Bug 1798609
Summary: | Report a metric about proxy enablement on the cluster and via telemetry | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Clayton Coleman <ccoleman> |
Component: | kube-apiserver | Assignee: | Clayton Coleman <ccoleman> |
Status: | CLOSED ERRATA | QA Contact: | Ke Wang <kewang> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.4 | CC: | aos-bugs, mfojtik, xxia |
Target Milestone: | --- | ||
Target Release: | 4.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-13 21:56:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Clayton Coleman
2020-02-05 16:17:48 UTC
> ... cluster_infrastructure_provider and feature set (since these are the heart of the system and already leverage the config) Related bug 1766518 and bug 1731232 for reference > Report whether the proxy is enabled for http, https, and whether it has a CA This bug's purpose to verify Verified with 4.4.0-0.nightly-2020-02-17-231058. 1. Enabled the cluster http/https proxy server and trustedCA. a) Create a file called user-ca-bundle.yaml with the following contents, and provide the values of your PEM-encoded certificates: apiVersion: v1 data: ca-bundle.crt: | <MY_PEM_ENCODED_CERTS> kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config b) Create the ConfigMap from this file: $ oc create -f user-ca-bundle.yaml c) oc edit proxy/cluster # Configure the necessary fields for the proxy: apiVersion: config.openshift.io/v1 kind: Proxy metadata: name: cluster spec: httpProxy: http://<username>:<pswd>@<ip>:<port> httpsProxy: http://<username>:<pswd>@<ip>:<port> noProxy: example.com trustedCA: name: user-ca-bundle 2. $ TK=`oc sa get-token cluster-monitoring-operator -n openshift-monitoring` # pod_name=$(oc -n openshift-apiserver-operator get pods -o name | cut -d/ -f2) # op_endp=$(oc get ep -n openshift-kube-apiserver-operator | grep 8443 | awk '{print $2}') # o -n openshift-apiserver-operator exec -it $pod_name -- curl -k -H "Authorization: Bearer $TK" https://$op_endp/metrics > metrics $ grep cluster_proxy metrics # HELP cluster_proxy_enabled Reports whether the cluster has been configured to use a proxy. type is which type of proxy configuration has been set - http for an http proxy, https for an https proxy, and trusted_ca if a custom CA was specified. # TYPE cluster_proxy_enabled gauge cluster_proxy_enabled{type="http"} 1 cluster_proxy_enabled{type="https"} 1 cluster_proxy_enabled{type="trusted_ca"} 1 We can see the cluster_proxy_enabled Reports whether the cluster has been configured to use a proxy in metrics. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 |