origin: Route's new admission routes/custom-host doesn't work for legacy API

caused by: https://github.com/openshift/origin/pull/13905

I am using legacy API and, after the aforementioned change, attempts to create a route fail on permissions with: spec.host: Forbidden: you do not have permission to set the host field of the route

Full log is here: https://travis-ci.org/tnozicka/openshift-acme/jobs/244432395#L1211

I have already tried adding

  - routes/custom-host
  - routes/status

to the cluster role https://github.com/tnozicka/openshift-acme/blob/ceb941e145d0a3fa1bcf073cdca58f84837db203/deploy/clusterrole.yaml#L12-L13 but it doesn’t help

This breaks openshift-acme project for Openshift 3.6. (Works fine with earlier versions.) Reported in https://github.com/tnozicka/openshift-acme/issues/8

tested with openshift/origin:v3.6.0-alpha.2 (works fine with openshift/origin:v1.4.1 and openshift/origin:v1.5.1)

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 24 (21 by maintainers)

Most upvoted comments

it’s about the clusterrole edit, why are the apiGroups not set by default

they are: https://github.com/openshift/origin/blob/b65ef46f44bddefb67959123670f2f1b2d603adb/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml#L1325-L1331

if you are upgrading from a previous release, you need to reconcile cluster roles to ensure default roles are up to date

+1
liggitt on Nov 3, 2017
Read more comments on GitHub
← origin: Requesting a token returns a redirect containing the access token
origin: S2I build fails, tar: /tmp: Cannot open: Permission denied →