Hide Forgot
CU wants to use the VMware vSphere CSI Driver Operator. The operator is deployed but cannot reach the vsphere api, because there is no proxy env set. The proxy is configured clusterwide. $ oc exec -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5 -- env | grep -i proxy KUBE_RBAC_PROXY_IMAGE= quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:17570d1734838f385f1454624e3af0b7a17dbdc443e20f127dbeedba256b230e oc rsh -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5 sh-4.4$ curl -vk -m 5 https://pslvmc01m.postcom.deutschepost.de/sdk * Trying 10.60.180.186... * TCP_NODELAY set * Connection timed out after 5001 milliseconds * Closing connection 0 curl: (28) Connection timed out after 5001 milliseconds With manual setting the proxy: $ oc rsh -n openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-57bc458d9c-nmwf5 sh-4.4$ HTTPS_PROXY= http://pslprx01i.postcom.deutschepost.de:3128 curl -k https://pslvmc01m.postcom.deutschepost.de | head -5 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3618 100 3618 0 0 153k 0 --:--:-- --:--:-- --:--:-- 153k <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd "> <html xmlns=" http://www.w3.org/1999/xhtml " lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> No proxy env inside the pod
This was fixed for vsphere-problem-detector, manila, and ovirt by bug 1912944 in this PR: https://github.com/openshift/cluster-storage-operator/pull/122 And it looks like all the driver deployments have already been updated, for example GCP PD: https://github.com/openshift/gcp-pd-csi-driver-operator/pull/10/commits/80862a60861ebd3c7cf52e89402c8b52db3d8de3 But there are still some operators (including vsphere) that are missing this annotation: https://github.com/openshift/cluster-storage-operator/pull/122/commits/f5e252f28b551c06c15fbcc1c2c8786dc980c8b1 I'll file a PR to update the remaining operator deployments in CSO.
On the proxy configurated vsphere cluster: $ oc get proxy cluster -o yaml | grep http httpProxy: xxxxxx httpsProxy: xxxxxx Before the fix, proxy is *NOT* injected in vmware-vsphere-csi-driver-operator on 4.11.0-0.nightly-2022-07-19-104004 $ oc -n openshift-cluster-csi-drivers get deployment.apps/vmware-vsphere-csi-driver-operator -o yaml | grep http $ After the fix, proxy is injected in vmware-vsphere-csi-driver-operator on 4.12.0-0.nightly-2022-07-21-192844 oc -n openshift-cluster-csi-drivers get deployment.apps/vmware-vsphere-csi-driver-operator -o yaml | grep -B1 http - name: HTTPS_PROXY value: xxxxxx - name: HTTP_PROXY value: xxxxxx Same check on azure-disk-csi-driver-operator, azure-file-csi-driver-operator and gcp-pd-csi-driver-operator as well.
Change to VERIFIED based on https://bugzilla.redhat.com/show_bug.cgi?id=2107043#c3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399