Bug 1798609
| Summary: | Report a metric about proxy enablement on the cluster and via telemetry | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Clayton Coleman <ccoleman> |
| Component: | kube-apiserver | Assignee: | Clayton Coleman <ccoleman> |
| Status: | CLOSED ERRATA | QA Contact: | Ke Wang <kewang> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.4 | CC: | aos-bugs, mfojtik, xxia |
| Target Milestone: | --- | ||
| Target Release: | 4.4.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-13 21:56:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Clayton Coleman
2020-02-05 16:17:48 UTC
> ... cluster_infrastructure_provider and feature set (since these are the heart of the system and already leverage the config) Related bug 1766518 and bug 1731232 for reference > Report whether the proxy is enabled for http, https, and whether it has a CA This bug's purpose to verify Verified with 4.4.0-0.nightly-2020-02-17-231058.
1. Enabled the cluster http/https proxy server and trustedCA.
a) Create a file called user-ca-bundle.yaml with the following contents, and provide the values of your PEM-encoded certificates:
apiVersion: v1
data:
ca-bundle.crt: |
<MY_PEM_ENCODED_CERTS>
kind: ConfigMap
metadata:
name: user-ca-bundle
namespace: openshift-config
b) Create the ConfigMap from this file:
$ oc create -f user-ca-bundle.yaml
c) oc edit proxy/cluster # Configure the necessary fields for the proxy:
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
name: cluster
spec:
httpProxy: http://<username>:<pswd>@<ip>:<port>
httpsProxy: http://<username>:<pswd>@<ip>:<port>
noProxy: example.com
trustedCA:
name: user-ca-bundle
2.
$ TK=`oc sa get-token cluster-monitoring-operator -n openshift-monitoring`
# pod_name=$(oc -n openshift-apiserver-operator get pods -o name | cut -d/ -f2)
# op_endp=$(oc get ep -n openshift-kube-apiserver-operator | grep 8443 | awk '{print $2}')
# o -n openshift-apiserver-operator exec -it $pod_name -- curl -k -H "Authorization: Bearer $TK" https://$op_endp/metrics > metrics
$ grep cluster_proxy metrics
# HELP cluster_proxy_enabled Reports whether the cluster has been configured to use a proxy. type is which type of proxy configuration has been set - http for an http proxy, https for an https proxy, and trusted_ca if a custom CA was specified.
# TYPE cluster_proxy_enabled gauge
cluster_proxy_enabled{type="http"} 1
cluster_proxy_enabled{type="https"} 1
cluster_proxy_enabled{type="trusted_ca"} 1
We can see the cluster_proxy_enabled Reports whether the cluster has been configured to use a proxy in metrics.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 |