@@ -83,19 +83,41 @@ Alternatively, instead of specifying specific project names, you can use the
83
83
`--selector=<project_selector>` option.
84
84
85
85
[[admin-guide-disabling-hostname-collision]]
86
- == Disabling Host Name Collision Prevention For Ingress Objects
86
+ == Disabling Host Name Collision Prevention For Routes and Ingress Objects
87
87
88
88
In {product-title}, host name collision prevention for routes and ingress
89
- objects is enabled by default. This means that the host name in a route or
90
- ingress object can only be set on creation and not edited afterwards. Disabling
91
- host name collision prevention lets you edit a host name for ingress objects after creation.
92
- However, because {product-title} uses the object creation timestamp to determine
93
- the oldest route or ingress object for a given host name, the route or ingress
94
- object can hijack a host name with a newer route. This can happen if an older
95
- route changes its host name, or if an ingress object is introduced.
96
-
97
- This is relevant to {product-title} installations that depend upon Kubernetes
98
- behavior, including allowing the host names in ingress objects be edited.
89
+ objects is enabled by default. This means that users without the *cluster-admin*
90
+ role can set the host name in a route or ingress object only on creation and
91
+ cannot change it afterwards. However, you can relax this restriction on routes
92
+ and ingress objects for some or all users.
93
+
94
+ [WARNING]
95
+ ====
96
+ Because {product-title} uses the object creation timestamp to determine the
97
+ oldest route or ingress object for a given host name, a route or ingress object
98
+ can hijack a host name of a newer route if the older route changes its host
99
+ name, or if an ingress object is introduced.
100
+ ====
101
+
102
+ As an {product-title} cluster administrator, you can edit the host name in a
103
+ route even after creation. You can also create a role to allow specific users
104
+ to do so:
105
+
106
+ ----
107
+ $ oc create clusterrole route-editor --verb=update --resource=routes.route.openshift.io/custom-host
108
+ ----
109
+
110
+ You can then bind the new role to a user:
111
+
112
+ ----
113
+ $ oc adm policy add-cluster-role-to-user route-editor user
114
+ ----
115
+
116
+ You can also disable host name collision prevention for ingress objects. Doing
117
+ so lets users without the *cluster-admin* role edit a host name for ingress
118
+ objects after creation. This is useful to {product-title} installations that
119
+ depend upon Kubernetes behavior, including allowing the host names in ingress
120
+ objects be edited.
99
121
100
122
. Add the following to the `master.yaml` file:
101
123
+
0 commit comments