Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42974

Traffic to audit-webhook:8443 getting routed through Konnectivity proxy in ROSA

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.14, 4.15, 4.16, 4.17
    • HyperShift
    • Important
    • None
    • Hypershift Sprint 260
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, for managed services on {hcp}, audit logs were sent to a local webhook service, `audit-webhook`. This caused issues for {hcp} pods that sent audit logs through the `konnectivity` service. With this release, `audit-webhook` is added to the list of `no_proxy` hosts so that {hcp} pods can send auti logs to the `audit-webhook` service. (link:https://issues.redhat.com/browse/OCPBUGS-42974[*OCPBUGS-42974*])
      Show
      * Previously, for managed services on {hcp}, audit logs were sent to a local webhook service, `audit-webhook`. This caused issues for {hcp} pods that sent audit logs through the `konnectivity` service. With this release, `audit-webhook` is added to the list of `no_proxy` hosts so that {hcp} pods can send auti logs to the `audit-webhook` service. (link: https://issues.redhat.com/browse/OCPBUGS-42974 [* OCPBUGS-42974 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-42873. The following is the description of the original issue:

      Description of problem:

      openshift-apiserver that sends traffic through konnectivity proxy is sending traffic intended for the local audit-webhook service. The audit-webhook service should be included in the NO_PROXY env var of the openshift-apiserver container.

      4.14.z,4.15.z,4.15.z,4.16.z

          How reproducible:{code:none} Always

      Steps to Reproduce:

          1. Create a rosa hosted cluster
    2. Obeserve logs of the konnectivity-proxy sidecar of openshift-apiserver
    3.

      Actual results:

           Logs include requests to the audit-webhook local service

      Expected results:

            Logs do not include requests to audit-webhook

      Additional info:

            cewong@redhat.com Cesar Wong
            openshift-crt-jira-prow OpenShift Prow Bot
            He Liu He Liu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: