Bug 2038191 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
Summary: gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.z
Assignee: Fabio Bertinatto
QA Contact: Wei Duan
URL:
Whiteboard:
Depends On: 2024804
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-07 14:52 UTC by OpenShift BugZilla Robot
Modified: 2022-01-24 16:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-24 16:50:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift gcp-pd-csi-driver-operator pull 42 0 None open WIP [release-4.9] Bug 2038191: Add custom CA bundle support 2022-01-07 18:35:13 UTC
Red Hat Product Errata RHBA-2022:0195 0 None None None 2022-01-24 16:50:33 UTC

Comment 5 Wei Duan 2022-01-20 08:02:49 UTC 
Verified pass on 4.10.0-0.nightly-2022-01-19-150530
1. cluster proxy:
$ oc get proxy cluster -o yaml
spec:
  httpProxy: http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
  httpsProxy: http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
  noProxy: test.no-proxy.com,.apps.wduan-0120a.qe.gcp.devcluster.openshift.com
  trustedCA:
    name: user-ca-bundle
status:
  httpProxy: http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
  httpsProxy: http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
  noProxy: .apps.wduan-0120a.qe.gcp.devcluster.openshift.com,.cluster.local,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.wduan-0120a.qe.gcp.devcluster.openshift.com,localhost,metadata,metadata.google.internal,metadata.google.internal.,test.no-proxy.com

2. Check CSI Driver:
$ oc -n openshift-cluster-csi-drivers describe pod  gcp-pd-csi-driver-controller-7d597d4f7f-x7vfg  | egrep "PROXY|trusted-ca-bundle|ca-trust"
      HTTPS_PROXY:                     http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
      HTTP_PROXY:                      http://proxy-user1:JYgU8qRZV4DY4PXJbxJK@10.0.0.2:3129
      NO_PROXY:                        .apps.wduan-0120a.qe.gcp.devcluster.openshift.com,.cluster.local,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.wduan-0120a.qe.gcp.devcluster.openshift.com,localhost,metadata,metadata.google.internal,metadata.google.internal.,test.no-proxy.com
      /etc/pki/ca-trust/extracted/pem from non-standard-root-system-trust-ca-bundle (ro)
    Name:      gcp-pd-csi-driver-trusted-ca-bundle

3. Check CSI Driver works well.

Change the status to "Verified"
Comment 7 errata-xmlrpc 2022-01-24 16:50:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.17 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0195
Note You need to log in before you can comment on or make changes to this bug.