Bug 2010227 - Path based routing is broken for some combinations
Summary: Path based routing is broken for some combinations
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.9
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.z
Assignee: Miheer Salunke
QA Contact: Melvin Joseph
URL:
Whiteboard:
Depends On: 1896474
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-04 09:15 UTC by Melvin Joseph
Modified: 2022-08-04 22:35 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Let's say we have 2 routes like this: - HTTP-only route for "myapp.apps.example.com" domain and "/mypath" path - HTTPS-edge-redirect route for "myapp.apps.example.com" and no path In such situation, redirect is sent for any query to "myapp.apps.example.com", including "myapp.apps.example.com/mypath", so the more specific path route is not taking precedence as expected. With this fix we now set a flag on redirect in the map so haproxy checks if this flag is enabled in the map and then performs the redirect accordingly.
Clone Of: 1896474
Environment:
Last Closed: 2022-07-05 22:04:15 UTC
Target Upstream Version:
Embargoed:
mjoseph: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift router pull 367 0 None open [release-4.9] Bug 2010227: HTTPS redirect happens even if there is a more specific http-only route 2022-05-11 22:38:36 UTC
Red Hat Product Errata RHBA-2022:5434 0 None None None 2022-07-05 22:04:31 UTC

Comment 1 Miciah Dashiel Butler Masters 2021-10-05 16:20:55 UTC
What is the purpose of this clone?  The issue was fixed in 4.10.0, and this BZ also targets 4.10.0.  Did you mean to request a backport and forget to set the target release?

Comment 2 Melvin Joseph 2021-10-06 02:01:13 UTC
This is a backport and now right target release is set.

Comment 6 Melvin Joseph 2021-11-08 04:50:45 UTC
Clearing the needinfo flags as justification is provided by Pablo

Comment 8 Melvin Joseph 2022-01-11 09:29:07 UTC
% oc new-project service-route-issue
Now using project "service-route-issue" on server "https://api.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app rails-postgresql-example

to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname

 % oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/hello-openshift/hello-pod.json
pod/hello-openshift created
 % oc label pod hello-openshift app=hello-openshift
pod/hello-openshift labeled
% oc get po 
NAME              READY   STATUS    RESTARTS   AGE
hello-openshift   1/1     Running   0          10s
 %  oc create service clusterip hello-openshift --tcp=80:8080 --tcp=443:8443
service/hello-openshift created
% vi route.yaml
% cat route.yaml
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  creationTimestamp: null
  labels:
    app: hello-openshift
  name: hello-openshift
spec:
  host: ""
  port:
    targetPort: 8080
  tls:
    termination: edge
  to:
    kind: ""
    name: hello-openshift
    weight: null%                                                                                                                                                                                         %
% oc get svc

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
hello-openshift   ClusterIP   172.30.158.58   <none>        80/TCP,443/TCP   72s
oc create -f route.yaml
route.route.openshift.io/hello-openshift created
% oc get route
NAME              HOST/PORT                                                                                        PATH   SERVICES          PORT   TERMINATION   WILDCARD
hello-openshift   hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com          hello-openshift   8080   edge          None
% cat route-with-insecure-allow.yaml 
% vi route-with-insecure-allow.yaml 
% cat route-with-insecure-allow.yaml 
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  creationTimestamp: null
  labels:
    app: hello-openshift
  name: hello-openshift-http-allow
spec:
  host: "hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com"
  port:
    targetPort: 8080
  path: "/test"
  to:
    kind: Service
    name: hello-openshift
    weight: null
  status:
    ingress: null
% oc create -f route-with-insecure-allow.yaml 
route.route.openshift.io/hello-openshift-http-allow created
%  oc get routes
NAME                         HOST/PORT                                                                                        PATH    SERVICES          PORT   TERMINATION   WILDCARD
hello-openshift              hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com           hello-openshift   8080   edge          None
hello-openshift-http-allow   hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com   /test   hello-openshift   8080                 None
% 
% curl -Ik http://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com
HTTP/1.0 503 Service Unavailable
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
content-type: text/html

% curl -Ik http://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com/test
HTTP/1.1 200 OK
date: Tue, 11 Jan 2022 09:21:06 GMT
content-length: 17
content-type: text/plain; charset=utf-8
set-cookie: adbec88c545fa91f71ca5c51323dccf8=6f724422fa0872ec59434efcf87f7808; path=/; HttpOnly
cache-control: private

% curl -Ik https://hello-openshift-service-route-issue.apps.ci-ln-5c25ykk-76ef8.origin-ci-int-aws.dev.rhcloud.com    
HTTP/1.1 200 OK
date: Tue, 11 Jan 2022 09:21:19 GMT
content-length: 17
content-type: text/plain; charset=utf-8
set-cookie: 29df4ae9f33eb1d50113228c1151c2c9=6f724422fa0872ec59434efcf87f7808; path=/; HttpOnly; Secure; SameSite=None
cache-control: private

Comment 14 errata-xmlrpc 2022-07-05 22:04:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.41 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5434


Note You need to log in before you can comment on or make changes to this bug.