Bug 1302422

Summary: [behind proxy] TLS oversized record error while on proxy
Product: OKD Reporter: Chris Ryan <cryan>
Component: ocAssignee: Fabiano Franz <ffranz>
Status: CLOSED CURRENTRELEASE QA Contact: Wei Sun <wsun>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: akostadi, aos-bugs, jliggitt, mmccomas, pruan, yapei
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 17:10:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Ryan 2016-01-27 20:09:38 UTC 
Description of problem:
When running the 'oc exec' command over an http proxy, the following error is noticed: 

error: error sending request: Post https://<openshift_master>:8443/api/v1/namespaces/5twyu/pods/frontend-1-m68w4/exec?command=env&container=ruby-helloworld&container=ruby-helloworld&stderr=true&stdout=true: tls: oversized record received with length 20527


Version-Release number of selected component (if applicable):
oc v1.1.0.1
kubernetes v1.1.0-origin-1107-g4c8e6f4

How reproducible:
Always

Steps to Reproduce:
1. Create a project
2. Create a pod
3. Run 'oc exec' on the pod while over an http proxy:
oc exec frontend-1-m68w4  --config=ose_test1.kubeconfig -n 5twyu  -- env

Actual results:

error: error sending request: Post https://<openshift_master>:8443/api/v1/namespaces/5twyu/pods/frontend-1-m68w4/exec?command=env&container=ruby-helloworld&container=ruby-helloworld&stderr=true&stdout=true: tls: oversized record received with length 20527

Expected results:

The command should run successfully without error

Additional info:
Comment 2 Peter Ruan 2016-01-27 20:14:23 UTC 
Looks like it's a docker issue? https://github.com/docker/docker/issues/14793
Comment 3 Jordan Liggitt 2016-02-15 17:05:18 UTC 
No, not a docker issue. When proxying a https backend through a http proxy, what is the expected TLS behavior?
Comment 4 Aleksandar Kostadinov 2016-02-15 20:09:51 UTC 
@Jordan, HTTPS over HTTP proxy usually means making a CONNECT call to the remote host and then keep doing business as usual. It's not like HTTP proxying where client asks proxy for resource and proxy retrieves on its behalf.

The strange thing is that `oc whatever` works but not `oc exec`. Is not `oc exec` using same API access like any other `oc` call? Or is it hitting other hosts/ports?
Comment 5 Fabiano Franz 2016-02-20 00:14:29 UTC 
Fixed in https://github.com/openshift/origin/pull/7362
Comment 9 Wei Sun 2016-02-24 01:18:47 UTC 
Verified this bug using oc v3.1.1.905.

Result:
$ oc exec ruby-hello-world-1-rsglj -- env
PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ruby-hello-world-1-rsglj
RUBY_HELLO_WORLD_PORT=tcp://172.31.154.85:8080
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT_DNS_TCP=53
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_53_TCP_PORT=53
RUBY_HELLO_WORLD_SERVICE_HOST=172.31.154.85
RUBY_HELLO_WORLD_PORT_8080_TCP_PORT=8080
RUBY_HELLO_WORLD_PORT_8080_TCP_ADDR=172.31.154.85
KUBERNETES_PORT=tcp://172.31.0.1:443
KUBERNETES_PORT_443_TCP=tcp://172.31.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_53_UDP_PROTO=udp
KUBERNETES_PORT_53_UDP_ADDR=172.31.0.1
KUBERNETES_PORT_53_TCP_PROTO=tcp
RUBY_HELLO_WORLD_SERVICE_PORT=8080
RUBY_HELLO_WORLD_SERVICE_PORT_8080_TCP=8080
RUBY_HELLO_WORLD_PORT_8080_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_DNS=53
KUBERNETES_PORT_443_TCP_ADDR=172.31.0.1
KUBERNETES_PORT_53_UDP_PORT=53
RUBY_HELLO_WORLD_PORT_8080_TCP=tcp://172.31.154.85:8080
KUBERNETES_SERVICE_HOST=172.31.0.1
KUBERNETES_PORT_53_UDP=udp://172.31.0.1:53
KUBERNETES_PORT_53_TCP=tcp://172.31.0.1:53
KUBERNETES_PORT_53_TCP_ADDR=172.31.0.1
RACK_ENV=production
OPENSHIFT_BUILD_NAME=ruby-hello-world-1
OPENSHIFT_BUILD_NAMESPACE=wsunose
OPENSHIFT_BUILD_SOURCE=https://github.com/openshift/ruby-hello-world.git
STI_SCRIPTS_URL=image:///usr/libexec/s2i
STI_SCRIPTS_PATH=/usr/libexec/s2i
HOME=/opt/app-root/src
BASH_ENV=/opt/app-root/etc/scl_enable
ENV=/opt/app-root/etc/scl_enable
PROMPT_COMMAND=. /opt/app-root/etc/scl_enable
RUBY_VERSION=2.2
Comment 10 Chris Ryan 2016-02-24 05:15:08 UTC 
Also confirmed with the provided origin builds, thank you!