+++ This bug was initially created as a clone of Bug #2090836 +++ escription Openshift Installer supports HTTP Proxy configuration in a restricted environment. However, when the bootstrap node grabs ignition assets. The proxy configuration does not pass to the ignition configuration. https://github.com/openshift/installer/blob/55b897f28634ece17e1a761dd3cff79b1ad903aa/pkg/asset/ignition/bootstrap/bootstrap_ignition.go#L38. Impacts{} No consistent proxy experience for users especially in the public cloud. E.g. users have to set up a VPC S3 endpoint to get S3 ignition asset access because of this. https://docs.openshift.com/dedicated/networking/configuring-cluster-wide-proxy.html Proposed Resolution Installer config should pass the http proxy to ignition configuration. Platform: #Please specify the platform type: aws Looks like the installer goes to S3 to fetch ignition configs in a proxy environment and does not use the proxy. I mean that seems very basic to me and broken functionality. I mean I don't know how a basic test would pass. Given An AWS Openshift Install When I Configured HTTP Proxy for Openshift installer Then bootstrap Ignition should grab assets in S3 through the configured HTTP proxy And Not expect direct internet access to the assets. I googled a little bit. Example: Similar issues were reported, and fixed for openstack specifically https://bugzilla.redhat.com/show_bug.cgi?id=1945236 https://github.com/openshift/installer/pull/4804 --- Additional comment from heheffne on 2022-05-26 16:38:10 UTC --- Installer Team: The CFE team will be working on this bugzilla - we have CFEPLAN-90 tracking progress. --- Additional comment from padillon on 2022-06-02 01:42:56 UTC --- Setting this as blocker - as there are clear workarounds. --- Additional comment from tkatarki on 2022-06-08 20:29:39 UTC --- @padillon what are the workarounds? where are they documented? --- Additional comment from acathrow on 2022-06-23 14:22:50 UTC --- Can we get an update on this bug - is this being planned --- Additional comment from heheffne on 2022-06-23 14:30:13 UTC --- Andrew - we are currently working on this bug the PR is ready and we are working on the e2e tests. --- Additional comment from padillon on 2022-06-24 00:59:26 UTC --- > @padillon what are the workarounds? where are they documented? There are two workarounds: 1. User edits bootstrap ignition config to add proxy 2. User configures vpc as described in docs: https://docs.openshift.com/container-platform/4.10/installing/installing_aws/installing-aws-network-customizations.html#installation-configure-proxy_installing-aws-network-customizations > Can we get an update on this bug - is this being planned There is a PR open but it was not correctly linked. That should be corrected now but here is the link: https://github.com/openshift/installer/pull/5973
verified. PASS. OCP version: 4.11.0-0.nightly-2022-07-08-231743 Test scenarios: https://github.com/openshift/installer/pull/5973#issuecomment-1178510229 Note for UPI installation: When you provide ignition file to bootstrap instance, s3-uri format (e.g. s3://yunjiang-11p2d-07111019/bootstrap_07111019.ign) does not works with ignition proxy feature [1]. You can use s3-presign format. [1] https://coreos.github.io/ignition/configuration-v3_1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069