Bug 1806403 - [4.4] machineNetwork in noProxy list is flushed by Network-Operator [NEEDINFO]
Summary: [4.4] machineNetwork in noProxy list is flushed by Network-Operator
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.4.0
Assignee: Juan Luis de Sousa-Valadas
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On: 1797894
Blocks: 1805726
TreeView+ depends on / blocked
 
Reported: 2020-02-24 06:25 UTC by weiwei jiang
Modified: 2020-05-04 11:39 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When the installer introduced machineNetwork the cluster network operator ignored wasn't modified to add it to proxy.status.noProxy. Consequence: proxy.status.noProxy missing machineNetwork Fix: Add it to proxy.status.noProxy Result: noProxy contains the expected fields.
Clone Of:
Environment:
Last Closed: 2020-05-04 11:39:08 UTC
Target Upstream Version:
vlaad: needinfo? (jdesousa)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 494 None closed [release-4.4] Bug 1806403: Add MachineNetworks to proxy.status.noProxy 2020-07-20 11:58:20 UTC
Github openshift cluster-network-operator pull 505 None closed [release-4.4] Bug 1806403: Don't add empty MachineCIDR to noProxy 2020-07-20 11:58:19 UTC
Red Hat Product Errata RHBA-2020:0581 None None None 2020-05-04 11:39:28 UTC

Description weiwei jiang 2020-02-24 06:25:47 UTC
This bug was initially created as a copy of Bug #1797894

I am copying this bug because: 



Description of problem: 
When setup cluster with proxy, installation failed due to machine-config operator does not get ready.
And also failed to run commands(logs, exec, port-forward, ) which need api proxyconnect to node. 
After research, found that recently we merge https://github.com/openshift/installer/pull/2829, but Network-Operator is not aware of this. 
so it flushes the noProxy with the one without machineNetwork,  
https://github.com/openshift/cluster-network-operator/blob/master/pkg/util/proxyconfig/no_proxy.go#L29 
 

Known Affects: all api to nodes networking will be blocked, includes the following:
1. Installation will never success
2. all commands need api proxyconnect nodes will failed like oc logs, oc exec, etc
3. some node metrics target should be in RED
 
Version-Release number of the following components: 
./openshift-install 4.4.0-0.nightly-2020-02-03-224632 
built from commit 725b71dce1d41c98e368ad9277e14c7ce9a9cb25 
release image registry.svc.ci.openshift.org/ocp/release@sha256:5a51afee81638f559a92a7a1d910c24af8c4f458ea5baf8075fc3d81cf35f6fe 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. Setup a IPI cluster with proxy in install-config.yaml 
2. try to run oc logs 
3. 
 
Actual results: 
$ oc -n openshift-machine-config-operator logs -f machine-config-controller-6965dbc744-bpt98                                                                                                                      
Error from server: Get https://192.168.0.20:10250/containerLogs/openshift-machine-config-operator/machine-config-controller-6965dbc744-bpt98/machine-config-controller?follow=true: proxyconnect tcp: x509: certificate signed by unknown authority 
 
Expected results: 
Should not get such an error. 
 
Additional info:

Comment 3 weiwei jiang 2020-02-26 06:34:49 UTC
Checked with 4.4.0-0.nightly-2020-02-25-193901, and machineNetwork is in NoProxy list now.

$ oc extract cm/cluster-config-v1 -n kube-system
$ cat install-config
...
apiVersion: v1                                                                        
baseDomain: qe.rhcloud.com                                                            
compute:                                                                              
- architecture: amd64                                                                                                                                                        
  hyperthreading: Enabled                                                             
  name: worker                                                                        
  platform: {}                                                                        
  replicas: 3                                                                         
controlPlane:                                                                                                                                                                                                      
  architecture: amd64                                                                 
  hyperthreading: Enabled                                                             
  name: master                                                                        
  platform:                                                                           
    openstack:                                                                                                                                                               
      type: m1.xlarge                                                                 
  replicas: 3                                                                         
metadata:                                                                             
  creationTimestamp: null                                                             
  name: wjiospy2261                                                                   
networking:                                                                           
  clusterNetwork:                                                                     
  - cidr: 10.128.0.0/14                                                               
    hostPrefix: 23                                                                    
  machineNetwork:                                                                     
  - cidr: 192.168.0.0/18                                                              
  networkType: OpenShiftSDN                                                           
  serviceNetwork:                                                                     
  - 172.30.0.0/16                                                                     
platform:                                                                             
  openstack:                                                                          
    cloud: openstack                                                                  
    computeFlavor: m1.xlarge                                                                                                                                                 
    externalDNS:                                                                      
    - 10.0.77.163                                                                     
    externalNetwork: provider_net_cci_8                                                                                                                                      
    lbFloatingIP: 10.0.101.2                                                                                                                                                 
    octaviaSupport: "0"                                                               
    region: regionOne                                                                 
    trunkSupport: "1"                                                                                    
proxy:                                                                                                   
  httpProxy: http://xx:xx@xx.xx.xx.xx:3128                                   
  httpsProxy: https://xx:xx@xx.xx.xx.xx:3130                                  
  noProxy: rhos-d.infra.prod.upshift.rdu2.redhat.com,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com                                                                                                               
publish: External                                   


$ oc get proxy cluster -o yaml 
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  creationTimestamp: "2020-02-26T04:36:12Z"
  generation: 1
  name: cluster
  resourceVersion: "2344"
  selfLink: /apis/config.openshift.io/v1/proxies/cluster
  uid: 4bbec4d3-b020-4357-a4e2-6cf99fff2a32
spec:
  httpProxy: http://xx:xx@xx.xx.xx.xx:3128                                   
  httpsProxy: https://xx:xx@xx.xx.xx.xx:3130 
  noProxy: rhos-d.infra.prod.upshift.rdu2.redhat.com,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com
  trustedCA:
    name: user-ca-bundle
status:
  httpProxy: http://xx:xx@xx.xx.xx.xx:3128                                   
  httpsProxy: https://xx:xx@xx.xx.xx.xx:3130 
  noProxy: ',.cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,192.168.0.0/18,api-int.wjiospy2261.qe.rhcloud.com,etcd-0.wjiospy2261.qe.rhcloud.com,etcd-1.wjiospy2261.qe.rhcloud.com,etcd-2.wjiospy2261.qe.rhcloud.com,localhost,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com,rhos-d.infra.prod.upshift.rdu2.redhat.com'

Comment 15 errata-xmlrpc 2020-05-04 11:39:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.