Bug 1789462 - Login to grafana fails on IPv6 environments
Summary: Login to grafana fails on IPv6 environments
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.3.z
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.4.0
Assignee: Standa Laznicka
QA Contact: scheng
URL:
Whiteboard:
Depends On:
Blocks: 1771572 1798195
TreeView+ depends on / blocked
 
Reported: 2020-01-09 15:48 UTC by Yurii Prokulevych
Modified: 2020-05-04 11:23 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: improper handling of the kube-apiserver service-network address Consequence: unable to connect to kube-apiserver if it has an IPv6 address Fix: added detection for IPv6 address and its proper handling Result: the proxy can connect to the kube-apiserver if it serves on an IPv6 address
Clone Of:
: 1798195 (view as bug list)
Environment:
Last Closed: 2020-05-04 11:23:24 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oauth-proxy pull 149 0 None closed Bug 1789462: fix OAuth discovery in IPv6 environments 2020-11-24 04:19:51 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:23:54 UTC

Comment 3 Standa Laznicka 2020-01-28 14:31:35 UTC
The oauth-proxy only tries to connect to wherever it hopes the kube-apiserver is on the service network, moving to SDN.

Comment 5 Standa Laznicka 2020-01-31 08:12:20 UTC
Indeed, if url.URL structure contains IPv6 address in its Host field, a successive ".String()" call merely concatenates the fields. Fixed in the linked PR.

Comment 7 Junqi Zhao 2020-02-05 03:16:51 UTC
prometheus, alertmanager, and grafana cannot be accessed via webUI either

Comment 8 Standa Laznicka 2020-02-10 15:11:48 UTC
Please clarify if that means that the bugfix failed QA (in which case upload new logs)?

Comment 9 Dan Winship 2020-02-11 15:33:35 UTC
can't currently be tested in 4.4. "Verifying" to unblock the backport

Comment 11 errata-xmlrpc 2020-05-04 11:23:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.