Bug 1302422
Summary: | [behind proxy] TLS oversized record error while on proxy | ||
---|---|---|---|
Product: | OKD | Reporter: | Chris Ryan <cryan> |
Component: | oc | Assignee: | Fabiano Franz <ffranz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Wei Sun <wsun> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.x | CC: | akostadi, aos-bugs, jliggitt, mmccomas, pruan, yapei |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-12 17:10:15 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Ryan
2016-01-27 20:09:38 UTC
Looks like it's a docker issue? https://github.com/docker/docker/issues/14793 No, not a docker issue. When proxying a https backend through a http proxy, what is the expected TLS behavior? @Jordan, HTTPS over HTTP proxy usually means making a CONNECT call to the remote host and then keep doing business as usual. It's not like HTTP proxying where client asks proxy for resource and proxy retrieves on its behalf. The strange thing is that `oc whatever` works but not `oc exec`. Is not `oc exec` using same API access like any other `oc` call? Or is it hitting other hosts/ports? Verified this bug using oc v3.1.1.905. Result: $ oc exec ruby-hello-world-1-rsglj -- env PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=ruby-hello-world-1-rsglj RUBY_HELLO_WORLD_PORT=tcp://172.31.154.85:8080 KUBERNETES_SERVICE_PORT=443 KUBERNETES_SERVICE_PORT_HTTPS=443 KUBERNETES_SERVICE_PORT_DNS_TCP=53 KUBERNETES_PORT_443_TCP_PROTO=tcp KUBERNETES_PORT_53_TCP_PORT=53 RUBY_HELLO_WORLD_SERVICE_HOST=172.31.154.85 RUBY_HELLO_WORLD_PORT_8080_TCP_PORT=8080 RUBY_HELLO_WORLD_PORT_8080_TCP_ADDR=172.31.154.85 KUBERNETES_PORT=tcp://172.31.0.1:443 KUBERNETES_PORT_443_TCP=tcp://172.31.0.1:443 KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT_53_UDP_PROTO=udp KUBERNETES_PORT_53_UDP_ADDR=172.31.0.1 KUBERNETES_PORT_53_TCP_PROTO=tcp RUBY_HELLO_WORLD_SERVICE_PORT=8080 RUBY_HELLO_WORLD_SERVICE_PORT_8080_TCP=8080 RUBY_HELLO_WORLD_PORT_8080_TCP_PROTO=tcp KUBERNETES_SERVICE_PORT_DNS=53 KUBERNETES_PORT_443_TCP_ADDR=172.31.0.1 KUBERNETES_PORT_53_UDP_PORT=53 RUBY_HELLO_WORLD_PORT_8080_TCP=tcp://172.31.154.85:8080 KUBERNETES_SERVICE_HOST=172.31.0.1 KUBERNETES_PORT_53_UDP=udp://172.31.0.1:53 KUBERNETES_PORT_53_TCP=tcp://172.31.0.1:53 KUBERNETES_PORT_53_TCP_ADDR=172.31.0.1 RACK_ENV=production OPENSHIFT_BUILD_NAME=ruby-hello-world-1 OPENSHIFT_BUILD_NAMESPACE=wsunose OPENSHIFT_BUILD_SOURCE=https://github.com/openshift/ruby-hello-world.git STI_SCRIPTS_URL=image:///usr/libexec/s2i STI_SCRIPTS_PATH=/usr/libexec/s2i HOME=/opt/app-root/src BASH_ENV=/opt/app-root/etc/scl_enable ENV=/opt/app-root/etc/scl_enable PROMPT_COMMAND=. /opt/app-root/etc/scl_enable RUBY_VERSION=2.2 Also confirmed with the provided origin builds, thank you! |