Bug 2107043 - HTTPS_PROXY ENV missing in some CSI driver operators
Summary: HTTPS_PROXY ENV missing in some CSI driver operators
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.10
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.12.0
Assignee: Jonathan Dobson
QA Contact: Wei Duan
URL:
Whiteboard:
Depends On:
Blocks: 2109205
TreeView+ depends on / blocked
 
Reported: 2022-07-14 08:02 UTC by Victor Medina
Modified: 2023-01-17 19:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-17 19:52:40 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-storage-operator pull 301 0 None open Bug 2107043: HTTPS_PROXY ENV missing in some CSI driver operators 2022-07-18 17:36:29 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:53:03 UTC

Description Victor Medina 2022-07-14 08:02:40 UTC
CU wants to use the VMware vSphere CSI Driver Operator. The operator is deployed but cannot reach the vsphere api, because there is no proxy env set. The proxy is configured clusterwide.


$ oc exec -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5 -- env | grep -i proxy
KUBE_RBAC_PROXY_IMAGE=

quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:17570d1734838f385f1454624e3af0b7a17dbdc443e20f127dbeedba256b230e



oc rsh -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5
sh-4.4$ curl -vk -m 5

https://pslvmc01m.postcom.deutschepost.de/sdk


* Trying 10.60.180.186...
* TCP_NODELAY set
* Connection timed out after 5001 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 5001 milliseconds

With manual setting the proxy:
$ oc rsh -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5
sh-4.4$ HTTPS_PROXY=

http://pslprx01i.postcom.deutschepost.de:3128

curl -k

https://pslvmc01m.postcom.deutschepost.de

| head -5
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3618 100 3618 0 0 153k 0 --:--:-- --:--:-- --:--:-- 153k
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd

">
<html xmlns="

http://www.w3.org/1999/xhtml

" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">



No proxy env inside the pod

Comment 1 Jonathan Dobson 2022-07-18 17:30:43 UTC
This was fixed for vsphere-problem-detector, manila, and ovirt by bug 1912944 in this PR:
https://github.com/openshift/cluster-storage-operator/pull/122

And it looks like all the driver deployments have already been updated, for example GCP PD:
https://github.com/openshift/gcp-pd-csi-driver-operator/pull/10/commits/80862a60861ebd3c7cf52e89402c8b52db3d8de3

But there are still some operators (including vsphere) that are missing this annotation:
https://github.com/openshift/cluster-storage-operator/pull/122/commits/f5e252f28b551c06c15fbcc1c2c8786dc980c8b1

I'll file a PR to update the remaining operator deployments in CSO.

Comment 3 Wei Duan 2022-07-22 09:21:07 UTC
On the proxy configurated vsphere cluster:
$ oc get proxy cluster  -o yaml | grep http
  httpProxy: xxxxxx
  httpsProxy: xxxxxx

Before the fix, proxy is *NOT* injected in vmware-vsphere-csi-driver-operator on 4.11.0-0.nightly-2022-07-19-104004
$ oc -n openshift-cluster-csi-drivers get deployment.apps/vmware-vsphere-csi-driver-operator -o yaml | grep http
$ 

After the fix, proxy is injected in vmware-vsphere-csi-driver-operator on 4.12.0-0.nightly-2022-07-21-192844
oc -n openshift-cluster-csi-drivers get deployment.apps/vmware-vsphere-csi-driver-operator -o yaml | grep -B1 http 
        - name: HTTPS_PROXY
          value: xxxxxx
        - name: HTTP_PROXY
          value: xxxxxx


Same check on azure-disk-csi-driver-operator, azure-file-csi-driver-operator and gcp-pd-csi-driver-operator as well.

Comment 8 Wei Duan 2022-08-03 08:21:36 UTC
Change to VERIFIED based on https://bugzilla.redhat.com/show_bug.cgi?id=2107043#c3

Comment 11 errata-xmlrpc 2023-01-17 19:52:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399


Note You need to log in before you can comment on or make changes to this bug.