Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.15.z
Component/s: Documentation / CORENET
Labels:
- triaged

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Moderate
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

We have three issues with Cluster Wide proxy:   

 1. Wildcard (*) for Proxy Bypass:
The OpenShift documentation states, "Use * to bypass the proxy for all destinations." However, when we attempt to use the wildcard (*), we encounter an error stating "invalid proxy."


2. Domain Prefixed with . for Subdomain Matching:
The documentation mentions, "Preface a domain with . to match subdomains only. For example, .y.com matches x.y.com, but not y.com." However, when we specify the cluster domain, it bypasses all destinations, including auth-openshift.apps.clusterdomain, apiserver, api-int server URLs, etc., which contradicts the behavior described in the documentation.

Reference: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/networking/enable-cluster-wide-proxy#nw-proxy-configure-object_config-cluster-wide-proxy  

3. Issues with CamelCase Gateway Domains:
When specifying a gateway domain in CamelCase (e.g., arosvc.EastUS2EUAP.data.azurecr.io) in the NO_PROXY list, it returns an "invalid proxy" error. However, when the domain is converted to lowercase, the configuration works as expected. Given that certain Azure regions use CamelCase formatting, this behavior may lead to issues, especially since customers may attempt to use the gateway domain as it appears in the cluster object, resulting in errors.

Version-Release number of selected component (if applicable):

How reproducible:

 Enable cluster wide proxy as mentioned in document

Steps to Reproduce:

    1. Use wild card to bypass all destinations ex: *.clusterdomain
    2. Add clusterDomain to the noProxy list and all other necessary entries, but do not add .apps.clusterdomain, apiserver, api-int server , still we can see that cluster is functioning properly as expected.
    3. Use an azure region where we have the camel case letters ex: EastUS2EUAP

Actual results:

1. It will return error saying "invalid proxy" 
2. currently all destinations are bypassed for a domain. 
3. "invalid proxy" error is returned with camel case letters.

Expected results:

1. Use of wild card(*) should not result in "invalid proxy" error, instead it should bypass all destinations in the domain. 
2. If the current behavior is expected then update the documentation. 
3. camel case letters in proxy list also should work.

Additional info:

Assignee:: Jesse Dohmann

Reporter:: Lini Kurien

Need Info From:: None

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/03/12 5:55 PM

Updated:: 2025/07/15 1:19 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates