Routingmanager throws 409 conflict with long ingress names and multiple deployments (ingress length limit)

[scp-mb]

It looks like there's a bug related to ingress length limits. It appears there is a 63 character limit on the cloned ingresses created by the routingmanager pod. This leads to issues when you deploy two b2k instances against a single application.

For example (exact names sanitized): Ingress name: application-ingress-wildcard Instance 1 name: application-review-app-1 Instance 2 name: application-review-app-2

When cloned, each ingress is ingressName-instanceName-cloned-routing, for example application-ingress-wildcard-application-review-app-1-cloned-routing which would be fine, except anything before -cloned-routing gets truncated to fit within the maximum 63 characters.

This leads to both instances using the same ingress name, for example application-ingress-wildcard-application-review--cloned-routing. At this point the routing manager starts to throw 409 conflicts and the process falls apart.

2022-02-25T09:50:44.8649198Z | RoutingManager | ERROR | CreateNamespacedIngressAsync threw HttpOperationException: StatusCode='Conflict', ReasonPhrase='Conflict', Content='{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"ingresses.networking.k8s.io \"application-ingress-wildcard-application-review--cloned-routing\" already exists","reason":"AlreadyExists","details":{"name":"application-ingress-wildcard-application-review--cloned-routing","group":"networking.k8s.io","kind":"ingresses"},"code":409}\n'

[amsoedal]

Hi @scp-mb, I believe this is a limitation based on how we are using Let's Encrypt. At the moment there's not much we can do, but I think the workaround would be to shorten the ingress names or prepend the unique numbering. I'll log a bug on our side to investigate if we can change anything in how we request certs, but I believe this is a technical limitation.

[scp-mb]

Yeah as mentioned in #292 I did work around it using a shorter name for the time being. FYI those ingresses are using wildcard certificates that are synced from a keyvault, so unless some internal bridge to kubernetes process is using it LetsEncrypt shouldn't be a factor?

Prepending the unique value should work around the issue, or at least ensuring the unique numbering isn't truncated and is treated the same way as the -cloned-routing suffix

[scp-mb]

@amsoedal Just a quick follow up on this as obviously we can't see the internal bug tracker here. We're still seeing issues with this which is causing is to only be able to have one application per repo spun up, otherwise it brings our whole dev environment down.

On a similar note, are changelogs published anywhere for this project? How are we supposed to know if there's new releases and when to update things like the routingmanager pod?