To deploy OCP cluster in a disconnected/restricted network with http proxy and the minimal firewall accessibility granted in proxy white-list, the cluster operator cloud-credential tells "7 of 7 credentials requests are failing to sync" error, which seems leading to almost no cluster operator available and no control-plane node ready.

    4.16.0-0.nightly-2024-04-15-184947

    Always

    Launch Flexy-install job using below template [1].

Almost all cluster operators are unavailable, and all control-plane nodes are not ready. It looks like the cluster operator cloud-credential doesn't use the http proxy to connect to oauth2.googleapis.com. 

bootstrap/containers/cloud-credential-operator-c8e0b3e63944ecea8edee0a111b7a3aa59fb751d1e9648e2bd771cf2ab232a07.log:877:time="2024-04-16T09:17:12Z" level=error msg="error determining whether a credentials update is needed" actuator=gcp cr=openshift-cloud-credential-operator/openshift-cloud-network-config-controller-gcp error="error checking whether service APIs are enabled: error checking whether service APIs are enabled: error retrieving list of enabled APIs: error getting project number: Get \"https://cloudresourcemanager.googleapis.com/v1/projects/openshift-qe?alt=json&prettyPrint=false\": oauth2: cannot fetch token: Post \"https://oauth2.googleapis.com/token\": dial tcp 142.251.161.95:443: i/o timeout"

The installation should succeed.

FYI one recently fixed bug of the same scenario: https://issues.redhat.com/browse/OCPBUGS-12890

[1]
QE Flexy-install job: Flexy-install/276917/

VARIABLES_LOCATION private-templates/functionality-testing/aos-4_16/ipi-on-gcp/versioned-installer_customer_vpc-http_proxy-private_cluster-whitelist