Bug 1857190

Summary: openshift-apiserver pod logs have numerous TLS handshake error.*EOF logs from 10.128.0.1, 10.129.0.1, 10.130.0.1
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: openshift-apiserverAssignee: Luis Sanchez <sanchezl>
Status: CLOSED DUPLICATE QA Contact: Xingxing Xia <xxia>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.6CC: aos-bugs, mfojtik
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-03 20:10:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xingxing Xia 2020-07-15 11:49:06 UTC 
Description of problem:
openshift-apiserver pod logs have numerous TLS handshake error.*EOF logs from 10.128.0.1, 10.129.0.1, 10.130.0.1

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-07-14-035247

How reproducible:
Always

Steps to Reproduce:
1. Launched two envs:
One is ipi on aws with fips & etcd encryption, the other is ipi on gcp with http proxy
2. Check the openshift-apiserver pod logs

Actual results:
2. Both envs found numerous TLS handshake error from.*EOF logs, all are from 10.128.0.1, 10.129.0.1, 10.130.0.1.

$ grep "TLS handshake error from.*EOF" apiserver-6f4fdfcc87-{ggxt9,k26lt,tdm2d}.log | wc -l
185160
$ grep "TLS handshake error from.*EOF" apiserver-6f4fdfcc87-{ggxt9,k26lt,tdm2d}.log | tail -n 3
apiserver-6f4fdfcc87-tdm2d.log:I0715 11:21:31.739521       1 log.go:181] http: TLS handshake error from 10.128.0.1:35350: EOF
apiserver-6f4fdfcc87-tdm2d.log:I0715 11:21:31.941917       1 log.go:181] http: TLS handshake error from 10.130.0.1:40358: EOF
apiserver-6f4fdfcc87-tdm2d.log:I0715 11:21:32.122470       1 log.go:181] http: TLS handshake error from 10.129.0.1:57434: EOF
$ grep "TLS handshake error from.*EOF" apiserver-6f4fdfcc87-{ggxt9,k26lt,tdm2d}.log | grep -v -e 10.128.0.1 -e 10.129.0.1 -e 10.130.0.1
# none

Expected results:
2. Should have no so many TLS handshake error from.*EOF logs.

Additional info:
kube-apiserver pods don't have these logs.

# below shows 10.128.0.0/14, not sure if related to 10.128.0.1, 10.129.0.1, 10.130.0.1
oc get cm/cluster-config-v1 -n kube-system -o yaml
...
    networking:
      clusterNetwork:
      - cidr: 10.128.0.0/14
        hostPrefix: 23
...
Comment 1 Xingxing Xia 2020-07-15 11:56:30 UTC 
Have another 4.5.0-0.nightly-2020-07-14-213353 ipi on aws with http_proxy on hand, but has no the issue.
Comment 2 Luis Sanchez 2020-08-03 20:10:19 UTC 

*** This bug has been marked as a duplicate of bug 1855284 ***
Comment 3 Luis Sanchez 2020-08-03 20:10:58 UTC 
Fixed by https://bugzilla.redhat.com/show_bug.cgi?id=1855284