Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-77856

Inability to use Management Cluster Ingress for HCP Routes (Blocks Non-LB Environments)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.20
    • HyperShift
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

          HyperShift fails to complete HostedCluster installation in environments without LoadBalancer support (On-prem/No MetalLB) when using Route publishing, due to the hardcoded enforcement of a per-HCP Router and LoadBalancer Service.


When a HostedCluster is configured to use Route as the service publishing strategy with custom hostnames, HyperShift automatically triggers the creation of:

1. A dedicated router deployment (HAProxy) in the HCP namespace.

2. A LoadBalancer Service named router.

In environments without a LoadBalancer provider (e.g., bare metal without MetalLB, restricted VPCs), the router Service remains in a Pending state indefinitely. This causes the HostedCluster installation to stall, as control plane services cannot be reached via the expected DNS hostnames.

The Defect:

There is currently no mechanism to tell HyperShift to utilize the existing Management Cluster Ingress (default or sharded) to satisfy these Routes. Even though the Routes are created, the operator forces a secondary, redundant load-balancing layer that the infrastructure cannot support, effectively breaking the "Route" publishing strategy for non-cloud-provider environments.

      Version-Release number of selected component (if applicable):

      How reproducible:

      100%

      Steps to Reproduce:

      1. Deploy HyperShift on a management cluster without a LoadBalancer provisioner (e.g., Bare Metal).

2. Create a HostedCluster specifying Route for services (APIServer, OAuth, etc.) with custom hostnames.

3. Observe the router service in the HCP namespace.

      Actual results:

          Installation stalls permanently on Service/router pending an External IP.

      Expected results:

          The operator should provide an option to leverage the management cluster’s native Ingress/Router to serve the HCP Routes, allowing the installation to proceed without external LoadBalancer dependencies.

      Business Impact:

      Blocker for On-Prem Adoption: Customers in disconnected or bare-metal environments cannot use custom DNS/TLS via Routes without installing third-party tools (MetalLB) purely to satisfy a redundant HAProxy layer.

Operational Complexity: Forces "Router-on-Router" architectures, increasing latency and failure points.

Cost: Unnecessary LoadBalancer costs in cloud environments where a shared Ingress would suffice.

              Unassigned Unassigned
              rhn-support-dpateriy Divyam Pateriya
              Yu Li Yu Li
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: