Cloud Experts Documentation

Stop default router from serving custom domain routes

Last edited
Published
Authors
Connor Wooley
Tags: OSD ROSA

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

Note: This page is only valid for clusters using the Custom Domain Operator (CDO), which are ROSA clusters prior to version 4.14

OSD and ROSA supports custom domain operator to serve application custom domain, which provisions openshift ingress controller and cloud load balancers. However, when a route with custom domain is created, both default router and custom domain router serve routes. This article describes how to use route labels to stop default router from serving custom domain routes.

Prerequisites

Problem Demo

Deploy A Custom Domain

oc create secret tls example-tls --cert=[cert_file] --key=[key_file]

cat << EOF | oc apply -f -
apiVersion: managed.openshift.io/v1alpha1
kind: CustomDomain
metadata:
  name: example
spec:
  domain: example.com
  scope: External
  certificate:
    name: example-tls
    namespace: default
EOF

Create a sample application and Route

oc new-app --image=openshift/hello-openshift
cat <<EOF | oc apply -f -
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  labels:
    app: hello-openshift
    app.kubernetes.io/component: hello-openshift
    app.kubernetes.io/instance: hello-openshift
  name: helloworld
spec:
  host: helloworld-openshift.example.com
  port:
    targetPort: 8080-tcp
  tls:
    termination: edge
  to:
    kind: ""
    name: hello-openshift
EOF

Both default router and custom router serve the routes

oc get route -o yaml
....
  status:
    ingress:
    - conditions:
      - lastTransitionTime: "2022-06-02T20:30:39Z"
        status: "True"
        type: Admitted
      host: helloworld-openshift.example.com
      routerCanonicalHostname: router-default.apps.mobb-infra-gcp.e8e4.p2.openshiftapps.com
      routerName: default
      wildcardPolicy: None
    - conditions:
      - lastTransitionTime: "2022-06-02T20:30:39Z"
        status: "True"
        type: Admitted
      host: helloworld-openshift.example.com
      routerCanonicalHostname: router-example.example.mobb-infra-gcp.e8e4.p2.openshiftapps.com
      routerName: example
      wildcardPolicy: None

End user can access the app from both ingress controllers’ cloud load balancer

oc get svc -n openshift-ingress
NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
router-default            LoadBalancer   172.30.39.254    34.73.154.84   80:32108/TCP,443:30332/TCP   39d
router-example            LoadBalancer   172.30.209.51    34.138.159.7   80:32477/TCP,443:31383/TCP   9m51s

curl -k -H "Host: helloworld-openshift.example.com" https://34.73.154.84
Hello OpenShift!
shading@shading-mac gcp_domain % curl -k -H "Host: helloworld-openshift.example.com" https://34.138.159.7
Hello OpenShift!

Stop the default router from serving custom domain routes

Delete the route

oc delete route helloworld

Custom Domain only serve routes with corresponding custom domain label

oc patch \
  -n openshift-ingress-operator \
  IngressController/example \
  --type='merge' \
  -p '{"spec":{"routeSelector":{"matchLabels": {"domain": "example.com"}}}}'

Exclude default router with corresponding custom domain label

oc patch \
  -n openshift-ingress-operator \
  IngressController/default \
  --type='merge' \
  -p '{"spec":{"routeSelector":{"matchExpressions":[{"key":"domain","operator":"NotIn","values":["example.com"]}]}}}'

Create route with custom domain label

cat <<EOF | oc apply -f -
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  labels:
    app: hello-openshift
    domain: example.com
    app.kubernetes.io/component: hello-openshift
    app.kubernetes.io/instance: hello-openshift
  name: helloworld
spec:
  host: helloworld-openshift.example.com
  port:
    targetPort: 8080-tcp
  tls:
    termination: edge
  to:
    kind: ""
    name: hello-openshift
EOF

Only Custom Domain router route the traffic

oc get route -o yaml
....
  status:
    ingress:
    - conditions:
      - lastTransitionTime: "2022-06-02T20:30:39Z"
        status: "True"
        type: Admitted
      host: helloworld-openshift.example.com
      routerCanonicalHostname: router-example.example.mobb-infra-gcp.e8e4.p2.openshiftapps.com
      routerName: example
      wildcardPolicy: None

oc get svc -n openshift-ingress
NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
router-default            LoadBalancer   172.30.39.254    34.73.154.84   80:32108/TCP,443:30332/TCP   39d
router-example            LoadBalancer   172.30.209.51    34.138.159.7   80:32477/TCP,443:31383/TCP   9m51s

curl -k -H "Host: helloworld-openshift.example.com" https://34.73.154.84
....
The application is currently not serving requests at this endpoint. It may not have been started or is still starting.
...

curl -k -H "Host: helloworld-openshift.example.com" https://34.138.159.7
Hello OpenShift!

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2023 Red Hat, Inc.