Skip to content

Commit e1fd283

Browse files
author
Brice Fallon-Freeman
authored
Merge pull request #7478 from bfallonf/enterprise-3.6-stage
[enterprise-3.6] managing_networking: Document routes/custom-host
2 parents 542330e + 6596a91 commit e1fd283

File tree

1 file changed

+33
-11
lines changed

1 file changed

+33
-11
lines changed

admin_guide/managing_networking.adoc

Lines changed: 33 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -83,19 +83,41 @@ Alternatively, instead of specifying specific project names, you can use the
8383
`--selector=<project_selector>` option.
8484

8585
[[admin-guide-disabling-hostname-collision]]
86-
== Disabling Host Name Collision Prevention For Ingress Objects
86+
== Disabling Host Name Collision Prevention For Routes and Ingress Objects
8787

8888
In {product-title}, host name collision prevention for routes and ingress
89-
objects is enabled by default. This means that the host name in a route or
90-
ingress object can only be set on creation and not edited afterwards. Disabling
91-
host name collision prevention lets you edit a host name for ingress objects after creation.
92-
However, because {product-title} uses the object creation timestamp to determine
93-
the oldest route or ingress object for a given host name, the route or ingress
94-
object can hijack a host name with a newer route. This can happen if an older
95-
route changes its host name, or if an ingress object is introduced.
96-
97-
This is relevant to {product-title} installations that depend upon Kubernetes
98-
behavior, including allowing the host names in ingress objects be edited.
89+
objects is enabled by default. This means that users without the *cluster-admin*
90+
role can set the host name in a route or ingress object only on creation and
91+
cannot change it afterwards. However, you can relax this restriction on routes
92+
and ingress objects for some or all users.
93+
94+
[WARNING]
95+
====
96+
Because {product-title} uses the object creation timestamp to determine the
97+
oldest route or ingress object for a given host name, a route or ingress object
98+
can hijack a host name of a newer route if the older route changes its host
99+
name, or if an ingress object is introduced.
100+
====
101+
102+
As an {product-title} cluster administrator, you can edit the host name in a
103+
route even after creation. You can also create a role to allow specific users
104+
to do so:
105+
106+
----
107+
$ oc create clusterrole route-editor --verb=update --resource=routes.route.openshift.io/custom-host
108+
----
109+
110+
You can then bind the new role to a user:
111+
112+
----
113+
$ oc adm policy add-cluster-role-to-user route-editor user
114+
----
115+
116+
You can also disable host name collision prevention for ingress objects. Doing
117+
so lets users without the *cluster-admin* role edit a host name for ingress
118+
objects after creation. This is useful to {product-title} installations that
119+
depend upon Kubernetes behavior, including allowing the host names in ingress
120+
objects be edited.
99121

100122
. Add the following to the `master.yaml` file:
101123
+

0 commit comments

Comments
 (0)