1789462 – Login to grafana fails on IPv6 environments

Bug 1789462 - Login to grafana fails on IPv6 environments

Summary: Login to grafana fails on IPv6 environments

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	apiserver-auth
Sub Component:
Version:	4.3.z
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Standa Laznicka
QA Contact:	scheng
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1771572 1798195
TreeView+	depends on / blocked

Reported:	2020-01-09 15:48 UTC by Yurii Prokulevych
Modified:	2020-05-04 11:23 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: improper handling of the kube-apiserver service-network address Consequence: unable to connect to kube-apiserver if it has an IPv6 address Fix: added detection for IPv6 address and its proper handling Result: the proxy can connect to the kube-apiserver if it serves on an IPv6 address
Clone Of:
Clones:	1798195 (view as bug list)
Environment:
Last Closed:	2020-05-04 11:23:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift oauth-proxy pull 149	0	None	closed	Bug 1789462: fix OAuth discovery in IPv6 environments	2020-11-24 04:19:51 UTC
Red Hat Product Errata	RHBA-2020:0581	0	None	None	None	2020-05-04 11:23:54 UTC

Comment 3 Standa Laznicka 2020-01-28 14:31:35 UTC

The oauth-proxy only tries to connect to wherever it hopes the kube-apiserver is on the service network, moving to SDN.

Comment 5 Standa Laznicka 2020-01-31 08:12:20 UTC

Indeed, if url.URL structure contains IPv6 address in its Host field, a successive ".String()" call merely concatenates the fields. Fixed in the linked PR.

Comment 7 Junqi Zhao 2020-02-05 03:16:51 UTC

prometheus, alertmanager, and grafana cannot be accessed via webUI either

Comment 8 Standa Laznicka 2020-02-10 15:11:48 UTC

Please clarify if that means that the bugfix failed QA (in which case upload new logs)?

Comment 9 Dan Winship 2020-02-11 15:33:35 UTC

can't currently be tested in 4.4. "Verifying" to unblock the backport

Comment 11 errata-xmlrpc 2020-05-04 11:23:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.