Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhos-18.0.7
Affects Version/s: None
Component/s: ironic-operator
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs Approval:
?
Fixed in Build:
ironic-operator-container-1.0.8-10
Regression:
None
Intelligence Requested:
Market:
Errata Link:
https://errata.engineering.redhat.com/advisory/147990
Target Version:

rhos-18.0.10 FR 3

Sprint:
HardProv Sprint 1
sprint_count:
1
Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Service operators deploying httpd container are not setting RequestHeader X-Forwarded-Proto setting for non tls deployments, which results into response containing https urls even with tls disabled.

Some operators hard code it to https and others like neutron had it conditionally set but it was not honoring tls.ingress=true so was setting it to "http".

It should be set similar to below to work with both ocp route and LoadBalancer:-

{{- if $vhost.TLS }}
  RequestHeader setIfEmpty X-Forwarded-Proto "https"
{{- else }}
  RequestHeader setIfEmpty X-Forwarded-Proto "http"
{{- end }}

links to

[18.0-fr1] Fix httpd config for X-Forwarded-Proto Jira: <OSPRH-12377> #509

[18.0-fr1] Fix httpd config for X-Forwarded-Proto Jira: <OSPRH-12377> #513

openstack-k8s-operators/ironic-operator#508: Fix httpd config for X-Forwarded-Proto Jira: <OSPRH-12377>

RHBA-2025:147990 Release of containers for RHOSO OpenStack Podified operator

mentioned on

Merge request - Updated US source to: 86d5865 Merge pull request #513 from openshift-cherrypick-robot/cherry-pick-508-to-18.0-fr1

Assignee:: Jason Paroly

Reporter:: Yatin Karel

Team:: rhos-dfg-hardprov

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/12/11 1:17 PM

Updated:: 2025/04/24 11:03 PM

Resolved:: 2025/04/24 11:03 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty