Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38990

node-joiner pod does not honour cluster wide proxy

XMLWordPrintable

    • Low
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously the "oc adm node-image create" command ignored the cluster-wide proxy setting, thus failing when executed against a cluster into a restricted environment with a proxy. The fix now includes the cluster proxy resource settings - if available - when running the command, to allow a correct execution also in such scenarios
      Show
      Previously the "oc adm node-image create" command ignored the cluster-wide proxy setting, thus failing when executed against a cluster into a restricted environment with a proxy. The fix now includes the cluster proxy resource settings - if available - when running the command, to allow a correct execution also in such scenarios
    • Bug Fix
    • In Progress

      Description of problem:

      node-joiner pod does not honour cluster wide testing   

      Version-Release number of selected component (if applicable):

      OCP 4.16.6

      How reproducible:

      Always

      Steps to Reproduce:

          1. Configure an OpenShift cluster wide proxy according to https://docs.openshift.com/container-platform/4.16/networking/enable-cluster-wide-proxy.html and add Red Hat urls (quay.io and alii) to the proxy allow list.
          2. Add a node to a cluster using a node joiner pod, following https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/add-nodes.md
          

      Actual results:

      Error retrieving the images on quay.io
      time=2024-08-22T08:39:02Z level=error msg=Release Image arch could not be found: command '[oc adm release info quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd -o=go-template={{if and .metadata.metadata (index . "metadata" "metadata" "release.openshift.io/architecture")}}{{index . "metadata" "metadata" "release.openshift.io/architecture"}}{{else}}{{.config.architecture}}{{end}} --insecure=true --registry-config=/tmp/registry-config1164077466]' exited with non-zero exit code 1:time=2024-08-22T08:39:02Z level=error msg=error: unable to read image quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd: Get "http://quay.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)    

      Expected results:

        node-joiner is able to downoad the images using the proxy

      Additional info:
      By allowing full direct internet access, without a proxy, the node joiner pod is able to download image from quay.io.

      So there is a strong suspicion that the http timeout error above comes from the pod not being to use the proxy.

      Restricted environementes when external internet access is only allowed through a proxy allow lists is quite common in corporate environements.

      Please consider honouring the openshift proxy configuration .

              afasano@redhat.com Andrea Fasano
              rhn-support-ekasprzy Emmanuel Kasprzyk
              Biagio Manzari Biagio Manzari
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: