-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.18
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Updates to the `spec.configuration.proxy.noProxy` field in a HostedCluster manifest are not being applied to the kube-apiserver deployment. The HyperShift operator's reconciliation process appears to be blocked, as the HostedControlPlane resource is not updating its configuration to match the latest HostedCluster manifest. This issue persists even after resolving previous reconciliation blockers.
Version-Release number of selected component (if applicable):
How reproducible:
Can be reproduced.
Steps to Reproduce:
1. Create a Hosted Control Plane cluster with a cluster-wide proxy. 2. Update the HostedCluster manifest to add a new entry (e.g., .example.com) to the noProxy list. 3. Observe that the HostedCluster resource's generation increments to 8. 4. Check the HostedControlPlane resource and confirm its observedGeneration remains at an older value (7). 5. Attempt to force reconciliation by restarting the control plane components. 6. Observe that the kube-apiserver deployment is recreated but its NO_PROXY environment variable does not contain the new entry.
Actual results:
1. The HostedCluster resource is successfully updated with the new noProxy entry and its generation is incremented. 2. The HostedControlPlane resource's observedGeneration is stuck at 7, and its proxy configuration does not include the new noProxy entry. 3. The kube-apiserver deployment is continually created using the old, unreconciled noProxy list, confirming the reconciliation blockage.
Expected results:
1. When the HostedCluster resource is updated, the HostedControlPlane's reconciliation process should complete successfully. 2. The HostedControlPlane's observedGeneration should be updated to match the HostedCluster's generation (8). 3. The kube-apiserver deployment should be rolled out with the updated proxy configuration, including the new noProxy entry.
Additional info:
- The HostedCluster resource has generation: 8 and observedGeneration: 8, indicating the change has been registered. - The HostedControlPlane resource has generation: 6 but its observedGeneration is stuck at 7. - A previous reconciliation block related to an expired "Baltimore CyberTrust Root" CA certificate was successfully resolved, but this new issue persists. - This points to a bug in the operator's logic for reconciling the HostedControlPlane, specifically preventing it from updating to the latest HostedCluster specification.