-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
4.16
-
None
-
Low
-
None
-
False
-
-
-
Bug Fix
-
Done
This is a clone of issue OCPBUGS-38990. The following is the description of the original issue:
—
Description of problem:
node-joiner pod does not honour cluster wide testing
Version-Release number of selected component (if applicable):
OCP 4.16.6
How reproducible:
Always
Steps to Reproduce:
1. Configure an OpenShift cluster wide proxy according to https://docs.openshift.com/container-platform/4.16/networking/enable-cluster-wide-proxy.html and add Red Hat urls (quay.io and alii) to the proxy allow list. 2. Add a node to a cluster using a node joiner pod, following https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/add-nodes.md
Actual results:
Error retrieving the images on quay.io time=2024-08-22T08:39:02Z level=error msg=Release Image arch could not be found: command '[oc adm release info quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd -o=go-template={{if and .metadata.metadata (index . "metadata" "metadata" "release.openshift.io/architecture")}}{{index . "metadata" "metadata" "release.openshift.io/architecture"}}{{else}}{{.config.architecture}}{{end}} --insecure=true --registry-config=/tmp/registry-config1164077466]' exited with non-zero exit code 1:time=2024-08-22T08:39:02Z level=error msg=error: unable to read image quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd: Get "http://quay.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Expected results:
node-joiner is able to downoad the images using the proxy
Additional info:
By allowing full direct internet access, without a proxy, the node joiner pod is able to download image from quay.io.
So there is a strong suspicion that the http timeout error above comes from the pod not being to use the proxy.
Restricted environementes when external internet access is only allowed through a proxy allow lists is quite common in corporate environements.
Please consider honouring the openshift proxy configuration .
- account is impacted by
-
OCPBUGS-44637 Cannot apply proxy certificate to pod(node-joiner)
- ASSIGNED
- clones
-
OCPBUGS-38990 node-joiner pod does not honour cluster wide proxy
- Verified
- is blocked by
-
OCPBUGS-38990 node-joiner pod does not honour cluster wide proxy
- Verified
- links to
-
RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update