Change the default Openshift router ports (80 and 443) when using native LB in front of them

Solution Verified - Updated -

Issue

  • Router pods are in pending state if some service in the cluster takes over the port 80 or 443 on the hostnetwork.

  • Router pod logs show constant socket connection failure:
    [snippet]
    I0620 10:57:57.469187 1 metrics.go:147] Router health and metrics port listening at 0.0.0.0:1936 on HTTP and HTTPS
    E0620 10:57:57.495382 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: no such file or directory
    I0620 10:57:57.515858 1 router.go:252] Router is including routes in all namespaces
    E0620 10:57:57.740102 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused
    E0620 10:57:57.767828 1 limiter.go:137] error reloading router: exit status 1
    [ALERT] 170/105757 (62) : Starting frontend public: cannot bind socket [0.0.0.0:80]
    [end]

  • When having the infra nodes behind an external Haproxy loadbalance, used to balance traffic to the Openshift Container Platform routers, after applying the new OCP router ports the infra nodes backends appear red state on the haproxy stats page and on the logs the Layer 4 TCP checks fail wit permission denied accessing the new port.

  • Routes inside OCP are inaccessible, giving "Application not available" error.

Environment

Openshift Container Platform v3.9, v3.10 and v3.11
Haproxy version 1.8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content