Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-60263

openshift-etcd etcd endpoint 9979 port should return 401 without auth

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 4.20.0
    • Etcd
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • None
    • Rejected
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      see similar bug OCPBUGS-57585

      the following output was taken from a 4.18.15 but CI has similar results on more recent clusters. 

      $ oc --kubeconfig /tmp/ota-stage.c get ep -n openshift-etcd etcd -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  annotations:
    endpoints.kubernetes.io/last-change-trigger-time: "2025-05-27T14:34:54Z"
  creationTimestamp: "2021-09-13T16:32:57Z"
  labels:
    k8s-app: etcd
  name: etcd
  namespace: openshift-etcd
  resourceVersion: "2744074947"
  uid: 47ac900e-8947-467a-a2cf-24917e732865
subsets:
- addresses:
  - ip: 10.0.151.192
    nodeName: ip-10-0-151-192.ec2.internal
    targetRef:
      kind: Pod
      name: etcd-ip-10-0-151-192.ec2.internal
      namespace: openshift-etcd
      uid: e4dfc07b-a13a-44be-9fe7-573a9a459a00
  - ip: 10.0.155.231
    nodeName: ip-10-0-155-231.ec2.internal
    targetRef:
      kind: Pod
      name: etcd-ip-10-0-155-231.ec2.internal
      namespace: openshift-etcd
      uid: d311facb-b4c6-427a-9074-f12dd8439615
  - ip: 10.0.233.38
    nodeName: ip-10-0-233-38.ec2.internal
    targetRef:
      kind: Pod
      name: etcd-ip-10-0-233-38.ec2.internal
      namespace: openshift-etcd
      uid: 8f11696a-0005-4521-962a-6469f8e183fc
  ports:
  - name: etcd
    port: 2379
    protocol: TCP
  - name: etcd-metrics
    port: 9979
    protocol: TCP

$ oc --kubeconfig /tmp/ota-stage.c  -n hongkliu-test run -i -t debug --image=quay.io/centos/centos:stream9 --restart=Never --rm=true
If you don't see a command prompt, try pressing enter.
bash-5.1# curl -k https://10.0.151.192:9979/metrics
curl: (56) OpenSSL SSL_read: error:0A00045C:SSL routines::tlsv13 alert certificate required, errno 0
bash-5.1# echo $?
56

      Version-Release number of selected component (if applicable):

      $ oc --kubeconfig /tmp/ota-stage.c get clusterversion NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS version   4.18.15   True        False         73d     Cluster version is 4.18.15

      How reproducible:

      always

      Steps to Reproduce:

      1. see descriptions

      Actual results:

      curl failed with exit code 56

      Expected results:

      curl succeeds with http status code 401

      Additional info:

      Discussion: https://github.com/openshift/origin/pull/30014#discussion_r2262378353

      When the bug is fixed, please remove it from this code snippet to avoid regression.

      https://github.com/openshift/origin/blob/4f183dd3427cffd8d97b44557caa782d65726416/test/extended/prometheus/prometheus.go#L64-L71

        1. Screenshot 2025-08-15 at 23.07.44.png
          Screenshot 2025-08-15 at 23.07.44.png
          385 kB

              dwest@redhat.com Dean West
              juzhao@redhat.com Junqi Zhao
              None
              None
              Junqi Zhao Junqi Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: