Invalid route can crash router in Red Hat OpenShift Container Platform
Issue
- Today we had an issue because a project created an invalid route. This resulted in a HAProxy which did no longer register new pods, resulting in not reachable applications (HTTP 503 from HAProxy). In the logs we can see the following information:
E1014 08:51:29.813655 1 ratelimiter.go:50] error reloading router: exit status 1
[ALERT] 287/085129 (14586) : parsing [/var/lib/haproxy/conf/haproxy.config:111] : 'bind 127.0.0.1:10444' : unable to load SSL private key from PEM file '/var/lib/containers/router/certs/foobar.pem'.
[ALERT] 287/085129 (14586) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
[ALERT] 287/085129 (14586) : Fatal errors found in configuration.
- An invalid route can break the whole router, so that also other routes deployed on the same router become unavailable
Environment
- Red Hat OpenShift Container Platform 3.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.