+++ This bug was initially created as a clone of Bug #1896704 +++ Description of problem: In all environments that leverage the Machine API, components in the machine-api-controllers pod contact external cloud provider APIs. When a customer has configured a cluster-wide-proxy, they expect all traffic leaving a cluster to route via the configured proxy. Machine API components currently ignore this setting and route traffic directly to the cloud provider APIs regardless of any configured cluster-wide-proxy. This means that customers have to make exceptions in their networking configuration and in their security practices to allow Machine API to work in a disconnected/restricted network environment. Machine API should honour the cluster-wide-proxy settings as all other components within OCP 4 do. Version-Release number of selected component (if applicable): All (in particular we want this fixed in 4.6 and 4.7) How reproducible: 100% Steps to Reproduce: 1. Create an OCP cluster 2. Create a cluster-wide-proxy 3. Restrict egress traffic so that only the proxy is allowed egress Actual results: Machine API will now be broken as it cannot reach the cloud provider API Expected results: Machine API should send traffic to the cloud provider via the proxy Additional info:
This is blocked on the PR being merged into the 4.7 branch and then being verified, hopefully we will be able to get that done by end of next sprint
Validated on - 4.6.0-0.nightly-2020-11-22-160856 This can be easily validated with successful installation after using the new templates which removes ways that were done earlier for machine-api to work in proxy env. Successfully validated with below proxy installation being success https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/124171/console -azure https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/124176/console - gcp https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/124047/console - AWS Additional info: Moved to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.6 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5115