Route is rejected when the WildCardPolicy is defined in the IngressController default

Solution Verified - Updated -

Environment

  • Azure Red Hat OpenShift (ARO)

Issue

  • When configuring the subdomain for an application, for example, apps1.example.openshift.com and apps2.example.openshift.com the route for subdomain is rejected with an error reason: HostAlreadyClaimed, message: a route in another namespace holds host

Resolution

  1. Add a missing cofiguration option namespaceOwnership: InterNamespaceAllowed according to Ingress Controller configuration which will allow routes to claim different paths of the same hostname across multiple namespaces

    $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"InterNamespaceAllowed"}}}' --type=merge

  2. Verify that the required setting has been added

    $ oc get ingresscontroller/default -o yaml -n openshift-ingress-operator
............omitted.....................................
spec:
  routeAdmission:
    namespaceOwnership: InterNamespaceAllowed  <------ here
    wildcardPolicy: WildcardsAllowed

Root Cause

  • By default the routeAdmission field will take the value as Strict which means it will not allow routes to claim the same hostname across multiple namespaces

Diagnostic Steps

  1. Check the required route and the error message in status section

    $ oc get route/route-name -o yaml -n custom-namespace
............omitted.....................................
status:
ingress:
- host: >-
    hello-world-nginx-xxx.apps.xxx.xxx.aroapp.io
  routerName: default
  conditions:
    - type: Admitted
      status: 'False'
      reason: HostAlreadyClaimed
      message: >-
        a route in another namespace holds host
        hello-world-nginx-xxx.apps.xxx.xxx.aroapp.io
      lastTransitionTime: '2023-12-05T21:57:55Z'
  wildcardPolicy: Subdomain

  2. Check the ingresscontroller default definition manifest whether namespaceOwnership: InterNamespaceAllowed is present, if missing add it as per resolution section

    $ oc get ingresscontroller/default -o yaml -n openshift-ingress-operator
............omitted.....................................
spec:
  routeAdmission:
    wildcardPolicy: WildcardsAllowed

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments