-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.17, 4.18, 4.19, 4.20
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
Installer (PB) Sprint 265, Installer Sprint 266, Agent Sprint 267, Agent Sprint 268, Agent Sprint 269, Agent Sprint 270, Agent Sprint 271, Agent Sprint 272, Agent Sprint 273, Agent Sprint 274, Agent Sprint 275, Agent Sprint 276, Agent Sprint 277, Agent Sprint 278
-
14
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When executing oc adm node-image create, "error: context deadline exceeded" is printed and ISO image is not generated
Version-Release number of selected component (if applicable):
OCP 4.17.3
How reproducible:
Always
Steps to Reproduce:
Steps 1) Prepare the following execution environmentExecution environment: A 3-node cluster built using the Agent-based Installer method Online environment with Internet access. Online environment with Internet access. A proxy is available. A proxy certificate is required for connection. 2) Refer to the official document and command help, and execute the following commands (4 patterns) 1. $ oc adm node-image create nodes-config.yaml --skip-verification=true --registry-config='pull-secret.json' 2. 2. $ oc adm node-image create nodes-config.yaml --insecure=true --registry-config='pull-secret.json' 3. 3. $ oc adm node-image create nodes-config.yaml --skip-verification=true --insecure=true --registry-config='pull-secret.json' 4. 4. $ oc adm node-image create nodes-config.yaml --certificate-authority='<proxy certificate>' --registry-config='pull-secret.json'
Actual results:
The "error: context deadline exceeded" is printed in any of the patterns described in [What we did], and the ISO image is not generated. The log of the pod (node-joiner-xxxxx) created during execution shows that the process stops in the phase of executing "oc image extract". HTTPS_PROXY, HTTP_PROXY, and NO_PROXY are applied to pod (node-joiner-xxxxx). Log in to pod (node-joiner-xxxxx) and execute curl against the external URL, When I log into pod (node-joiner-xxxxx) and run curl against an external URL, I get "SSL certificate problem: unable to get local issuer certificate", It appears that the proxy certificate is not being applied to the pod (the user-ca-bundle in proxy/cluster contains the proxy certificate).
Expected results:
Pod must be able to read certificates and perform Proxy communication
Additional info:
$ oc version Client Version: 4.17.3 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: 4.17.3 Kubernetes Version: v1.30.5 Requests. 1. Please let us how to apply a proxy certificate to a pod (node-joiner-xxxxx) created during execution. 2. Please let us if there are any options or procedures to change the reference of oc extract image that is executed on pod (node-joiner-xxxxx) created during execution. (Can the reference be changed to a private registry, etc. that does not go through a proxy, not the reference of the environment where oc adm node-image create is executed, but the reference of the oc extract image that is executed on the pod (node-joiner-xxxxx)?
- impacts account
-
-
- Closed
-
- links to