Bug 1921018
Summary: | Auth co is degraded with OCP cluster is deployed with external proxy enabled | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Satwinder Singh <satwsing> |
Component: | Multi-Arch | Assignee: | Dennis Gilmore <dgilmore> |
Status: | CLOSED DUPLICATE | QA Contact: | Barry Donahue <bdonahue> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.7 | CC: | aprabhak, danili, psundara, tonyb |
Target Milestone: | --- | ||
Target Release: | 4.7.0 | ||
Hardware: | ppc64le | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-03 15:24:35 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Satwinder Singh
2021-01-27 12:53:40 UTC
It's interesting that the error is: ProxyConfigControllerDegraded: failed to reach endpoint("https://oauth-openshift.apps.satwin-proxy.redhat.com/healthz") missing in NO_PROXY(".cluster.local,.satwin-proxy.redhat.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,172.30.0.0/16,9.114.96.0/22,api-int.satwin-proxy.redhat.com,localhost") with error: Get "https://oauth-openshift.apps.satwin-proxy.redhat.com/healthz": We can see that https://oauth-openshift.apps.satwin-proxy.redhat.com/healthz *should* match .satwin-proxy.redhat.com which is in the NO_PROXY config. I note that the docs suggest including '*' for wildcards so I'm wondering if they're missing in the spec or just omitted from the output/error Can we see the output of `oc describe proxy/cluster` ? Output of `oc describe proxy/cluster` ``` # oc describe proxy/cluster Name: cluster Namespace: Labels: <none> Annotations: <none> API Version: config.openshift.io/v1 Kind: Proxy Metadata: Creation Timestamp: 2021-01-25T08:48:56Z Generation: 1 Managed Fields: API Version: config.openshift.io/v1 Fields Type: FieldsV1 fieldsV1: f:spec: .: f:httpProxy: f:httpsProxy: f:noProxy: f:trustedCA: .: f:name: f:status: .: f:httpProxy: f:httpsProxy: f:noProxy: Manager: cluster-bootstrap Operation: Update Time: 2021-01-25T08:48:56Z Resource Version: 533 Self Link: /apis/config.openshift.io/v1/proxies/cluster UID: cd9bcf47-b338-4ab0-9e00-601c907d033c Spec: Http Proxy: http://9.114.99.234:3128 Https Proxy: http://9.114.99.234:3128 No Proxy: .satwin-proxy.redhat.com,9.114.96.0/22 Trusted CA: Name: Status: Http Proxy: http://9.114.99.234:3128 Https Proxy: http://9.114.99.234:3128 No Proxy: .cluster.local,.satwin-proxy.redhat.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,172.30.0.0/16,9.114.96.0/22,api-int.satwin-proxy.redhat.com,localhost Events: <none> ``` there was also this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917114 which was fixed recently. Can you try with the latest nightly to see if it occurs? Yes issue is not seen with the latest build `4.7.0-0.nightly-ppc64le-2021-02-01-211244` ``` # oc version Client Version: 4.7.0-0.nightly-ppc64le-2021-02-01-211244 Server Version: 4.7.0-0.nightly-ppc64le-2021-02-01-211244 Kubernetes Version: v1.20.0+3b90e69 ``` Authentication co status: ``` # oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE authentication 4.7.0-0.nightly-ppc64le-2021-02-01-211244 True False False 152m ``` Output of `oc describe proxy/cluster` ``` # oc describe proxy/cluster Name: cluster Namespace: Labels: <none> Annotations: <none> API Version: config.openshift.io/v1 Kind: Proxy Metadata: Creation Timestamp: 2021-02-02T11:58:20Z Generation: 1 Managed Fields: API Version: config.openshift.io/v1 Fields Type: FieldsV1 fieldsV1: f:spec: .: f:httpProxy: f:httpsProxy: f:noProxy: f:trustedCA: .: f:name: f:status: .: f:httpProxy: f:httpsProxy: f:noProxy: Manager: cluster-bootstrap Operation: Update Time: 2021-02-02T11:58:20Z Resource Version: 536 Self Link: /apis/config.openshift.io/v1/proxies/cluster UID: c3315b61-86c1-4f2a-8fef-1454e1548b09 Spec: Http Proxy: http://9.114.99.234:3128 Https Proxy: http://9.114.99.234:3128 No Proxy: .mtest-prviin47.redhat.com,9.114.96.0/22 Trusted CA: Name: Status: Http Proxy: http://9.114.99.234:3128 Https Proxy: http://9.114.99.234:3128 No Proxy: .cluster.local,.mtest-prviin47.redhat.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,172.30.0.0/16,9.114.96.0/22,api-int.mtest-prviin47.redhat.com,localhost Events: <none> ``` Hi Satwinder, should we keep this issue open or should we close if the issue is not observed in the latest nightly? *** This bug has been marked as a duplicate of bug 1917114 *** |