Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3560

PROXY protocol is not configurable for "private" endpoint publishing strategy

XMLWordPrintable

    • Moderate
    • None
    • 3
    • Sprint 227, Sprint 228, Sprint 229, Sprint 230, Sprint 231, Sprint 232, Sprint 233, Sprint 234, Sprint 235
    • 9
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      PROXY protocol cannot be enabled for the "Private" endpoint publishing strategy type.

      Version-Release number of selected component (if applicable):

      4.10.0+. PROXY protocol was made configurable for the "HostNetwork" and "NodePortService" endpoint publishing strategy types, but not for "Private", in this release.

      How reproducible:

      Always.

      Steps to Reproduce:

      1. Create an ingresscontroller with the "Private" endpoint publishing strategy type:

      oc create -f - <<'EOF'
      apiVersion: operator.openshift.io/v1
      kind: IngressController
      metadata:
        name: example
        namespace: openshift-ingress-operator
      spec:
        domain: example.com
        endpointPublishingStrategy:
          type: Private
          private:
            protocol: PROXY
      EOF
      

      2. Check the ingresscontroller's status:

      oc -n openshift-ingress-operator get ingresscontrollers/example -o 'jsonpath={.status.endpointPublishingStrategy}'
      

      3. Check whether the resulting router deployment has PROXY protocol enabled.

      oc -n openshift-ingress get deployments/router-example -o 'jsonpath={.spec.template.spec.containers[0].env[?(@.name=="ROUTER_USE_PROXY_PROTOCOL")]}'
      

      Actual results:

      The ingresscontroller is created:

      ingresscontroller.operator.openshift.io/example created
      

      The status shows that the spec.endpointPublishingStrategy.private.protocol setting was ignored:

      {"private":{},"type":"Private"}
      

      The deployment does not enable PROXY protocol; the oc get command prints no output.

      Expected results:

      The ingresscontroller's status should indicate that PROXY protocol is enabled:

      {"private":{"protocol":"PROXY"},"type":"Private"}
      

      The deployment should have PROXY protocol enabled:

      {"name":"ROUTER_USE_PROXY_PROTOCOL","value":"true"}
      

      Additional info:

      This bug report duplicates https://bugzilla.redhat.com/show_bug.cgi?id=2104481 in order to facilitate backports.

              mmasters1@redhat.com Miciah Masters
              mmasters1@redhat.com Miciah Masters
              Shudi Li Shudi Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: