Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15168

Oauth Server invalidly proxies cloud IAM traffic

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.14.0
    • 4.13, 4.12
    • HyperShift
    • None
    • No
    • Hypershift Sprint 238
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      In the Konnectivity SOCKS proxy: currently the default is to proxy cloud endpoint traffic: https://github.com/openshift/hypershift/blob/main/konnectivity-socks5-proxy/main.go#L61
      
      Due to this after this change: https://github.com/openshift/hypershift/commit/0c52476957f5658cfd156656938ae1d08784b202
      
      The oauth server had a behavior change where it began to proxy iam traffic instead of not proxying it. This causes a regression in Satellite environments running with an HTTP_PROXY server. The original network traffic path needs to be restored

      Version-Release number of selected component (if applicable):

      4.13 4.12

      How reproducible:

      100%

      Steps to Reproduce:

      1. Setup HTTP_PROXY IBM Cloud Satellite environment
      2. In the oauth-server pod run a curl against iam (curl -v https://iam.cloud.ibm.com)
      3. It will log it is using proxy
      

      Actual results:

      It is using proxy 

      Expected results:

      It should send traffic directly (as it does in 4.11 and 4.10)

      Additional info:

       

              rh-ee-brcox Bryan Cox
              lisowskiibm Tyler Lisowski
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: