Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-18438

DNS Resolution not working fine for ingress operator through SOCKS proxy


      Description of the Problem:

      When we deploy a IPv6/Disconnected HostedCluster, we can see that the Ingress Cluster Operator looks as degraded showing this message:

      clusteroperator.config.openshift.io/ingress                                    4.14.0-0.nightly-2023-08-29-102237   True        False         True     43m     The "default" ingress controller reports Degraded=True: DegradedConditions: One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False (CanaryChecksRepetitive Failures: Canary route checks for the default ingress controller are failing) 


      Also we can see the canary route accesible from the ingressOperator pod using curl command but the golang code doesn't.

      2023-08-31T16:23:07.264Z    ERROR    operator.canary_controller    wait/backoff.go:226    error performing canary route check    {"error": "error sending canary HTTP request to \"canary-openshift-ingress-canary.apps.hosted.hypershiftbm.lab\": Get \"https://canary-openshift-ingress-canary.apps.hosted.hypershiftbm.lab/\": socks connect tcp>canary-openshift-ingress-canary.apps.hosted.hypershiftbm.lab:443: unknown error host unreachable"} 


      After a debugging session, looks like the DNS resolution of the ingress operator through SOCKS proxy which also go through Konnectivity component, does not work properly because delegates the resolution in the Hub cluster which is not the desired behaviour.

            jparrill@redhat.com Juan Manuel Parrilla Madrid
            jparrill@redhat.com Juan Manuel Parrilla Madrid
            Liangquan Li Liangquan Li
            Elsa Passaro, Lubov Shilin, Shelly Miron
            0 Vote for this issue
            11 Start watching this issue