1744384 – openshift-apiserver pods do not remove proxy env vars after proxy/cluster removes proxy fields

Bug 1744384 - openshift-apiserver pods do not remove proxy env vars after proxy/cluster removes proxy fields

Summary: openshift-apiserver pods do not remove proxy env vars after proxy/cluster rem...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	openshift-apiserver
Sub Component:
Version:	4.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.2.0
Assignee:	Standa Laznicka
QA Contact:	Xingxing Xia
Docs Contact:
URL:
Whiteboard:	ref 1738432
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-08-22 03:33 UTC by Xingxing Xia
Modified:	2019-10-16 06:37 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-16 06:37:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-openshift-apiserver-operator pull 227	0	None	closed	Bug 1744384: bump (*) for fixed genericoperatorclient	2020-07-14 11:27:01 UTC
Red Hat Product Errata	RHBA-2019:2922	0	None	None	None	2019-10-16 06:37:11 UTC

Description Xingxing Xia 2019-08-22 03:33:33 UTC

Description of problem:
openshift-apiserver pods do not remove proxy env vars after proxy/cluster removes. kube-apiserver does not have the issue.

Version-Release number of selected component (if applicable):
4.2.0-0.nightly-2019-08-20-002921

How reproducible:
Always

Steps to Reproduce:
1. oc edit proxy cluster # add below and save
...
spec:
  httpProxy: http://proxy-user1:...@139.178.76.57:3128
  httpsProxy: http://proxy-user1:...@139.178.76.57:3128
  noProxy: test.no-proxy.com
...

2. oc get po --all-namespaces -w # wait all proxy-affected cluster component pods to finish restarting

3. oc edit proxy cluster # remove httpProxy, httpsProxy, noProxy, and save

4. oc get po --all-namespaces -w # wait all proxy-affected cluster component pods to finish restarting

Actual results:
2. Check openshift-apiserver and kube-apiserver pods yaml, all containers have env vars:
    env:
    - name: HTTPS_PROXY
      value: http://proxy-user1:...@139.178.76.57:3128
    - name: HTTP_PROXY
      value: http://proxy-user1:...@139.178.76.57:3128
    - name: NO_PROXY
      value: 10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int...qe.devcluster.openshift.com,api...qe.devcluster.openshift.com,etcd-0...qe.devcluster.openshift.com,etcd-1...qe.devcluster.openshift.com,etcd-2...qe.devcluster.openshift.com,localhost,test.no-proxy.com

4. check step 2 again, kube-apiserver pods are terminated, restarted and now have no proxy env vars, but openshift-apiserver pods are not terminated and thus still keep the env vars (openshiftapiserver/cluster managementState is Managed).

Expected results:
4. openshift-apiserver pods should terminate, restart and remove proxy env vars

Additional info:
During above steps, openshiftapiserver/cluster managementState is Managed without modification, and there workloadcontroller.proxy is seen.
spec:
  logLevel: ""
  managementState: Managed
  observedConfig:
...
    workloadcontroller:
      proxy:
        HTTP_PROXY: http://proxy-user1:...@139.178.76.57:3128
        HTTPS_PROXY: http://proxy-user1:...@139.178.76.57:3128
        NO_PROXY: 10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int...qe.devcluster.openshift.com,api...qe.devcluster.openshift.com,etcd-0...qe.devcluster.openshift.com,etcd-1...qe.devcluster.openshift.com,etcd-2...qe.devcluster.openshift.com,localhost,test.no-proxy.com

Comment 1 Michal Fojtik 2019-08-26 09:41:25 UTC

https://github.com/openshift/cluster-openshift-apiserver-operator/pull/226 has the latest bump that should fix this BZ.

Comment 2 Xingxing Xia 2019-08-28 08:45:05 UTC

Tested latest env of 4.2.0-0.nightly-2019-08-28-004049 still reproduces it. Found above pasted PRs are still open instead of merged. So moving back to POST

Comment 5 Xingxing Xia 2019-09-10 00:20:03 UTC

Sorry for late back to this bug from engaged with other bugs and testings.
Verified in 4.2.0-0.nightly-2019-09-08-180038. Now changing/removing the proxy fields in the CR, oas pods can change/remove proxy env vars well.

Comment 6 errata-xmlrpc 2019-10-16 06:37:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922

Note You need to log in before you can comment on or make changes to this bug.