Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Obsolete
Priority: Major
Fix Version/s: maistra-1.1.x
Affects Version/s: maistra-1.1.x
Component/s: ior
Labels:
None

Blocked:
False
Ready:
False
QE Test Coverage:
+
Release Note Text:
Undefined

SFDC Cases Counter:
SFDC Cases Links:

Description

Versions: OCP v4.5, RHSM v1.1.x (have encountered this since 1.1.0 until the latest 1.1.9)

It appears that Maistra's IOR is not able to handle any updates to a Gateway after the Gateway has already been created.

Reproducing steps:

1. Install an SMCP with ".spec.istio.gateways.istio-ingressgateway.ior_enabled=true"
2. Create a Gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 443
        name: https
        protocol: HTTPS
      tls:
        mode: SIMPLE
        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
        privateKey: /etc/istio/ingressgateway-certs/tls.key
      hosts:
        - test-service.apps.my-cluster.example.com

3. Watch for IOR to create the Route based on this Gateway:

---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
  generateName: mdh-test-gateway-
  annotations:
    maistra.io/original-host: test-service.apps.my-cluster.example.com
  name: mdh-test-gateway-s57vp
  namespace: istio-system
  labels:
    maistra.io/gateway-name: test-gateway
    maistra.io/gateway-namespace: mdh
    maistra.io/generated-by: ior
spec:
  host: test-service.apps.my-cluster.example.com
  to:
    kind: Service
    name: istio-ingressgateway
    weight: 100
  port:
    targetPort: https
  tls:
    termination: passthrough
  wildcardPolicy: None

4. Apply an updated Gateway (add port 80 which should redirect to 443)

---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
  namespace: mdh
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      tls:
        httpsRedirect: true
      hosts:
        - test-service.apps.my-cluster.example.com
    - port:
        number: 443
        name: https
        protocol: HTTPS
      tls:
        mode: SIMPLE
        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
        privateKey: /etc/istio/ingressgateway-certs/tls.key
      hosts:
        - test-service.apps.my-cluster.example.com

5. Route generated by IOR remains unchanged (the same as above).

I would expect that it should be updated by IOR to look like this (spec.tls.insecureEdgeTerminationPolicy field should be added):

---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
  generateName: mdh-test-gateway-
  annotations:
    maistra.io/original-host: test-service.apps.my-cluster.example.com
  name: mdh-test-gateway-s57vp
  namespace: istio-system
  labels:
    maistra.io/gateway-name: test-gateway
    maistra.io/gateway-namespace: mdh
    maistra.io/generated-by: ior
spec:
  host: test-service.apps.my-cluster.example.com
  to:
    kind: Service
    name: istio-ingressgateway
    weight: 100
  port:
    targetPort: https
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: passthrough
  wildcardPolicy: None

My current workaround whenever updating a Gateway is to delete the Gateway entirely, wait for IOR to delete the Route, then re-apply the new GW config which IOR will correctly pick up and create the new Route from. Obviously this isn't ideal, as we should be able update Routes via Gateways/IOR without deleting them

Attachments

Issue Links

is related to

MAISTRA-1811 IOR - Editing a gateway does not edit the managed route

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Chris O'Brien (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2020/10/06 8:21 AM

Updated:: 2022/07/05 12:39 PM

Resolved:: 2022/07/05 12:39 PM