Change the default Openshift router ports (80 and 443) when using native LB in front of them
Issue
- Router pods are in pending state if some service in the cluster takes over the port 80 or 443 on the
hostnetwork
. -
Router pod logs show constant socket connection failure:
[snippet]
I0620 10:57:57.469187 1 metrics.go:147] Router health and metrics port listening at 0.0.0.0:1936 on HTTP and HTTPS
E0620 10:57:57.495382 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: no such file or directory
I0620 10:57:57.515858 1 router.go:252] Router is including routes in all namespaces
E0620 10:57:57.740102 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused
E0620 10:57:57.767828 1 limiter.go:137] error reloading router: exit status 1
[ALERT] 170/105757 (62) : Starting frontend public: cannot bind socket [0.0.0.0:80]
[end] -
When having the infra nodes behind an external Haproxy loadbalance, used to balance traffic to the Openshift Container Platform routers, after applying the new OCP router ports the infra nodes backends appear red state on the haproxy stats page and on the logs the Layer 4 TCP checks fail wit permission denied accessing the new port.
- Routes inside OCP are inaccessible, giving "Application not available" error.
Environment
Openshift Container Platform v3.9, v3.10 and v3.11
Haproxy version 1.8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.