Bug 1899979

Summary: auth, mco is degraded when upgraded behind a proxy
Product: OpenShift Container Platform Reporter: Adam Kaplan <adam.kaplan>
Component: Machine Config OperatorAssignee: Antonio Murdaca <amurdaca>
Status: CLOSED DUPLICATE QA Contact: Michael Nguyen <mnguyen>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.7CC: kgarriso, sgreene, wking
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-04 21:01:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Kaplan 2020-11-20 14:07:06 UTC 
Description of problem:

When upgrading from 4.5.19 -> 4.6.4 -> 4.7-ci behind a proxy, the machine-config-operator reports itself degraded.

Version-Release number of selected component (if applicable): 4.7.0-0.ci.test-2020-11-20-062723-ci-ln-8868yzb


How reproducible: Always


Steps to Reproduce:
1. Launch a 4.5 cluster behind a proxy
2. Upgrade to 4.6 (with proxy still configured)
3. Upgrade to a recent 4.7 CI build (after November 19, 2020)

Actual results:

machine-config reports itself Progressing and Degraded, with no version set.

Expected results:

MCO reports itself as Available, and at the correct version

Additional info:

See https://bugzilla.redhat.com/show_bug.cgi?id=1896446#c19 (must-gather attached).
Comment 2 Kirsten Garrison 2020-12-04 20:48:43 UTC 
The entire https://prow.ci.openshift.org/job-history/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-aws-proxy?buildId= is red...

And we see: level=error msg=Cluster operator authentication Degraded is True with ProxyConfigController_SyncError: ProxyConfigControllerDegraded: endpoint("https://oauth-openshift.apps.ci-op-h2qbym8d-2659c.origin-ci-int-aws.dev.rhcloud.com/healthz") is unreachable with proxy(Get "https://oauth-openshift.apps.ci-op-h2qbym8d-2659c.origin-ci-int-aws.dev.rhcloud.com/healthz": x509: certificate signed by unknown authority) and without proxy(Get "https://oauth-openshift.apps.ci-op-h2qbym8d-2659c.origin-ci-int-aws.dev.rhcloud.com/healthz": dial tcp 18.191.47.77:443: connect: connection timed out) 

in the runs which is probably also the cause of the MCO failure.
Comment 3 Kirsten Garrison 2020-12-04 21:01:53 UTC 
Going to dupe this to the other bug so we can have one central place for this

*** This bug has been marked as a duplicate of bug 1901034 ***