This bug was initially created as a copy of Bug #1797894 I am copying this bug because: Description of problem: When setup cluster with proxy, installation failed due to machine-config operator does not get ready. And also failed to run commands(logs, exec, port-forward, ) which need api proxyconnect to node. After research, found that recently we merge https://github.com/openshift/installer/pull/2829, but Network-Operator is not aware of this. so it flushes the noProxy with the one without machineNetwork, https://github.com/openshift/cluster-network-operator/blob/master/pkg/util/proxyconfig/no_proxy.go#L29 Known Affects: all api to nodes networking will be blocked, includes the following: 1. Installation will never success 2. all commands need api proxyconnect nodes will failed like oc logs, oc exec, etc 3. some node metrics target should be in RED Version-Release number of the following components: ./openshift-install 4.4.0-0.nightly-2020-02-03-224632 built from commit 725b71dce1d41c98e368ad9277e14c7ce9a9cb25 release image registry.svc.ci.openshift.org/ocp/release@sha256:5a51afee81638f559a92a7a1d910c24af8c4f458ea5baf8075fc3d81cf35f6fe How reproducible: Always Steps to Reproduce: 1. Setup a IPI cluster with proxy in install-config.yaml 2. try to run oc logs 3. Actual results: $ oc -n openshift-machine-config-operator logs -f machine-config-controller-6965dbc744-bpt98 Error from server: Get https://192.168.0.20:10250/containerLogs/openshift-machine-config-operator/machine-config-controller-6965dbc744-bpt98/machine-config-controller?follow=true: proxyconnect tcp: x509: certificate signed by unknown authority Expected results: Should not get such an error. Additional info:
Checked with 4.4.0-0.nightly-2020-02-25-193901, and machineNetwork is in NoProxy list now. $ oc extract cm/cluster-config-v1 -n kube-system $ cat install-config ... apiVersion: v1 baseDomain: qe.rhcloud.com compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: {} replicas: 3 controlPlane: architecture: amd64 hyperthreading: Enabled name: master platform: openstack: type: m1.xlarge replicas: 3 metadata: creationTimestamp: null name: wjiospy2261 networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 192.168.0.0/18 networkType: OpenShiftSDN serviceNetwork: - 172.30.0.0/16 platform: openstack: cloud: openstack computeFlavor: m1.xlarge externalDNS: - 10.0.77.163 externalNetwork: provider_net_cci_8 lbFloatingIP: 10.0.101.2 octaviaSupport: "0" region: regionOne trunkSupport: "1" proxy: httpProxy: http://xx:xx@xx.xx.xx.xx:3128 httpsProxy: https://xx:xx@xx.xx.xx.xx:3130 noProxy: rhos-d.infra.prod.upshift.rdu2.redhat.com,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com publish: External $ oc get proxy cluster -o yaml apiVersion: config.openshift.io/v1 kind: Proxy metadata: creationTimestamp: "2020-02-26T04:36:12Z" generation: 1 name: cluster resourceVersion: "2344" selfLink: /apis/config.openshift.io/v1/proxies/cluster uid: 4bbec4d3-b020-4357-a4e2-6cf99fff2a32 spec: httpProxy: http://xx:xx@xx.xx.xx.xx:3128 httpsProxy: https://xx:xx@xx.xx.xx.xx:3130 noProxy: rhos-d.infra.prod.upshift.rdu2.redhat.com,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com trustedCA: name: user-ca-bundle status: httpProxy: http://xx:xx@xx.xx.xx.xx:3128 httpsProxy: https://xx:xx@xx.xx.xx.xx:3130 noProxy: ',.cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,192.168.0.0/18,api-int.wjiospy2261.qe.rhcloud.com,etcd-0.wjiospy2261.qe.rhcloud.com,etcd-1.wjiospy2261.qe.rhcloud.com,etcd-2.wjiospy2261.qe.rhcloud.com,localhost,oauth-openshift.apps.wjiospy2261.qe.rhcloud.com,rhos-d.infra.prod.upshift.rdu2.redhat.com'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581