Bug 1419086
Summary: | Docker pull fails when accessing exposed registry through Load Balancer | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Vladislav Walek <vwalek> |
Component: | Networking | Assignee: | Ben Bennett <bbennett> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Meng Bo <bmeng> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 3.3.0 | CC: | aos-bugs, bbennett, rromerom, vwalek |
Target Milestone: | --- | ||
Target Release: | 3.3.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-07-26 13:20:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vladislav Walek
2017-02-03 15:21:46 UTC
And, if worst comes to worst, we may need to get some wireshark traces from various points to see if one end is tearing down the connection abruptly. I have requested more details about the load balancer and some tcpdumps between client -> lbalancer and lbalancer -> node Hello, I have reply from customer. The test : encrypted traffic from outside to LB and un-encrypted from LB to router works fine too. Also, here is the response from Noris about load balancer: > What kind of balancer is used? A10 hardware appliance. > How it encrypts the traffic, what steps are done? TLS from the client-side is terminated on the load balancer. Towards the servers a new TLS connection is opened. > Which SNI is used on load balancer? I don't understand this question. What exactly do they want to know? SNI is supported on the Load balancer. However there's only one certificate in use for the virtual-server. So SNI is not needed. Unfortunately, customer can't provide the tcpdumps, due the load balancer is held by provider and they can't decrypt the tcpdumps. Closing due to insufficient data. Everything points to the external loadbalancer as the problem because if they hit the OpenShift router directly, it works. If more information arises, please re-open. |