Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33510

Kube-apiserver-proxy pod in Hosted Control Plane cluster does not use no_proxy variable

XMLWordPrintable

    • Critical
    • No
    • Hypershift Sprint 253, Hypershift Sprint 254
    • 2
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      This is a clone of issue OCPBUGS-33237. The following is the description of the original issue:

      Description of problem:

      Looks like we are facing a bug when trying to spin up a hosted control plane cluster while using proxy settings to connect to the internet. For example, on our worker node, the static pod kube-apiserver-proxy.yaml doesn't contain the noProxy settings which seem to cause the failure of deploying the hosted cluster.
      
      ~~~
      [root@ocpugbo2cogswo03 manifests]# cat kube-apiserver-proxy.yaml_
      apiVersion: v1
      kind: Pod
      metadata:
        creationTimestamp: null
        labels:
          k8s-app: kube-apiserver-proxy
        name: kube-apiserver-proxy
        namespace: kube-system
      spec:
        containers:
        - command:
          - control-plane-operator
          - kubernetes-default-proxy
          - --listen-addr=<IP-Addr>:6443
          - --proxy-addr=<Proxy-Addr>:<Proxy-port>
          - --apiserver-addr=<API-IP-Addr>:6443
          image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7ca95b9a71e41157c70378896758618b993ad90e6d80a23c46170da5c11f441f
          name: kubernetes-default-proxy
          resources:
            requests:
              cpu: 13m
              memory: 16Mi
          securityContext:
            runAsUser: 1001
        hostNetwork: true
        priorityClassName: system-node-critical
      status: {}
      ~~~
      
      Can you please check this issue.

      Steps to Reproduce:

          1. Install a cluster with ACM and HCP
          2. Try to create a hosted cluster using proxy configuration
          3. kube-apiserver-proxy is using proxy to reach API.

      Actual results:

          The kube-apiserver-proxy is using proxy to reach API. Worker nodes are unable to reach a Hosted Control Plane's API when a cluster-wide http proxy is configured.

      Expected results:

          kube-apiserver-proxy should not use proxy to reach API

      Additional info:

          

              agarcial@redhat.com Alberto Garcia Lamela
              openshift-crt-jira-prow OpenShift Prow Bot
              Jie Zhao Jie Zhao
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: