Bug 1935891 - Canary client should perform canary probes explicitly over HTTPS (rather than redirect from HTTP)
Summary: Canary client should perform canary probes explicitly over HTTPS (rather than...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.z
Assignee: Stephen Greene
QA Contact: Hongan Li
URL:
Whiteboard:
: 1942121 (view as bug list)
Depends On: 1934773
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-05 18:09 UTC by OpenShift BugZilla Robot
Modified: 2022-11-14 13:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-03-25 01:53:00 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 566 0 None open [release-4.7] Bug 1935891: Canary: Perform canary test probes over https 2021-03-08 15:30:49 UTC
Red Hat Product Errata RHBA-2021:0821 0 None None None 2021-03-25 01:53:17 UTC

Description OpenShift BugZilla Robot 2021-03-05 18:09:06 UTC
+++ This bug was initially created as a clone of Bug #1934773 +++

Description of problem:
The ingress operator's canary controller periodically probes the canary endpoint over HTTP. The canary route is an edge terminated route that redirects insecure traffic. Some customers, such as one mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1932401, expose the default ingress controller via an external load balancer that drops _all_ traffic to port 80, thus making an http -> https redirect impossible for the canary route.

The canary route should send probe requests over https only to mitigate this issue.

Comment 2 Hongan Li 2021-03-15 03:26:35 UTC
verified with 4.7.0-0.nightly-2021-03-13-095904 and pass.

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2021-03-13-095904   True        False         14m     Cluster version is 4.7.0-0.nightly-2021-03-13-095904

can find operator logs as below:
Get \"https://canary-openshift-ingress-canary.apps.hongli-bv.qe.devcluster.openshift.com\"

Comment 5 Stephen Greene 2021-03-24 13:33:28 UTC
*** Bug 1942121 has been marked as a duplicate of this bug. ***

Comment 6 errata-xmlrpc 2021-03-25 01:53:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.3 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0821


Note You need to log in before you can comment on or make changes to this bug.