The plugin asset proxy in the console backend sends no request headers. https://github.com/openshift/console/blob/7655199ccd8d83e7c39d5150602f7e90f47066ce/pkg/plugins/handlers.go#L91 We should be passing through at least some headers that are needed for browser caching and content negotiation. (This is done for our typical proxy in proxy.go.) We should *NOT* pass through Cookie and X-CSRFToken headers, however.
Moving the Bug back to ASSIGNED since there was one additional fix to be made https://github.com/openshift/console/pull/10166
1. Enable demo plugin $ cat oc-manifest-locales.yaml apiVersion: v1 kind: Namespace metadata: name: console-demo-plugin --- apiVersion: apps/v1 kind: Deployment metadata: name: console-demo-plugin namespace: console-demo-plugin labels: app: console-demo-plugin app.kubernetes.io/component: console-demo-plugin app.kubernetes.io/instance: console-demo-plugin app.kubernetes.io/part-of: console-demo-plugin app.openshift.io/runtime-namespace: console-demo-plugin spec: replicas: 1 selector: matchLabels: app: console-demo-plugin template: metadata: labels: app: console-demo-plugin spec: containers: - name: console-demo-plugin image: quay.io/yapei/console-demo-plugin:locales ports: - containerPort: 9001 protocol: TCP imagePullPolicy: Always args: - '--ssl' - '--cert=/var/serving-cert/tls.crt' - '--key=/var/serving-cert/tls.key' volumeMounts: - name: console-serving-cert readOnly: true mountPath: /var/serving-cert volumes: - name: console-serving-cert secret: secretName: console-serving-cert defaultMode: 420 restartPolicy: Always dnsPolicy: ClusterFirst strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25% --- apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/serving-cert-secret-name: console-serving-cert name: console-demo-plugin namespace: console-demo-plugin labels: app: console-demo-plugin app.kubernetes.io/component: console-demo-plugin app.kubernetes.io/instance: console-demo-plugin app.kubernetes.io/part-of: console-demo-plugin spec: ports: - name: 9001-tcp protocol: TCP port: 9001 targetPort: 9001 selector: app: console-demo-plugin type: ClusterIP sessionAffinity: None --- apiVersion: console.openshift.io/v1alpha1 kind: ConsolePlugin metadata: name: console-demo-plugin spec: displayName: 'OpenShift Console Demo Plugin' service: name: console-demo-plugin namespace: console-demo-plugin port: 9001 basePath: '/' $ oc apply -f oc-manifest-locales.yaml namespace/console-demo-plugin created deployment.apps/console-demo-plugin created service/console-demo-plugin created consoleplugin.console.openshift.io/console-demo-plugin created $ oc get all -n console-demo-plugin NAME READY STATUS RESTARTS AGE pod/console-demo-plugin-59dfbf5c-ttssn 1/1 Running 0 2m48s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/console-demo-plugin ClusterIP 172.30.119.39 <none> 9001/TCP 2m47s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/console-demo-plugin 1/1 1 1 2m49s NAME DESIRED CURRENT READY AGE replicaset.apps/console-demo-plugin-59dfbf5c 1 1 1 2m48s 2. Visiting /locales/resource.json?lng=en&ns=plugin__console-demo-plugin and then check pods logs $ oc logs -f console-demo-plugin-59dfbf5c-ttssn -n console-demo-plugin Starting up http-server, serving ./static through https Available on: https://127.0.0.1:9001 https://10.129.2.16:9001 Hit CTRL-C to stop the server [Wed Oct 13 2021 08:42:36 GMT+0000 (Coordinated Universal Time)] "GET /locales/en/plugin__console-demo-plugin.json" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [Wed Oct 13 2021 08:43:44 GMT+0000 (Coordinated Universal Time)] "GET /locales/en/plugin__console-demo-plugin.json" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" we can see 'User-Agent' header is proxied to the service endpoint Moving to VERIFIED and let me know if the steps are wrong $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2021-10-13-001151 True False 3h15m Cluster version is 4.10.0-0.nightly-2021-10-13-001151
as comparison, we only return "Go-http-client/1.1" before the fix $ oc logs -f console-demo-plugin-59dfbf5c-vw2gb -n console-demo-plugin Starting up http-server, serving ./static through https Available on: https://127.0.0.1:9001 https://10.129.2.105:9001 Hit CTRL-C to stop the server [Wed Oct 13 2021 08:49:54 GMT+0000 (Coordinated Universal Time)] "GET /locales/en/plugin__console-demo-plugin.json" "Go-http-client/1.1"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056