Invalid route can crash router in Red Hat OpenShift Container Platform

Solution Verified - Updated -

Issue

  • Today we had an issue because a project created an invalid route. This resulted in a HAProxy which did no longer register new pods, resulting in not reachable applications (HTTP 503 from HAProxy). In the logs we can see the following information:
E1014 08:51:29.813655  1 ratelimiter.go:50] error reloading router: exit status 1
[ALERT] 287/085129 (14586) : parsing [/var/lib/haproxy/conf/haproxy.config:111] : 'bind 127.0.0.1:10444' : unable to load SSL private key from PEM file '/var/lib/containers/router/certs/foobar.pem'.
[ALERT] 287/085129 (14586) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
[ALERT] 287/085129 (14586) : Fatal errors found in configuration.
  • An invalid route can break the whole router, so that also other routes deployed on the same router become unavailable

Environment

  • Red Hat OpenShift Container Platform 3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content