Description of problem: With access to metadata port 53 blocked, calls inside the cloud credential operator would hang a goroutine forever. Version-Release number of selected component (if applicable): 4.2 How reproducible: Always Steps to Reproduce: 1. In a control plane node running cloud credential operator, block access to metadata addresses, by using iptables rules: - oc debug node/[name-of-control-plane-node] # chroot /host # iptables -A OUTPUT -d 169.254.169.254 -j REJECT # iptables -A FORWARD -d 169.254.169.254 -j REJECT 2. Watch logs of the cloud credential operator pod running on that node. Actual results: The logs stop at the cloud credential operator trying to access the gcp API Expected results: The cloud credential operator reports that there is an error connecting to gcp and keeps trying. Additional info:
fixed with https://github.com/openshift/cloud-credential-operator/pull/107
Verified on 4.2.0-0.nightly-2019-08-28-235925
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922