Skip to content

Instantly share code, notes, and snippets.

@jovemfelix

jovemfelix/HostAlreadyClaimed-using-Route-Sharding.md

Created May 9, 2022 18:51
Show Gist options
  • Save jovemfelix/45797c173b6db2d8e3906cc49016b677 to your computer and use it in GitHub Desktop.
Save jovemfelix/45797c173b6db2d8e3906cc49016b677 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
HostAlreadyClaimed-using-Route-Sharding.md

Apache Setup

Create Project

$ oc new-project test-same-hostname-01

View existing Images

$ oc get is -n openshift | grep httpd
httpd                                                 image-registry.openshift-image-registry.svc:5000/openshift/httpd                                                 2.4,2.4-el7,2.4-el8,latest                               3 months ago

Create Application

$ oc new-app httpd:latest
--> Found image 630b203 (4 months old) in image stream "openshift/httpd" under tag "latest" for "httpd:latest"

    Apache httpd 2.4
    ----------------
    Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.
    
    Tags: builder, httpd, httpd-24


--> Creating resources ...
    deployment.apps "httpd" created
    service "httpd" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose service/httpd'
    Run 'oc status' to view your app.

Wait for Deployment

$ oc get pod
NAME                     READY   STATUS    RESTARTS   AGE
httpd-657695667f-c5wt6   1/1     Running   0          66s

Explose Route

$ oc expose service/httpd --hostname=same.example.com
route.route.openshift.io/httpd exposed

Get Route details

here we have it exposed to router default

$ oc describe route httpd
Name:			httpd
Namespace:		test-same-hostname-01
Created:		13 seconds ago
Labels:			app=httpd
			app.kubernetes.io/component=httpd
			app.kubernetes.io/instance=httpd
Annotations:		<none>
Requested Host:		same.example.com
			   exposed on router default (host router-default.apps.wkshop.rhbr-lab.com) 13 seconds ago
Path:			<none>
TLS Termination:	<none>
Insecure Policy:	<none>
Endpoint Port:		8080-tcp

Service:	httpd
Weight:		100 (100%)
Endpoints:	10.131.2.208:8080

Test It

Here the title: Test Page for the HTTP...

$ MY_HOST=same.example.com
$ export INGRESS_HOST=10.36.5.2
$ curl -svH "Host: $MY_HOST" --resolve "$MY_HOST:80:$INGRESS_HOST" "http://$MY_HOST" | grep -oE "<title>.*</title>"
* Added same.example.com:80:10.36.5.2 to DNS cache
* Hostname same.example.com was found in DNS cache
*   Trying 10.36.5.2:80...
* Connected to same.example.com (10.36.5.2) port 80 (#0)
> GET / HTTP/1.1
> Host: same.example.com
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< date: Mon, 09 May 2022 17:56:38 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
< last-modified: Mon, 12 Jul 2021 19:36:32 GMT
< etag: "133f-5c6f23d09f000"
< accept-ranges: bytes
< content-length: 4927
< content-type: text/html; charset=UTF-8
< set-cookie: 4611f01207114fe2cda3e1aa2b14a5e6=7ff3b7734cbb08c7d737e85e50a48d91; path=/; HttpOnly
<
{ [3439 bytes data]
* Connection #0 to host same.example.com left intact
<title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>

NGINX Setup

Create Project

$ oc new-project test-same-hostname-02

Shard Label

# check the label used for sharding
$ oc get node -l type=infra-shard
NAME                             STATUS   ROLES          AGE   VERSION
wkshop-gsm2g-infra-shard-f5r79   Ready    infra,worker   33d   v1.22.3+e790d7f
wkshop-gsm2g-infra-shard-w5qvp   Ready    infra,worker   33d   v1.22.3+e790d7f

# list routers
$ oc -n openshift-ingress-operator get ingresscontroller
NAME           AGE
default        100d
router-shard   33d

$ oc -n openshift-ingress-operator get ingresscontroller/default -o yaml | grep -A 3 'namespaceSelector'

$ oc -n openshift-ingress-operator get ingresscontroller/router-shard -o yaml | grep -A 3 'namespaceSelector'
  namespaceSelector:
    matchLabels:
      type: infra-shard
  nodePlacement:

# apply the label to the namespace
$ oc label ns test-same-hostname-02 type=infra-shard
namespace/test-same-hostname-02 labeled

View existing Templates

$ oc get template -n openshift | grep nginx
nginx-example                                   An example Nginx HTTP server and a reverse proxy (nginx) application that ser...   10 (3 blank)

Create Application

$ oc new-app --template=openshift/nginx-example --name=nginx --param=NAME=nginx
--> Deploying template "openshift/nginx-example" for "openshift/nginx-example" to project test-same-hostname-02

     Nginx HTTP server and a reverse proxy
     ---------
     An example Nginx HTTP server and a reverse proxy (nginx) application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/nginx-ex/blob/master/README.md.

     The following service(s) have been created in your project: nginx.

     For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/nginx-ex/blob/master/README.md.

     * With parameters:
        * Name=nginx
        * Namespace=openshift
        * NGINX Version=1.16-el8
        * Memory Limit=512Mi
        * Git Repository URL=https://github.com/sclorg/nginx-ex.git
        * Git Reference=
        * Context Directory=
        * Application Hostname=
        * GitHub Webhook Secret=HnLlduxWnNyQDUSknKUnr5Wf0VojMixoKO6NROd4 # generated
        * Generic Webhook Secret=67TQNsj1tCJTUIBgxiOGftILCSbegy3EXkfkHGja # generated

--> Creating resources ...
    service "nginx" created
    route.route.openshift.io "nginx" created
    imagestream.image.openshift.io "nginx" created
    buildconfig.build.openshift.io "nginx" created
    deploymentconfig.apps.openshift.io "nginx" created
--> Success
    Access your application via route 'nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com'
    Build scheduled, use 'oc logs -f buildconfig/nginx' to track its progress.
    Run 'oc status' to view your app.

Wait for Deployment

$ oc get pod
NAME            READY   STATUS    RESTARTS   AGE
nginx-1-build   1/1     Running   0          23s

Explose Route

$ oc expose service/nginx --hostname=same.example.com --name=nginx-shard
route.route.openshift.io/nginx-shard exposed

Get Route details

here we have it exposed to router shard

the route nginx-shard * was rejected by route default and accepted by shard

$ oc describe route
# the first is created by template
Name:			nginx
Namespace:		test-same-hostname-02
Created:		About a minute ago
Labels:			app=nginx
			app.kubernetes.io/component=nginx
			app.kubernetes.io/instance=nginx
			template=nginx-example
Annotations:		openshift.io/generated-by=OpenShiftNewApp
			openshift.io/host.generated=true
			template.openshift.io/expose-uri=http://{.spec.host}{.spec.path}
Requested Host:		nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com
			   exposed on router router-shard (host router-router-shard.apps-shard.wkshop.rhbr-lab.com) about a minute ago
			   exposed on router default (host router-default.apps.wkshop.rhbr-lab.com) about a minute ago
Path:			<none>
TLS Termination:	<none>
Insecure Policy:	<none>
Endpoint Port:		<all endpoint ports>

Service:	nginx
Weight:		100 (100%)
Endpoints:	<none>

# this was one created with the same hostname
Name:			nginx-shard
Namespace:		test-same-hostname-02
Created:		21 seconds ago
Labels:			app=nginx
			app.kubernetes.io/component=nginx
			app.kubernetes.io/instance=nginx
			template=nginx-example
Annotations:		<none>
Requested Host:		same.example.com
			rejected by router default:  (host router-default.apps.wkshop.rhbr-lab.com)HostAlreadyClaimed (21 seconds ago)
			  a route in another namespace holds same.example.com and is older than nginx-shard
			   exposed on router router-shard (host router-router-shard.apps-shard.wkshop.rhbr-lab.com) 21 seconds ago
Path:			<none>
TLS Termination:	<none>
Insecure Policy:	<none>
Endpoint Port:		web

Service:	nginx
Weight:		100 (100%)
Endpoints:	10.131.2.248:8080

Test It

Here the title: Welcome to OpenShift

$ MY_HOST=same.example.com
$ export INGRESS_HOST_DMZ=10.36.5.100
$ curl -svH "Host: $MY_HOST" --resolve "$MY_HOST:80:$INGRESS_HOST_DMZ" "http://$MY_HOST" | grep -oE "<title>.*</title>"
* Added same.example.com:80:10.36.5.100 to DNS cache
* Hostname same.example.com was found in DNS cache
*   Trying 10.36.5.100:80...
* Connected to same.example.com (10.36.5.100) port 80 (#0)
> GET / HTTP/1.1
> Host: same.example.com
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< server: nginx/1.16.1
< date: Mon, 09 May 2022 18:13:27 GMT
< content-type: text/html
< content-length: 37451
< last-modified: Mon, 09 May 2022 18:08:17 GMT
< etag: "62795891-924b"
< accept-ranges: bytes
< set-cookie: 14b63efc3adb8094fdc6454004a18a7b=fe9d4f5e3118802c4860533e766ea016; path=/; HttpOnly
< cache-control: private
<
{ [4758 bytes data]
<title>Welcome to OpenShift</title>
* Connection #0 to host same.example.com left intact

test using the route of template has the same result above

$ MY_HOST=nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com
$ curl -svH "Host: $MY_HOST" --resolve "$MY_HOST:80:$INGRESS_HOST_DMZ" "http://$MY_HOST" | grep -oE "<title>.*</title>"
* Added nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com:80:10.36.5.100 to DNS cache
* Hostname nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com was found in DNS cache
*   Trying 10.36.5.100:80...
* Connected to nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com (10.36.5.100) port 80 (#0)
> GET / HTTP/1.1
> Host: nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< server: nginx/1.16.1
< date: Mon, 09 May 2022 18:15:22 GMT
< content-type: text/html
< content-length: 37451
< last-modified: Mon, 09 May 2022 18:08:17 GMT
< etag: "62795891-924b"
< accept-ranges: bytes
< set-cookie: 8ddf99e928b64b69825ab7c607da7e57=fe9d4f5e3118802c4860533e766ea016; path=/; HttpOnly
< cache-control: private
<
{ [936 bytes data]
<title>Welcome to OpenShift</title>
* Connection #0 to host nginx-test-same-hostname-02.apps.wkshop.rhbr-lab.com left intact

if we repeat the apache test it's the same

$ MY_HOST=same.example.com
$ export INGRESS_HOST=10.36.5.2
$ curl -svH "Host: $MY_HOST" --resolve "$MY_HOST:80:$INGRESS_HOST" "http://$MY_HOST" | grep -oE "<title>.*</title>"
* Added same.example.com:80:10.36.5.2 to DNS cache
* Hostname same.example.com was found in DNS cache
*   Trying 10.36.5.2:80...
* Connected to same.example.com (10.36.5.2) port 80 (#0)
> GET / HTTP/1.1
> Host: same.example.com
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< date: Mon, 09 May 2022 18:18:00 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
< last-modified: Mon, 12 Jul 2021 19:36:32 GMT
< etag: "133f-5c6f23d09f000"
< accept-ranges: bytes
< content-length: 4927
< content-type: text/html; charset=UTF-8
< set-cookie: 4611f01207114fe2cda3e1aa2b14a5e6=7ff3b7734cbb08c7d737e85e50a48d91; path=/; HttpOnly
<
{ [3439 bytes data]
* Connection #0 to host same.example.com left intact
<title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>

Conclusion

Despite being rejected by the default router (since it had already been done) the route is accepted in the route shard

Future Steps

  • Is there any performance impact not making use of a specific label for the default router, thus resulting in rejection for the same hostname exposed on other routers?

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment