+++ This bug was initially created as a clone of Bug #1757975 +++ Description of problem: Same as bz 1757973. Based on feedback from @deads2k, it's preferred to not automatically add cluster external endpoints (i.e. routes) to the default noProxy list. By doing so, we provide users the ability to choose whether or not to proxy these connections. Version-Release number of the following components: 4.3.0-0.okd-2019-10-02-19155 How reproducible: Always Steps to Reproduce: 1. Create a cluster with proxy enabled 2. Check the status.noProxy and you will see the api-server external url Actual results: $ oc get proxy/cluster -o yaml | grep status -A 2 status: httpProxy: http://ewolinet:5f6ccbbbafc66013d012839921ada773@35.196.128.173:3128 noProxy: .cluster.local,.svc,.us-west-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.proxy.devcluster.openshift.com,api.proxy.devcluster.openshift.com,etcd-0.proxy.devcluster.openshift.com,etcd-1.proxy.devcluster.openshift.com,etcd-2.proxy.devcluster.openshift.com,localhost Expected results: $ oc get proxy/cluster -o yaml | grep status -A 2 status: httpProxy: http://ewolinet:5f6ccbbbafc66013d012839921ada773@35.196.128.173:3128 noProxy: .cluster.local,.svc,.us-west-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.proxy.devcluster.openshift.com,etcd-0.proxy.devcluster.openshift.com,etcd-1.proxy.devcluster.openshift.com,etcd-2.proxy.devcluster.openshift.com,localhost Additional info: Please attach logs from ansible-playbook with the -vvv flag --- Additional comment from Daneyon Hansen on 2019-10-04 16:18:08 UTC --- Per recommendations from @deads2k, cluster external endpoints will not automatically be aded to noProxy. This will provide users the option whether or not to added these endpoints to noProxy.
4.2 bug was closed NOTABUG, closing this similarly https://bugzilla.redhat.com/show_bug.cgi?id=1757975#c1
https://github.com/openshift/installer/pull/2471 is the PR to fix this bug.
The PR would cause BZ#1766066
Since https://github.com/openshift/cluster-network-operator/pull/334 not merged yet, the installation with proxy enabled will result in a failure status. The noProxy list will be different on bootstrap and in cluster, so machine-config operator would complain about that.
So this bug is actually depends on https://bugzilla.redhat.com/show_bug.cgi?id=1758656, the two bugs need to be fixed at the same time.
Yes, the 2 PR's associated to the 2 bz's must be merged together.
https://github.com/openshift/cluster-network-operator/pull/334 landed 8h ago and bug 1758656 is ON_QA. Moving this one back to ON_QA now that it can be verified.
Actually, other bug is MODIFIED, not ON_QA [1]. Moving this one back to ASSIGNED while we wait for a new 4.2 nightly. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1758656#c2
Verify this bug with payload 4.2.0-0.nightly-2019-11-04-231442, external api server address was removed from default noProxy list. In cluster: # oc get proxy cluster -o jsonpath='{.status.noProxy}' .cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.gpei-421.qe.devcluster.openshift.com,etcd-0.gpei-421.qe.devcluster.openshift.com,etcd-1.gpei-421.qe.devcluster.openshift.com,etcd-2.gpei-421.qe.devcluster.openshift.com,localhost,test.no-proxy.com On bootstrap: [root@ip-10-0-53-40 ~]# env |grep NO_PROXY NO_PROXY=.cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.gpei-421.qe.devcluster.openshift.com,etcd-0.gpei-421.qe.devcluster.openshift.com,etcd-1.gpei-421.qe.devcluster.openshift.com,etcd-2.gpei-421.qe.devcluster.openshift.com,localhost,test.no-proxy.com
https://github.com/openshift/installer/pull/2640 revert the changes and confirmed this on payload 4.2.0-0.nightly-2019-11-08-012816. On bootstrap: [root@ip-10-0-48-10 ~]# env |grep NO_PROXY NO_PROXY=.cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.qe-gpei-1758663.qe.devcluster.openshift.com,api.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-0.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-1.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-2.qe-gpei-1758663.qe.devcluster.openshift.com,localhost,test.no-proxy.com In cluster: # oc get proxy cluster -o jsonpath='{.status.noProxy}' .cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.qe-gpei-1758663.qe.devcluster.openshift.com,api.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-0.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-1.qe-gpei-1758663.qe.devcluster.openshift.com,etcd-2.qe-gpei-1758663.qe.devcluster.openshift.com,localhost,test.no-proxy.com At this point, we shouldn't need this change, as such I'm closing this bug as WONTFIX. Please re-open this bug if this was still something we need to address later.