Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42714

OAuthServer service with Route type does not work with a custom hostname

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • 4.15
    • HyperShift
    • Moderate
    • No
    • Hypershift Sprint 260
    • 1
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      This is a clone of issue OCPBUGS-36261. The following is the description of the original issue:

      Description of problem:

      In hostedcluster installations, when the following OAuthServer service is configure without any configured hostname parameter, the oauth route is created in the management cluster with the standard hostname  which following the pattern from ingresscontroller wilcard domain (oauth-<hosted-cluster-namespace>.<wildcard-default-ingress-controller-domain>):  
      
      ~~~
      $ oc get hostedcluster -n <namespace> <hosted-cluster-name> -oyaml
        - service: OAuthServer
          servicePublishingStrategy:
            type: Route
      ~~~  
      
      On the other hand, if any custom hostname parameter is configured, the oauth route is created in the management cluster with the following labels: 
      
      ~~~
      $ oc get hostedcluster -n <namespace> <hosted-cluster-name> -oyaml
        - service: OAuthServer
          servicePublishingStrategy:
            route:
              hostname: oauth.<custom-domain>
            type: Route
      
      $ oc get routes -n hcp-ns --show-labels
      NAME    HOST/PORT             LABELS
      oauth oauth.<custom-domain>  hypershift.openshift.io/hosted-control-plane=hcp-ns <---
      ~~~
      
      The configured label makes the ingresscontroller does not admit the route as the following configuration is added by hypershift operator to the default ingresscontroller resource: 
      
      ~~~
      $ oc get ingresscontroller -n openshift-ingress-default default -oyaml
          routeSelector:
            matchExpressions:
            - key: hypershift.openshift.io/hosted-control-plane <---
              operator: DoesNotExist <---
      ~~~
      
      This configuration should be allowed as there are use-cases where the route should have a customized hostname. Currently the HCP platform is not allowing this configuration and the oauth route does not work.

      Version-Release number of selected component (if applicable):

         4.15

      How reproducible:

          Easily

      Steps to Reproduce:

          1. Install HCP cluster 
          2. Configure OAuthServer with type Route 
          3. Add a custom hostname different than default wildcard ingress URL from management cluster
          

      Actual results:

          Oauth route is not admitted

      Expected results:

          Oauth route should be admitted by Ingresscontroller

      Additional info:

          

              sjenning Seth Jennings
              openshift-crt-jira-prow OpenShift Prow Bot
              He Liu He Liu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: