search

rancher / rancher

Complete container management platform
http://rancher.com
Apache License 2.0
23.38k stars 2.97k forks source link

LB Ingress controller sets identical workloads on different xip.io hosts #19687

Open rockoo opened 5 years ago

rockoo commented 5 years ago

Edit ingress controller:

Both rules now show target 2 workload as selected.

v1 v2

Useful Info
Versions Rancher v2.2.1 UI: v2.2.19
Route ingresses.run
tfiduccia commented 5 years ago

Version: v2.2.2 Was able to reproduce this by:

  1. Create a workload with nginx as image Image = nginx Name = api-v1
  2. Add Ingress, Name = lb1 Type = Automatically generate a .xip.io hostname and Target = api-v1 & port = 80
  3. Create a workload with nginx as image Image = nginx Name = api-v2
  4. Edit Ingress lb1 & add Rule Type = Specify a hostname to use Request Host = apiv2.<copy existing hostname info from wrkld1's rule> Target = api-v2 & port = 80
  5. Save

Results: Changes both rules to api-v2 image

deniseschannon commented 5 years ago

@tfiduccia can you reproduce this on 2.1.x?

leodotcloud commented 5 years ago

Root cause:

The ingress hosts/rules/targets information is stored in under the annotation field.cattle.io/ingressState in the format of key := fmt.Sprintf("%s/%s/%s/%s/%s", name, namespace, host, path, port). When building this key, currently for any host with xip.io, we ignore the actual value causing key conflicts. Hence the last available service/workload is stored.

func GetStateKey(name, namespace, host string, path string, port string) string {
    logrus.Infof("MP: GetStateKey: name: %v, namespace: %v, host: %v, path: %v, port: %v", name, namespace, host, path, port)
    //ipDomain := settings.IngressIPDomain.Get()
    //if ipDomain != "" && strings.HasSuffix(host, ipDomain) {
    //  host = ipDomain
    //}
    key := fmt.Sprintf("%s/%s/%s/%s/%s", name, namespace, host, path, port)
    logrus.Infof("MP key: %v", key)
    return base64.URLEncoding.EncodeToString([]byte(key))
}

Fix would be to not ignore the host blindly based on the suffix. But this would require code changes to handle this new key in multiple controllers. (ingress, ingresshostgen, store).

In case of upgrades, need to check for oldkey and see if the host info is missing and repopulate it accordingly.