3

I have a web app that does http and ws requests. I am trying to deploy it to Openshift v3. Hence, I need my requests to be mapped to ports 80 and 90 in the pod. However:

  1. As mentioned in a related thread it is not possible for a route to expose multiple ports, so, I cannot just map requests to different services based on the port.
  2. I tried setting one route mapping any port to a service with multiple ports, but I get a warning

Route has no target port, but service has multiple ports. The route will round robin traffic across all exposed ports on the service

  1. I cannot use different routes for http and ws, because the session cookie obtained for http would not be attached for web socket requests.

Solutions (?):

  • In the related thread Ingress Controller is suggested, but It seems that it can only be set up by a cluster administrator.
  • I could use two routes and set a separate cookie for each route, but this does not seem right -- why do I have to use 2 cookies for 2 domains, when essentially there is a single domain with a single authentication?
  • Switch to token authentication?

So, what am I missing? What would be the optimal way to handle this?

StackExploded
  • 519
  • 6
  • 17

1 Answers1

0

If any websocket endpoints are under a unique sub URL path, you could add a second route where which has a path definition for the sub URL path that the route applies to. You could then have requests under that sub URL path routed to the alternate port. You will need to have a definition for the alternate port on the service in addition to the primary port, or create a separate service for the alternate port. Would need to see your current service definition to be more specific. It is odd that you would be using ports 80 and 90 on the pod as that would imply you are running the container as root, which is not normal practice on OpenShift because of the security risks of running any container as root on a container hosting platform.

Graham Dumpleton
  • 54,716
  • 6
  • 106
  • 126
  • Sorry, ports are 8080 and 8090. I have tried creating 2 routes with different paths and mapping them to 2 services, but If host name is the same I get "Route already exists" error. (May be this is because I am using Openshift Online Starter, so, I am not able to specify host name -- generated host name is of the form -.. To have 2 routes with the same host name I need to give routes the same name, and this is not allowed?) – StackExploded May 10 '18 at 19:53
  • Are you giving the route itself a different name? Can’t use the same name as the name as the existing route. – Graham Dumpleton May 11 '18 at 04:05
  • If I use a different route name, the host name will be also different . As I said, generated host name is of the form -.. And if the 2 routes have different host name, cookie set by http request is not sent for ws request – StackExploded May 11 '18 at 08:35
  • When you create the second route, explicitly set the hostname for the route to that which was generated for the first. The name of the route still has to be different, not the hostname. – Graham Dumpleton May 11 '18 at 16:43
  • In the docs I read "Routes are restricted in OpenShift Online Starter, but are not restricted in OpenShift Online Pro. Custom route hosts are permitted in OpenShift Online Pro. If using OpenShift Online Starter, the following host template is enforced on all user routes: -.". Sorry, if I misunderstand something. How do I explicitly set the hostname? In the web console hostname field is greyed out – StackExploded May 11 '18 at 17:16
  • Okay, didn't realise the field was greyed out, I just assumed it would be ignored if didn't fit the pattern. You can try editing the YAML for the route after it is created to see if you can change it. – Graham Dumpleton May 12 '18 at 02:42
  • I had tried that as well. If I update hostname so that it doesn't include name of the route, I get "Route is invalid: spec.host: Invalid value: field is immutable" error. If this is not possible, what would be your next best solution? – StackExploded May 12 '18 at 11:32
  • I can't see how you are going to be able to do it, unless you go to the extent of deploying nginx or Apache as another layer of proxy in the project. – Graham Dumpleton May 13 '18 at 03:29
  • i finally got back to it and managed to solve. I just set domain in Set Cookie header as described here https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain . Now different subdomains can share the same cookie... Thank you for your responses – StackExploded May 22 '18 at 23:19
  • So just confirming, you needed to use two different host names where they shared same sub domain? A concern with that is that since project name is part of the host name, the domain you are allowing for the cookie would also be shared by other people using the same cluster. So technically your cookies would be sent to other users sites on same cluster if you visited them. – Graham Dumpleton May 22 '18 at 23:34
  • At that time i just needed to deploy it quickly, but yes, you are right that a proxy seems to be the way – StackExploded Aug 19 '18 at 23:57