Verified in "4.9.0-0.ci.test-2021-08-24-065133-ci-ln-k3iid0k-latest" release version. With this payload, adding the "route.openshift.io/allow-non-dns-compliant-host: true" annotation, causes the long route names to be accepted during creation but will eventually be marked invalid: ----- Without annotation: cat route-test.yaml apiVersion: route.openshift.io/v1 kind: Route metadata: name: service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee spec: port: targetPort: http to: kind: Service name: service-unsecure weight: null wildcardPolicy: None oc create -f route-test.yaml The Route "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee" is invalid: spec.host: Invalid value: "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee-test2.apps.ci-ln-k3iid0k-f76d1.origin-ci-int-gce.dev.openshift.com": host (label) must conform to DNS 1123 label conventions must be no more than 63 characters With annotation: apiVersion: route.openshift.io/v1 kind: Route metadata: name: service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee annotations: route.openshift.io/allow-non-dns-compliant-host: "true" spec: port: targetPort: http to: kind: Service name: service-unsecure weight: null wildcardPolicy: None oc create -f route-test.yaml route.route.openshift.io/service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee created oc get route NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee InvalidHost service-unsecure http None oc get route service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee -o yaml apiVersion: route.openshift.io/v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" ... status: ingress: - conditions: - lastTransitionTime: "2021-08-24T07:48:43Z" message: 'host name validation errors: spec.host: Invalid value: "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee-test2.apps.ci-ln-k3iid0k-f76d1.origin-ci-int-gce.dev.openshift.com": must be no more than 63 characters' reason: InvalidHost status: "False" type: Admitted -----
This is low severity with some risk, so pushing to 4.10.
We should get https://github.com/openshift/api/pull/976 merged to ensure the API godoc matches the new behavior.
Verified in "4.10.0-0.nightly-2021-12-12-232810" release version. With this payload, adding the "route.openshift.io/allow-non-dns-compliant-host: true" annotation, causes the long route names to be accepted during creation but will eventually be marked invalid: ----- oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2021-12-12-232810 True False 76m Cluster version is 4.10.0-0.nightly-2021-12-12-232810 Test route file without the annotation: apiVersion: route.openshift.io/v1 kind: Route metadata: name: service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee spec: port: targetPort: http to: kind: Service name: service-unsecure weight: null wildcardPolicy: None oc create -f route-test-1964112.yaml The Route "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee" is invalid: spec.host: Invalid value: "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee-test2.apps.aiyengar410aw.qe.devcluster.openshift.com": must be no more than 63 characters With the annotation added: apiVersion: route.openshift.io/v1 kind: Route metadata: name: service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee annotations: route.openshift.io/allow-non-dns-compliant-host: "true" spec: port: targetPort: http to: kind: Service name: service-unsecure weight: null wildcardPolicy: None oc create -f route-test-1964112.yaml route.route.openshift.io/service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee created oc get route service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee -o yaml status: ingress: - conditions: - lastTransitionTime: "2021-12-13T08:40:47Z" message: 'host name validation errors: spec.host: Invalid value: "service-unsecure-test2-reallylonnnnnnnnng-nameeeeeeeeeeeee-test2.apps.aiyengar410aw.qe.devcluster.openshift.com": must be no more than 63 characters' reason: InvalidHost status: "False" type: Admitted -----
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056