Description of problem: Pass down proxy env to operands failed for ansible type operator as the description : https://github.com/operator-framework/enhancements/blob/master/enhancements/proxy-passdown.md Version-Release number of selected component (if applicable): operator-sdk version: "v1.10.1-ocp", commit: "972fd59bb3a4cdb2e5102fc37fc3afa32f6c066f", kubernetes version: "v1.21", go version: "go1.16.5", GOOS: "linux", GOARCH: "amd64" How reproducible: always Steps to Reproduce: 1. created a memcached-operator as https://docs.openshift.com/container-platform/4.8/operators/operator_sdk/ansible/osdk-ansible-tutorial.html#osdk-run-locally_osdk-ansible-tutorial and add the proxy to the task file --- # tasks file for memcached - name: start memcached k8s: definition: kind: Deployment apiVersion: apps/v1 metadata: name: '{{ ansible_operator_meta.name }}-memcached' namespace: '{{ ansible_operator_meta.namespace }}' spec: replicas: "{{size}}" selector: matchLabels: app: memcached template: metadata: labels: app: memcached spec: containers: - name: memcached command: - memcached - -m=64 - -o - modern - -v image: "docker.io/memcached:1.4.36-alpine" ports: - containerPort: 11211 env: - name: HTTPS_PROXY: value: "{{ lookup('env', 'HTTPS_PROXY') | default('', True) }}" - name: HTTP_PROXY: value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}" - name: NO_PROXY: value: "{{ lookup('env', 'NO_PROXY') | default('', True) }}" 2. create the CR apiVersion: cache.example.com/v1 kind: Memcached metadata: name: memcached-sample ... spec: ... size: 1 Actual results: ansible type operator with error: $oc logs deployment.apps/memcached-operator-controller-manager -c manager -n memcached-operator-system ` {"level":"error","ts":1631076632.10605,"logger":"reconciler","msg":"\u001b[0;34mansible-playbook 2.9.24\u001b[0m\r\n\u001b[0;34m config file = /etc/ansible/ansible.cfg\u001b[0m\r\n\u001b[0;34m configured module search path = ['/usr/share/ansible/openshift']\u001b[0m\r\n\u001b[0;34m ansible python module location = /usr/lib/python3.6/site-packages/ansible\u001b[0m\r\n\u001b[0;34m executable location = /usr/bin/ansible-playbook\u001b[0m\r\n\u001b[0;34m python version = 3.6.8 (default, Mar 18 2021, 08:58:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]\u001b[0m\r\n\u001b[0;34mUsing /etc/ansible/ansible.cfg as config file\u001b[0m\r\n\u001b[0;31mERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:\u001b[0m\r\n\u001b[0;31mJSON: Expecting value: line 1 column 1 (char 0)\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mSyntax Error while loading YAML.\u001b[0m\r\n\u001b[0;31m mapping values are not allowed in this context\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mThe error appears to be in '/opt/ansible/roles/memcached/tasks/main.yml': line 33, column 34, but may\u001b[0m\r\n\u001b[0;31mbe elsewhere in the file depending on the exact syntax problem.\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mThe offending line appears to be:\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31m env:\u001b[0m\r\n\u001b[0;31m - name: HTTPS_PROXY:\u001b[0m\r\n\u001b[0;31m ^ here\u001b[0m\r\n","job":"2775422040480279449","name":"memcached-sample","namespace":"memcached-system","error":"did not receive playbook_on_stats event","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\toperator-sdk/vendor/github.com/go-logr/zapr/zapr.go:132\ngithub.com/operator-framework/operator-sdk/internal/ansible/controller.(*AnsibleOperatorReconciler).Reconcile\n\toperator-sdk/internal/ansible/controller/reconcile.go:229\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:99"} ` Expected results: The http_proxy can be added to the deployment of memcached-sample. And the CR is created successfully. Additional info:
heres an example with instructions https://github.com/asmacdo/ansible-operator-proxy-demo
verified. test env: 1. operator-sdk version: "v1.10.1-ocp", commit: "972fd59bb3a4cdb2e5102fc37fc3afa32f6c066f", kubernetes version: "v1.21", go version: "go1.16.5", GOOS: "linux", GOARCH: "amd64" 2. cv:4.9.0-0.nightly-2021-09-09-145014 3.. add the http_proxy message to the ansible operator task 1)$task/main.yaml --- - name: start memcached community.kubernetes.k8s: ...... spec: ...... env: - Name: HTTP_PROXY: Value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}" - Name: http_proxy: Value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}" 2)$Makefile deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default | CLUSTER_PROXY=$(shell kubectl get proxies.config.openshift.io cluster -o json | jq '.spec.httpProxy') envsubst | kubectl apply -f - 3)$config/manager/manager.yaml spec: ...... spec: securityContext: runAsNonRoot: true containers: ........... env: - name: ANSIBLE_GATHERING value: explicit - name: HTTP_PROXY value: $CLUSTER_PROXY test result: CR created success and env is passed to operand 1)$ oc create -f config/samples/cache1_v1_blacklist.yaml blacklist.cache1.blacklist.com/blacklist-sample created 2)$oc get deployment blacklist-sample-blacklist -o=jsonpath={.spec.template.spec.containers[0].env} [{"name":"HTTP_PROXY","value":"http://proxy-user1:JYgU8qRZV4xxxxxxxxxxxxx@xxxxx-141-199-xx.us-xxxx-2.compute.amazonaws.com:3128"},{"name":"http_proxy","value":"http://proxy-user1:JYgU8qRZV4xxxxxxxxxxxxx@xxxxx-141-199-xx.us-xxxx-2.compute.amazonaws.com:3128"}]
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759