Bug 1757975 - [Proxy]cluster external endpoints should not be noProxy by default
Summary: [Proxy]cluster external endpoints should not be noProxy by default
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.3.0
Assignee: Daneyon Hansen
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks: 1758663
TreeView+ depends on / blocked
 
Reported: 2019-10-02 20:20 UTC by Daneyon Hansen
Modified: 2020-05-13 21:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1758663 (view as bug list)
Environment:
Last Closed: 2020-05-13 21:26:30 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 2425 0 None closed Fixes Bug 1757975: asset/manifests: Removes external api server from default noProxy 2020-09-24 17:38:14 UTC
Red Hat Product Errata RHBA-2020:0062 0 None None None 2020-05-13 21:26:32 UTC

Description Daneyon Hansen 2019-10-02 20:20:39 UTC 
Description of problem:
Same as bz 1757973. Based on feedback from @deads2k, it's preferred to not automatically add cluster external endpoints (i.e. routes) to the default noProxy list. By doing so, we provide users the ability to choose whether or not to proxy these connections.

Version-Release number of the following components:
4.3.0-0.okd-2019-10-02-19155

How reproducible:
Always

Steps to Reproduce:
1. Create a cluster with proxy enabled
2. Check the status.noProxy and you will see the api-server external url

Actual results:
$ oc get proxy/cluster -o yaml | grep status -A 2
status:
  httpProxy: http://ewolinet:5f6ccbbbafc66013d012839921ada773@35.196.128.173:3128
  noProxy: .cluster.local,.svc,.us-west-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.proxy.devcluster.openshift.com,api.proxy.devcluster.openshift.com,etcd-0.proxy.devcluster.openshift.com,etcd-1.proxy.devcluster.openshift.com,etcd-2.proxy.devcluster.openshift.com,localhost

Expected results:
$ oc get proxy/cluster -o yaml | grep status -A 2
status:
  httpProxy: http://ewolinet:5f6ccbbbafc66013d012839921ada773@35.196.128.173:3128
  noProxy: .cluster.local,.svc,.us-west-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.proxy.devcluster.openshift.com,etcd-0.proxy.devcluster.openshift.com,etcd-1.proxy.devcluster.openshift.com,etcd-2.proxy.devcluster.openshift.com,localhost


Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Daneyon Hansen 2019-10-04 16:18:08 UTC 
Per recommendations from @deads2k, cluster external endpoints will not automatically be aded to noProxy. This will provide users the option whether or not to added these endpoints to noProxy.
Comment 2 Daneyon Hansen 2019-10-14 17:26:50 UTC 
https://github.com/openshift/installer/pull/2425 fixed this bug in 4.3
Comment 4 Gaoyun Pei 2019-10-15 03:00:55 UTC 
Move this bug to verified based on https://bugzilla.redhat.com/show_bug.cgi?id=1753930#c16
Comment 6 errata-xmlrpc 2020-05-13 21:26:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062
Note You need to log in before you can comment on or make changes to this bug.