Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.18, 4.19, 4.20
Component/s: HyperShift
Labels:
None

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

Hypershift Konnectivity fails to add AWS ISO (classified) domains to the ingress operator's NO_PROXY list.  This prevents necessary direct (not proxied) communication with endpoints in those namespaces.  The current list of cloud domains configured to be routed through the management cluster and not through Konnectivity can be found at https://github.com/openshift/hypershift/blob/main/support/konnectivityproxy/dialer.go#L462-L485.  The AWS ISO region domains that need to be added are:

".c2s.ic.gov"
".hci.ic.gov"
".sc2s.sgov.gov"

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

Assignee:: Unassigned

Reporter:: Chad Wigal

Need Info From:: None

Contributors:: None

QA Contact:: Yu Li

Doc Contact:: None

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2026/02/18 3:36 PM

Updated:: 2026/02/18 3:50 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates