Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1750991 - [proxy]cluster-network-operator considers an https readiness endpoint invalid when using httpsProxy with http scheme
Summary: [proxy]cluster-network-operator considers an https readiness endpoint invalid...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.2.0
Assignee: Daneyon Hansen
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-10 23:31 UTC by Daneyon Hansen
Modified: 2019-10-16 06:41 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-16 06:40:54 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 312 0 None closed Bug 1750991: Fixes http readinessEndpoint validation for httpsProxy 2020-08-14 16:24:11 UTC
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:41:02 UTC

Description Daneyon Hansen 2019-09-10 23:31:10 UTC
Description of problem:
a https readiness endpoint is considered invalid if httpsProxy uses a http url scheme. httpsProxy supports http and https url schemes. It's common to use an http url scheme for an https proxy. Cluster Network Operator should consider either httpsProxy url scheme valid when using a readiness endpoint with an https scheme.

Version-Release number of selected component (if applicable):
version: 4.2.0-0.okd-2019-09-09-195703

How reproducible:
Always

Steps to Reproduce:
1. Create a cluster without proxy enabled, but with additionalTrustBundle configured with your proxy's trust bundle.
2. Enable proxy by configuring a http url scheme for httpsProxy and a readiness endpoint with a https scheme. For example:

$ oc get proxy/cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  creationTimestamp: "2019-09-09T20:39:41Z"
  generation: 7
  name: cluster
  resourceVersion: "441834"
  selfLink: /apis/config.openshift.io/v1/proxies/cluster
  uid: f2bddab5-d341-11e9-85b7-0280d2574602
spec:
  httpProxy: http://<user>:<psswd>@<http_proxy>:<httpProxy_port>
  httpsProxy: http://<user>:<psswd>@<https_proxy>:<httpsProxy_port>
  readinessEndpoints:
  - http://www.google.com
  - https://www.google.com
  trustedCA:
    name: user-ca-bundle
<SNIP>

3. View the proxy and notice that status is not being set.
oc get proxy/cluster -o yaml

4. View the network operator
oc get clusteroperator/network -o yaml

Actual results:
message: 'The configuration is invalid for proxy ''cluster'' (readinessEndpoint
      probe failed for endpoint ''https://www.google.com'': endpoint ''https://www.google.com''requires a `https` proxy scheme). Use ''oc edit proxy.config.openshift.io cluster'' to fix.'

Expected results:

cluster-network-operator to accept the configuration and write spec > status.

Additional info:

Comment 3 errata-xmlrpc 2019-10-16 06:40:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922


Note You need to log in before you can comment on or make changes to this bug.