Bug 1765044 - The DNS provider failed to ensure the record: caused by: Post https://route53.amazonaws.com/xxx: dial tcp x.x.x.x:443: i/o timeout [NEEDINFO]
Summary: The DNS provider failed to ensure the record: caused by: Post https://route53...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.4.0
Assignee: Daneyon Hansen
QA Contact: Johnny Liu
URL:
Whiteboard:
: 1779406 (view as bug list)
Depends On:
Blocks: 1768847 1782829
TreeView+ depends on / blocked
 
Reported: 2019-10-24 08:35 UTC by Hongan Li
Modified: 2020-05-04 11:15 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1768847 1782829 (view as bug list)
Environment:
Last Closed: 2020-05-04 11:14:34 UTC
Target Upstream Version:
dmace: needinfo? (dhansen)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 334 None closed Bug 1765044: Adds proxy support to ingress operator 2020-11-10 05:02:01 UTC
Red Hat Product Errata RHBA-2020:0581 None None None 2020-05-04 11:15:17 UTC

Comment 4 Daneyon Hansen 2019-11-07 18:10:42 UTC
Users are required to manually manage dns by following https://github.com/openshift/installer/blob/master/docs/user/aws/install_upi.md#adjust-dns-zones. Moving to the doc's team to confirm this requirement is documented.

Comment 9 Daneyon Hansen 2019-11-13 19:40:02 UTC
It was agreed upon that manually creating the dns wildcard record was an acceptable workaround for the initial release of proxy. https://jira.coreos.com/browse/NE-182 will allow the ingress operator to manage dns records when proxy is enabled.

Comment 10 Dan Mace 2019-12-04 13:44:09 UTC
*** Bug 1779406 has been marked as a duplicate of this bug. ***

Comment 12 Daneyon Hansen 2019-12-11 17:05:00 UTC
Dan, [1] is the PR but the bot is failing to link to this bz [2]. I think the PR is very close to being merged, so I moved the bz to 4.3. Let me know if you feel differently.

[1] https://github.com/openshift/cluster-ingress-operator/pull/334
[2] https://github.com/openshift/cluster-ingress-operator/pull/334#issuecomment-563355629

Comment 14 Johnny Liu 2019-12-20 06:31:06 UTC
Verified this bug with 4.4.0-0.nightly-2019-12-19-223334, and PASS.

Trigger an install on aws behind proxy, succeed.

# oc get dnsrecords.ingress.operator.openshift.io -o yaml -n openshift-ingress-operator
apiVersion: v1
items:
- apiVersion: ingress.operator.openshift.io/v1
  kind: DNSRecord
  metadata:
    creationTimestamp: "2019-12-20T06:02:05Z"
    finalizers:
    - operator.openshift.io/ingress-dns
    generation: 1
    labels:
      ingresscontroller.operator.openshift.io/owning-ingresscontroller: default
    name: default-wildcard
    namespace: openshift-ingress-operator
    ownerReferences:
    - apiVersion: operator.openshift.io/v1
      blockOwnerDeletion: true
      controller: true
      kind: IngressController
      name: default
      uid: 9c3be80e-878b-4844-98cd-59102b33056c
    resourceVersion: "9741"
    selfLink: /apis/ingress.operator.openshift.io/v1/namespaces/openshift-ingress-operator/dnsrecords/default-wildcard
    uid: d6222cfd-e308-4170-aa8d-ce8549d47c74
  spec:
    dnsName: '*.apps.jialiu44awsbz3.qe.devcluster.openshift.com.'
    recordTTL: 30
    recordType: CNAME
    targets:
    - aa0ca54cd96024111bf39a2575089916-309478555.us-east-2.elb.amazonaws.com
  status:
    zones:
    - dnsZone:
        tags:
          Name: jialiu44awsbz3-2q6z4-int
          kubernetes.io/cluster/jialiu44awsbz3-2q6z4: owned
    - dnsZone:
        id: Z3B3KOVA3TRCWP
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

# oc -n openshift-ingress-operator exec  ingress-operator-dc7799984-5tj94 -- env | grep -i proxy
Defaulting container name to ingress-operator.
Use 'oc describe pod/ingress-operator-dc7799984-5tj94 -n openshift-ingress-operator' to see all of the containers in this pod.
HTTP_PROXY=http://ec2-18-220-202-118.us-east-2.compute.amazonaws.com:3128
HTTPS_PROXY=http://ec2-18-220-202-118.us-east-2.compute.amazonaws.com:3128
NO_PROXY=.cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.jialiu44awsbz3.qe.devcluster.openshift.com,etcd-0.jialiu44awsbz3.qe.devcluster.openshift.com,etcd-1.jialiu44awsbz3.qe.devcluster.openshift.com,etcd-2.jialiu44awsbz3.qe.devcluster.openshift.com,localhost,test.no-proxy.com

Comment 16 errata-xmlrpc 2020-05-04 11:14:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.