Bug 2104481
Summary: | PROXY protocol is not configurable for "private" endpoint publishing strategy | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Pablo Alonso Rodriguez <palonsor> |
Component: | Networking | Assignee: | Miciah Dashiel Butler Masters <mmasters> |
Networking sub component: | router | QA Contact: | zhaozhanqi <zzhao> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | medium | ||
Priority: | medium | CC: | hongli, jaldinge, johlong, mmasters, shudili |
Version: | 4.10 | ||
Target Milestone: | --- | ||
Target Release: | 4.12.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
*Previously, the IngressController could not be configured with `Private` endpoint publishing strategy and PROXY protocol. With this update, users can now configure an IngressController with both the `Private` endpoint publishing strategy type and PROXY protocol. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2104481[*BZ#2104481*])
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-01-17 19:51:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pablo Alonso Rodriguez
2022-07-06 11:40:28 UTC
We will handle this as a BZ. Verified in "4.12.0-0.nightly-2022-07-17-174647" release. With this payload, it is observed that the "Private" type ingresscontroller allows the "PROXY" option to be set correctly in the pod configuration: ------ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.12.0-0.nightly-2022-07-17-174647 True False 3h22m Cluster version is 4.12.0-0.nightly-2022-07-17-174647 oc -n openshift-ingress-operator get ingresscontroller internalapps -o jsonpath={.spec} | jq { "clientTLS": { "clientCA": { "name": "" }, "clientCertificatePolicy": "" }, "domain": "internalapps.aiyengar412qq.qe.azure.devcluster.openshift.com", "endpointPublishingStrategy": { "private": { "protocol": "PROXY" }, "type": "Private" }, oc -n openshift-ingress get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES router-internalapps-57df5858b6-5885h 2/2 Running 0 37s 10.131.0.20 aiyengar412qq-7mm4j-worker-southcentralus1-t8lbw <none> <none> router-internalapps-57df5858b6-znzqj 2/2 Running 0 37s 10.128.2.20 aiyengar412qq-7mm4j-worker-southcentralus3-9z2tv <none> <none> oc -n openshift-ingress exec router-internalapps-57df5858b6-5885h -- env | grep ROUTER_USE_PROXY_PROTOCOL ROUTER_USE_PROXY_PROTOCOL=true oc -n openshift-ingress exec router-internalapps-57df5858b6-5885h -- cat haproxy.config| grep -i 'accept-proxy' bind :80 accept-proxy bind :443 accept-proxy ------ We will be backporting the fix to 4.11.z and 4.10.z. Thanks Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399 |