Description of problem: In all environments that leverage the Machine API, components in the machine-api-controllers pod contact external cloud provider APIs. When a customer has configured a cluster-wide-proxy, they expect all traffic leaving a cluster to route via the configured proxy. Machine API components currently ignore this setting and route traffic directly to the cloud provider APIs regardless of any configured cluster-wide-proxy. This means that customers have to make exceptions in their networking configuration and in their security practices to allow Machine API to work in a disconnected/restricted network environment. Machine API should honour the cluster-wide-proxy settings as all other components within OCP 4 do. Version-Release number of selected component (if applicable): All (in particular we want this fixed in 4.6 and 4.7) How reproducible: 100% Steps to Reproduce: 1. Create an OCP cluster 2. Create a cluster-wide-proxy 3. Restrict egress traffic so that only the proxy is allowed egress Actual results: Machine API will now be broken as it cannot reach the cloud provider API Expected results: Machine API should send traffic to the cloud provider via the proxy Additional info:
We are making progress on this bug, but still need to work some concerns out with the oVirt provider maintainers. This should merge sometime during the next sprint
Validating again to , as there is some more config changes needed to confirm this , moving back to ON_QA
Validated again as earlier I validated on installers which were earlier designed to handle inability of mapi to run on proxy .. Reran again , machinesets scaled up and down successfully without the earlier workarounds (which were necessary as per the product doc , since mapi didnt supported proxy) moving to VERIFIED . Additional info: Installation team helped out on this config ..
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633