Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-39090

node-joiner pod does not honour cluster wide proxy

XMLWordPrintable

    • Low
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the `oc adm node-image create` command failed when run against a cluster in a restricted environment with a proxy because the command ignored the cluster-wide proxy setting. With this release, when the command is run it checks the cluster proxy resource settings, where available, to ensure the command is run successfully and the issue is resolved. (link:https://issues.redhat.com/browse/OCPBUGS-39090[*OCPBUGS-39090*])
      Show
      * Previously, the `oc adm node-image create` command failed when run against a cluster in a restricted environment with a proxy because the command ignored the cluster-wide proxy setting. With this release, when the command is run it checks the cluster proxy resource settings, where available, to ensure the command is run successfully and the issue is resolved. (link: https://issues.redhat.com/browse/OCPBUGS-39090 [* OCPBUGS-39090 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-38990. The following is the description of the original issue:

      Description of problem:

      node-joiner pod does not honour cluster wide testing  

      Version-Release number of selected component (if applicable):

      OCP 4.16.6

      How reproducible:

      Always

      Steps to Reproduce:

          1. Configure an OpenShift cluster wide proxy according to https://docs.openshift.com/container-platform/4.16/networking/enable-cluster-wide-proxy.html and add Red Hat urls (quay.io and alii) to the proxy allow list.
    2. Add a node to a cluster using a node joiner pod, following https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/add-nodes.md

      Actual results:

      Error retrieving the images on quay.io
time=2024-08-22T08:39:02Z level=error msg=Release Image arch could not be found: command '[oc adm release info quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd -o=go-template={{if and .metadata.metadata (index . "metadata" "metadata" "release.openshift.io/architecture")}}{{index . "metadata" "metadata" "release.openshift.io/architecture"}}{{else}}{{.config.architecture}}{{end}} --insecure=true --registry-config=/tmp/registry-config1164077466]' exited with non-zero exit code 1:time=2024-08-22T08:39:02Z level=error msg=error: unable to read image quay.io/openshift-release-dev/ocp-release@sha256:24ea553ce2e79fab0ff9cf2917d26433cffb3da954583921926034b9d5d309bd: Get "http://quay.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)  

      Expected results:

        node-joiner is able to downoad the images using the proxy

      Additional info:
      By allowing full direct internet access, without a proxy, the node joiner pod is able to download image from quay.io.

      So there is a strong suspicion that the http timeout error above comes from the pod not being to use the proxy.

      Restricted environementes when external internet access is only allowed through a proxy allow lists is quite common in corporate environements.

      Please consider honouring the openshift proxy configuration .

            beth.white Beth White
            openshift-crt-jira-prow OpenShift Prow Bot
            Biagio Manzari Biagio Manzari
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: