Service with multiple targetPort needs routes with distinct names
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4
Issue
- Route log reports fatal errors related with the backend server named as it is already defined
Resolution
-
Configure the route with the correct target port of the service
- For service with multiple port configuration:
apiVersion: v1 kind: Service metadata: name: httpd namespace: webserver spec: ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 - name: 18080-tcp port: 18080 protocol: TCP targetPort: 18080 selector: deployment: httpd- The route configuration should be like:
apiVersion: route.openshift.io/v1 kind: Route metadata: labels: app: httpd name: httpd-mon namespace: webserver spec: host: httpd-mon-webserver.apps.ipi-default.testipi.com port: targetPort: 18080-tcp to: kind: Service name: httpd-monapiVersion: route.openshift.io/v1 kind: Route metadata: labels: app: httpd name: httpd-front namespace: webserver spec: host: httpd-front-webserver.apps.ipi-default.testipi.com port: targetPort: 8080-tcp to: kind: Service name: httpd-front
Root Cause
- When service has multiple ports configuration, the targetPort specification is required in the route configuration for the router to map the endpoint port in the service.
- If the route is created using a yaml file and the target port is not identified in the route definition for a service with multiple ports, the HAProxy server will configure the backend server with each port service configuration as an endpoint causing the error message in the router log.
- If the service with multiple ports is exposed by oc cli without port specification, the route will be configured with the first target port of the service as target port for the route to configure the backend server.
Diagnostic Steps
-
Errors such below can be found in the router log:
[ALERT] 153/5425 (947) : parsing [/var/lib/haproxy/conf/haproxy.config:1964] : backend 'be_edge_http:httpd:httpd-multi-bad', another server named 'httpd:httpd-multi-bad_httpd-2-hvm6n' was already defined at line 1963, please use distinct names. -
As no targetPort is identified, the HAProxy server configure the backend server with the different services target ports as endpoints in the
haproxy.configfile:backend be_edge_http:httpd:httpd-multi-bad mode http option redispatch option forwardfor balance leastconn timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie c0fbca3e63e2574366f4985b49f32725 insert indirect nocache httponly secure attr SameSite=None server pod:httpd-dc-2-hvm6n:httpd-dc:8080-tcp:10.129.2.123:8080 10.129.2.123:8080 cookie fe81a53c1f56c61492c3f32dffd548a3 weight 256 check inter 5000ms server pod:httpd-dc-2-hvm6n:httpd-dc:18080-tcp:10.129.2.123:18080 10.129.2.123:18080 cookie 8e9872d5ee84c874603316e14eb3d25c weight 256 check inter 5000ms server pod:httpd-dc-2-hvm6n:httpd-dc:mon:10.129.2.123:18081 10.129.2.123:18081 cookie 1e25ff6d0de6377fa9cb431de483a93f weight 256 check inter 5000ms -
Route has no port identification
$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD httpd httpd-webserver.apps.ipi-default.testipi.com httpd 8080-tcp None httpd-bad httpd-bad-webserver.apps.ipi-default.testipi.com httpd <all> None httpd-good httpd-good-webserver.apps.ipi-default.testipi.com httpd 18080-tcp None
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments