-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.14.z
-
+
-
Moderate
-
No
-
SDN Sprint 254
-
1
-
Rejected
-
False
-
-
Release Note Not Required
-
In Progress
Description of problem:
When a proxy.config.openshift.io is specified on a HyperShift cluster (in this case ROSA HCP), the network cluster operator is degraded:
❯ k get co network NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGEhttps://github.com/openshift/ovn-kubernetes/pull/2135 network 4.14.6 True False True 2d1h The configuration is invalid for proxy 'cluster' (readinessEndpoint probe failed for endpoint 'https://api.openshift.com': endpoint probe failed for endpoint 'https://api.openshift.com' using proxy 'http://ip-172-17-1-38.ec2.internal:3128': Get "https://api.openshift.com": Service Unavailable). Use 'oc edit proxy.config.openshift.io cluster' to fix.
because the CNO pod runs on the management cluster and does not have connectivity to the customer's proxy which is accessible from the HyperShift worker nodes' network.
Version-Release number of selected component (if applicable):
4.14.6
How reproducible:
100%
Steps to Reproduce:
1. Create a proxy that's only accessible from a HyperShift cluster's workers network
2. Update the cluster's proxy.config.openshift.io cluster object accordingly
3. Observe that the network ClusterOperator is degraded
Actual results:
I'm not sure how important it is that the CNO has connectivity to api.openshift.com and leave it up for discussion. Maybe CNO should ignore the proxy configuration in HyperShift for its own health checks for example.
Expected results:
The network ClusterOperator is not degraded
Additional info:
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update
