-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.14.z
-
+
-
Moderate
-
No
-
False
-
-
Release Note Not Required
-
In Progress
-
-
-
-
This is a clone of issue OCPBUGS-26762. The following is the description of the original issue:
—
Description of problem:
When a proxy.config.openshift.io is specified on a HyperShift cluster (in this case ROSA HCP), the network cluster operator is degraded:
❯ k get co network NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE network 4.14.6 True False True 2d1h The configuration is invalid for proxy 'cluster' (readinessEndpoint probe failed for endpoint 'https://api.openshift.com': endpoint probe failed for endpoint 'https://api.openshift.com' using proxy 'http://ip-172-17-1-38.ec2.internal:3128': Get "https://api.openshift.com": Service Unavailable). Use 'oc edit proxy.config.openshift.io cluster' to fix.
because the CNO pod runs on the management cluster and does not have connectivity to the customer's proxy which is accessible from the HyperShift worker nodes' network.
Version-Release number of selected component (if applicable):
4.14.6
How reproducible:
100%
Steps to Reproduce:
1. Create a proxy that's only accessible from a HyperShift cluster's workers network
2. Update the cluster's proxy.config.openshift.io cluster object accordingly
3. Observe that the network ClusterOperator is degraded
Actual results:
I'm not sure how important it is that the CNO has connectivity to api.openshift.com and leave it up for discussion. Maybe CNO should ignore the proxy configuration in HyperShift for its own health checks for example.
Expected results:
The network ClusterOperator is not degraded
Additional info:
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
-
RHBA-2024:3889
OpenShift Container Platform 4.15.z bug fix update
