Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.13, 4.12, 4.11
Component/s: Networking / router
Labels:
None

Severity:
Moderate
Story Points:
5
Sprint:
Sprint 226, Sprint 242, Sprint 243, Sprint 244, Sprint 245, Sprint 246, Sprint 247, Sprint 248
sprint_count:
8
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

If you set namespaceLabel selectors on an Ingress Controller to control the routes admitted 
and then you modify the namespace label afterwards to opt-out of the shard, the route 
admitted status will not be cleared.

This also equally applies to routeLabel selectors and modifying the labels on the route afterwards.

This is a shortcoming of the solution written for fixing bug 
https://bugzilla.redhat.com/show_bug.cgi?id=1944851.

Version-Release number of selected component (if applicable):

4.11, 4.12

How reproducible:

Always

Steps to Reproduce:

1. Create a Ingress Controller with a namespace selector set:
oc apply -f - <<EOF
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
  name: loadbalancer
  namespace: openshift-ingress-operator
spec:
  domain: loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com
  replicas: 1
  namespaceSelector:
    matchLabels:
      type: loadbalancer
  endpointPublishingStrategy:
    type: LoadBalancerService
  nodePlacement:
    nodeSelector:
      matchLabels:
        node-role.kubernetes.io/worker: ""
EOF

2. Then create an labeled namespace to put the new route in:
oc create ns test
oc label namespace test type=loadbalancer

3. Then create the route:
oc apply -f - <<EOF
apiVersion: v1
kind: Route
metadata:
  name: router-loadbalancer-test
  labels:
    type: loadbalancer
spec:
  to:
    kind: Service
    name: router-loadbalancer-test
EOF
4. The route should be admitted by the loadbalancer IC:
oc get routes -n test router-loadbalancer-test -o yaml
...
  - conditions:
    - lastTransitionTime: "2022-09-23T17:21:03Z"
      status: "True"
      type: Admitted
    host: router-loadbalancer-test-grant.apps.gspence-2022-09-23-0735.devcluster.openshift.com
    routerCanonicalHostname: router-loadbalancer.loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com
    routerName: loadbalancer
    wildcardPolicy: None

5. Now apply an incorrect label to the namespace "test"
oc label namespace test type=opt-out --overwrite

6. Check route admission status:
oc get routes -n test router-loadbalancer-test -o yaml
...
  - conditions:     - lastTransitionTime: "2022-09-23T17:21:03Z"       status: "True"       type: Admitted     host: router-loadbalancer-test-grant.apps.gspence-2022-09-23-0735.devcluster.openshift.com     routerCanonicalHostname: router-loadbalancer.loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com     routerName: loadbalancer     wildcardPolicy: None

The route status is still admitted, when it actually isn't.

Actual results:

Route status still shows admitted

Expected results:

Route status should be cleared

Additional info:

Attachments

Issue Links

is blocked by

OCPBUGS-26498 Router fails to start/reload with SHA1 cert due to OpenSSL 3.0 in RHEL9

POST

relates to

OCPBUGS-2775 After added/removed label from a namespace, one stats of "route_metrics_controller_routes_per_shard" in Observe >> Metrics page aren't correct

Closed

Activity

People

Assignee:: Grant Spence

Reporter:: Grant Spence

QA Contact:: Shudi Li

Votes:: 1 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2022/09/23 5:25 PM

Updated:: 2024/04/17 8:03 AM