Bug 1753467
Summary: | [4.3][proxy] no proxy is set for kube-controller-manager. | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Johnny Liu <jialiu> | |
Component: | kube-controller-manager | Assignee: | Maciej Szulik <maszulik> | |
Status: | CLOSED ERRATA | QA Contact: | Johnny Liu <jialiu> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 4.2.0 | CC: | aos-bugs, ccoleman, decarr, dhansen, fan-wxa, gpei, jniu, kalexand, maszulik, mfojtik, mfuruta, rh-container, rkshirsa, scuppett, sdodson, vpagar, xtian | |
Target Milestone: | --- | |||
Target Release: | 4.3.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1759400 (view as bug list) | Environment: | ||
Last Closed: | 2020-01-23 11:06:22 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1759400 |
Description
Johnny Liu
2019-09-19 02:55:59 UTC
I've discussed this with Michal Fojtik and Tomas Nozicka and we're having a hard time trying to justify using PROXY to access infrastructure components. I'll defer to architects to make the call, until then I'm moving the target release for this to 4.3. This bug is also affect disconnected install on aws. @Stephen, if this bug would not be fixed in 4.2, that means we still need mix proxy and vpc endpints for disconnected install on aws. (In reply to Johnny Liu from comment #2) > This bug is also affect disconnected install on aws. > @Stephen, if this bug would not be fixed in 4.2, that means we still need > mix proxy and vpc endpints for disconnected install on aws. https://bugzilla.redhat.com/show_bug.cgi?id=1743483#c40 controllermanager.go:235] error building controller context: cloud provider could not be initialized: could not init cloud provider "aws": error finding instance i-000f41ff52db3f499: "error listing AWS instances: \"RequestError: send request failed\\ncaused by: Post https://ec2.us-east-2.amazonaws.com/: dial tcp 52.95.16.2:443: i/o timeout\"" according to the above error, it appears that this call is not being proxied. Otherwise 'proxyconnect' would be used instead of 'dial'. Can you verify reachability to 52.95.16.2? You can also add `.amazonaws.com` to noProxy to ensure the call is bypassing the proxy. (In reply to Daneyon Hansen from comment #7) > controllermanager.go:235] error building controller context: cloud provider > could not be initialized: could not init cloud provider "aws": error finding > instance i-000f41ff52db3f499: "error listing AWS instances: \"RequestError: > send request failed\\ncaused by: Post https://ec2.us-east-2.amazonaws.com/: > dial tcp 52.95.16.2:443: i/o timeout\"" > > according to the above error, it appears that this call is not being > proxied. Otherwise 'proxyconnect' would be used instead of 'dial'. Can you > verify reachability to 52.95.16.2? You can also add `.amazonaws.com` to > noProxy to ensure the call is bypassing the proxy. Just like what is mentioned in commeNt 0, the instance have no any reachability to internet (including 52.95.16.2). I am very sure the call never get into proxy (also confirmed from proxy log). The bug is requesting that controllermanager should set proxy when proxy is enabled in install-config.yaml. In my testing, I found kubelet service is initializing its cloudprovider via proxy, why controllermanager not? Verified this bug with 4.3.0-0.nightly-2019-10-16-010826, and PASS. $ oc get pod -n openshift-kube-controller-manager kube-controller-manager-ip-10-0-54-121.us-east-2.compute.internal -o yaml|grep -i proxy -A 1 - name: HTTPS_PROXY value: http://ec2-18-191-189-164.us-east-2.compute.amazonaws.com:3128 - name: HTTP_PROXY value: http://ec2-18-191-189-164.us-east-2.compute.amazonaws.com:3128 - name: NO_PROXY value: .cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.jialiu-42dis8.qe.devcluster.openshift.com,etcd-0.jialiu-42dis8.qe.devcluster.openshift.com,etcd-1.jialiu-42dis8.qe.devcluster.openshift.com,etcd-2.jialiu-42dis8.qe.devcluster.openshift.com,localhost,test.no-proxy.com image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b75a6ed0539724dbdc98c60574254951dd7d435bb3c5816acdcba56df3f410b1 -- - name: HTTPS_PROXY value: http://ec2-18-191-189-164.us-east-2.compute.amazonaws.com:3128 - name: HTTP_PROXY value: http://ec2-18-191-189-164.us-east-2.compute.amazonaws.com:3128 - name: NO_PROXY value: .cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.jialiu-42dis8.qe.devcluster.openshift.com,etcd-0.jialiu-42dis8.qe.devcluster.openshift.com,etcd-1.jialiu-42dis8.qe.devcluster.openshift.com,etcd-2.jialiu-42dis8.qe.devcluster.openshift.com,localhost,test.no-proxy.com image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dca21970371f9aacb902a04f5e0eed4117cf714a4c7e45ca950175b840b291a9 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |