Route is rejected when the WildCardPolicy is defined in the IngressController default
Environment
- Azure Red Hat OpenShift (ARO)
Issue
- When configuring the
subdomain
for an application, for example,apps1.example.openshift.com
andapps2.example.openshift.com
the route forsubdomain
is rejected with an errorreason: HostAlreadyClaimed, message: a route in another namespace holds host
Resolution
-
Add a missing cofiguration option
namespaceOwnership: InterNamespaceAllowed
according to Ingress Controller configuration which will allow routes to claim different paths of the same hostname across multiple namespaces$ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"InterNamespaceAllowed"}}}' --type=merge
-
Verify that the required setting has been added
$ oc get ingresscontroller/default -o yaml -n openshift-ingress-operator ............omitted..................................... spec: routeAdmission: namespaceOwnership: InterNamespaceAllowed <------ here wildcardPolicy: WildcardsAllowed
Root Cause
- By default the
routeAdmission
field will take the value asStrict
which means it will not allow routes to claim the same hostname across multiple namespaces
Diagnostic Steps
-
Check the required route and the error message in
status
section$ oc get route/route-name -o yaml -n custom-namespace ............omitted..................................... status: ingress: - host: >- hello-world-nginx-xxx.apps.xxx.xxx.aroapp.io routerName: default conditions: - type: Admitted status: 'False' reason: HostAlreadyClaimed message: >- a route in another namespace holds host hello-world-nginx-xxx.apps.xxx.xxx.aroapp.io lastTransitionTime: '2023-12-05T21:57:55Z' wildcardPolicy: Subdomain
-
Check the
ingresscontroller default
definition manifest whethernamespaceOwnership: InterNamespaceAllowed
is present, if missing add it as per resolution section$ oc get ingresscontroller/default -o yaml -n openshift-ingress-operator ............omitted..................................... spec: routeAdmission: wildcardPolicy: WildcardsAllowed
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments