Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50663

Some new network data type not obfuscated in hosted cluster with OVN when obfuscation is enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 4.19
    • Insights Operator

      Description of problem:

      Unlike the original bug, some new types of network data weren't obfuscated in the Hosted-Hypershift,but they're similar.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Create a new Hostde-Hypershift cluster then run the test_cluster_base_domain_obfuscation.

      Steps to Reproduce:

          1. Create a new Hosted-Hypershift cluster.
    2. Use the cluster that is built in step 1 to run test_cluster_base_domain_obfuscation.    

      Actual results:

      The test case test_cluster_base_domain_obfuscation failed due to some target data wasn't obfuscated.

      Expected results:

      The test case test_cluster_base_domain_obfuscation is passed.

      Additional info:

      •  In the Insights archive 'config/infrastructure.json', the following api_url  is still visible.
      https://adc6b8f731c1a42438e10790601571ce-07c0131de02702a9.elb.us-east-1.amazonaws.com:6443

      The content of the above archive:

      {"metadata":{"name":"cluster","uid":"97719f9b-3dae-4840-ba2e-c6bba4ce0f66","resourceVersion":"1378","generation":2,"creationTimestamp":"2025-02-11T05:44:40Z","labels":{"hypershift.openshift.io/managed":"true"},"annotations":{"include.release.openshift.io/ibm-cloud-managed":"true","include.release.openshift.io/self-managed-high-availability":"true","release.openshift.io/create-only":"true"},"ownerReferences":[{"apiVersion":"config.openshift.io/v1","kind":"ClusterVersion","name":"version","uid":"8c5ab5c2-d868-4590-b04f-0be449f3191f"}]},"spec":{"cloudConfig":{"name":""},"platformSpec":{"type":"AWS","aws":{}}},"status":{"infrastructureName":"xxxxx","platform":"AWS","platformStatus":{"type":"AWS","aws":{"region":"xxxxxxxxx","resourceTags":[{"key":"prow.k8s.io/build-id","value":"1889186638685278208"},{"key":"expirationDate","value":"2025-02-11T09:41+00:00"},{"key":"prow.k8s.io/job","value":"release-openshift-origin-installer-launch-hypershift-hosted"}]}},"etcdDiscoveryDomain":"<CLUSTER_BASE_DOMAIN>","apiServerURL":"https://adc6b8f731c1a42438e10790601571ce-07c0131de02702a9.elb.us-east-1.amazonaws.com:6443","apiServerInternalURI":"https://adc6b8f731c1a42438e10790601571ce-07c0131de02702a9.elb.us-east-1.amazonaws.com:6443","controlPlaneTopology":"External","infrastructureTopology":"SingleReplica","cpuPartitioning":"None"}}

       

       

      • In the Insights archive ' config/pod/openshift-ovn-kubernetes/ovnkube-node-mj5dw.json', the following hostname is still visible.
      elb.us-east-1.amazonaws.com

      The key content of the above archive: 

      [{"name":"ovnmetrics-port","hostPort":29105,"containerPort":29105,"protocol":"TCP"}],"env":[{"name":"KUBERNETES_SERVICE_PORT","value":"6443"},{"name":"KUBERNETES_SERVICE_HOST","value":"adc6b8f731c1a42438e10790601571ce-07c0131de02702a9.elb.us-east-1.amazonaws.com"},{"name":"OVN_CONTROLLER_INACTIVITY_PROBE","value":"180000"},

              rh-ee-ijimeno Isaac Jimeno
              rh-ee-bazhou baiyang zhou
              baiyang zhou baiyang zhou
              Steven Smith Steven Smith
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: