-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.13, 4.12, 4.11, 4.14, 4.15, 4.16, 4.17, 4.18
-
None
-
Moderate
-
None
-
5
-
Sprint 226, Sprint 242, Sprint 243, Sprint 244, Sprint 245, Sprint 246, Sprint 247, Sprint 248
-
8
-
Rejected
-
False
-
-
10/15 PxE suggested actions: Grant to update bug w/workaround that is less invasive than re-creating routes. Write KCS. The issues here are bigger than a bug. Link to epic where the logic changes need to be made and close
-
-
-
10/10 Discuss at bug-triage sp259; Nearly 2 years on the bug and 6 months on the case; Wrk around recreate the route? TAM is asking about progress. Does seem like a core project function. PX Score -2000
-
Description of problem:
If you set namespaceLabel selectors on an Ingress Controller to control the routes admitted and then you modify the namespace label afterwards to opt-out of the shard, the route admitted status will not be cleared. This also equally applies to routeLabel selectors and modifying the labels on the route afterwards. This is a shortcoming of the solution written for fixing bug https://bugzilla.redhat.com/show_bug.cgi?id=1944851.
Version-Release number of selected component (if applicable):
4.11, 4.12
How reproducible:
Always
Steps to Reproduce:
1. Create a Ingress Controller with a namespace selector set: oc apply -f - <<EOF apiVersion: operator.openshift.io/v1 kind: IngressController metadata: name: loadbalancer namespace: openshift-ingress-operator spec: domain: loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com replicas: 1 namespaceSelector: matchLabels: type: loadbalancer endpointPublishingStrategy: type: LoadBalancerService nodePlacement: nodeSelector: matchLabels: node-role.kubernetes.io/worker: "" EOF 2. Then create an labeled namespace to put the new route in: oc create ns test oc label namespace test type=loadbalancer 3. Then create the route: oc apply -f - <<EOF apiVersion: v1 kind: Route metadata: name: router-loadbalancer-test labels: type: loadbalancer spec: to: kind: Service name: router-loadbalancer-test EOF 4. The route should be admitted by the loadbalancer IC: oc get routes -n test router-loadbalancer-test -o yaml ... - conditions: - lastTransitionTime: "2022-09-23T17:21:03Z" status: "True" type: Admitted host: router-loadbalancer-test-grant.apps.gspence-2022-09-23-0735.devcluster.openshift.com routerCanonicalHostname: router-loadbalancer.loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com routerName: loadbalancer wildcardPolicy: None 5. Now apply an incorrect label to the namespace "test" oc label namespace test type=opt-out --overwrite 6. Check route admission status: oc get routes -n test router-loadbalancer-test -o yaml ... - conditions: - lastTransitionTime: "2022-09-23T17:21:03Z" status: "True" type: Admitted host: router-loadbalancer-test-grant.apps.gspence-2022-09-23-0735.devcluster.openshift.com routerCanonicalHostname: router-loadbalancer.loadbalancer.gspence-2022-02-14-1013.gcp.devcluster.openshift.com routerName: loadbalancer wildcardPolicy: None The route status is still admitted, when it actually isn't.
Actual results:
Route status still shows admitted
Expected results:
Route status should be cleared
Additional info:
Workaround:
You can work around this bug by clearing the status of your routes. The existing router(s) will automatically readmit the route, but the stale admission status will be removed:
oc patch route <route-name> -n <namespace> --subresource=status --type=merge -p '{"status":null}'
- causes
-
-
- Verified
-
- is blocked by
-
-
- Closed
-
- relates to
-
-
- Closed
-