-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
4.11, 4.17
-
None
Description of problem:
Proxy settings in buildDefaults preserved in image
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
I have a customer, so during builds their developers need proxy access. For this they have configured buildDefaults on thier cluster as described here:https://docs.openshift.com/container-platform/4.10/cicd/builds/build-configuration.html. The problem is that buildDefaults.defaultProxy sets the proxy environment variables in uppercase. Several RedHat S2I images use tools that depend on curl. curl only supports lower-case proxy environment variables. As such the defaultProxy settings are not taken into account.To workaround this "behavior defect", they have configured: - buildDefaults.env.http_proxy - buildDefaults.env.https_proxy - buildDefaults.env.no_proxy But the side effect is that the lowercase environment variables are preserved in the container image. So at runtime, the proxy settings are still active and they constantly have to support developers to unset them again (when using non-fqdn for example). This is causing frustration for them and thier developers. 1. Why can't the buildDefaults.defaultProxy not be set in lower and uppercase proxy settings?2. Why are the buildDefaults.env preserved in the container image while buildDefaults.defaultProxy is correctly unset/removed from the container image. As the name implies, for us "buildDefaults" should only be kept during the build and settings should correctly be removed before pushing the image in the registry.Also have shared them the below KCS: https://access.redhat.com/solutions/1575513. But cu was not satisfied with that , and they responded with the following: The article does not provide a solution to the problem. It describes the same and gives a dirty workaround a developers will have to apply it on each individual buildconfig. This is not wanted. The fact that we set these envs using buildDefaults, is the same workaround. But still the core problem remains: the envs are preserved in the container image when using this workaround. This needs to be addressed by engineering so this is fixed properly.
Actual results:
Expected results:
Additional info:
- blocks
-
OCPBUGS-34825 Proxy settings in buildDefaults preserved in image
- Closed
- is cloned by
-
OCPBUGS-34825 Proxy settings in buildDefaults preserved in image
- Closed
- links to
-
RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update
(1 links to)