metadata:
creationTimestamp: 2019-02-18T11:14:44Z
name: test
namespace: quota
resourceVersion: "279304"
selfLink: /api/v1/namespaces/quota/resourcequotas/test
uid: 64fac38d-336e-11e9-8891-fa163ef0c742
spec:
hard:
count/routes.route.openshift.io: "2"
status:
hard:
count/routes.route.openshift.io: "2"
used:
count/routes.route.openshift.io: "4"
[root@master-0 ~]#
----------------------------------------------------->
Can we have any updates on the Bugzilla. Do let me know if any additional information is required. I reproduced in v3.11.113 env web console. In web console, press F12, in bottom window, click "Network" tab, then in web console click `Application-->Routes-->CreateRoute`, found POST request url uses non-group api: /oapi/v1/namespaces/xxia-proj/routes, while `oc expose svc httpd-ex --loglevel 6` uses group api "POST .../apis/route.openshift.io/v1/namespaces/xxia-proj2/routes.
BTW, after web console CreateRoute created route, `oc describe quota` does not update "Used" value immediately. After a few mins, "Used" will be increased. While `oc expose svc ...` can immediately update "Used".
In web console, if click Overview-->Add to Project-->Import YAML/JSON, input below group api YAML, the creation can be restricted.
apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: httpd
name: httpd-ex6
spec:
port:
targetPort: 8080-tcp
to:
kind: Service
name: httpd
Thus, either web console should fix CreateRoute page with group api request, or Master team fix it by enforcing quota both on group api and old non-group oapi
Have you tried the recommendation from comment #1? > I would add an additional entry to the quota for `routes` without the API group. If you are creating the route using YAML without specifying the API group, it would not check against the `routes.route.openshift.io` limit (to my knowledge). Note that the legacy API groups are removed in 4.x, so this won't be an issue in future versions. > (In reply to Xingxing Xia from comment #5) > Thus, either web console should fix CreateRoute page with group api request, > or Master team fix it by enforcing quota both on group api and old non-group > oapi This can't be addressed in the web console. The API server must enforce quota to prevent creating items from CLI or API directly. *** Bug 1726198 has been marked as a duplicate of this bug. *** As the bug (In reply to Samuel Padgett from comment #6) > Have you tried the recommendation from comment #1? > > > I would add an additional entry to the quota for `routes` without the API group. If you are creating the route using YAML without specifying the API group, it would not check against the `routes.route.openshift.io` limit (to my knowledge). > > Note that the legacy API groups are removed in 4.x, so this won't be an > issue in future versions. > > > (In reply to Xingxing Xia from comment #5) > > Thus, either web console should fix CreateRoute page with group api request, > > or Master team fix it by enforcing quota both on group api and old non-group > > oapi > > This can't be addressed in the web console. The API server must enforce > quota to prevent creating items from CLI or API directly. Can I request the respective team to take further action on the bug. One of my customers wants this bug to be fixed on OCP v3.11. This bug hasn't had any engineering activity in the last ~30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale". If you have further information on the current state of the bug, please update it and remove the "LifecycleStale" keyword, otherwise this bug will be automatically closed in 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. This bug hasn't had any activity 7 days after it was marked as LifecycleStale, so we are closing this bug as WONTFIX. If you consider this bug still valuable, please reopen it or create new bug. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |