Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2202

Authentication-operator ignores noproxy settings defined in the cluster-wide proxy

XMLWordPrintable

    • False
    • False
    • 0
    • 0% 0%

      1. Proposed title of this feature request

      Authentication-operator ignores noproxy settings defined in the cluster-wide proxy

       

      2. What is the nature and description of the request?

      I had a disucssion with one of Senior Software Engineer about this issue and he asked  me to raise a RFE , since already few  Red Hatters are asking the same option about if we have any option to disable the check 
      Yes infact we have a bug created for this [1] and i could see our Engineering closed the bug saying that it's not a bug but a feature

      [1]
      https://bugzilla.redhat.com/show_bug.cgi?id=1982738
      Based on the Bugzilla, I've checked the code.

      And there is a function to test if there is no mis-configuration in the proxy setting.

      // checkProxyConfig determines any mis-configuration in proxy settings by attempting
      // to connect to endpoint directly and via proxy and comparing the results with expectations.
      func checkProxyConfig(ctx context.Context, endpointURL *url.URL, noProxy string, clientWithProxy, clientWithoutProxy *http.Client) error {
      withProxyErr := isEndpointReachable(ctx, endpointURL.String(), clientWithProxy)
      withoutProxyErr := isEndpointReachable(ctx, endpointURL.String(), clientWithoutProxy)
      noProxyMatchesEndpoint := parseNoProxy(noProxy).matches(canonicalAddr(endpointURL))

      if noProxyMatchesEndpoint && withoutProxyErr != nil {
      if withProxyErr == nil

      { return fmt.Errorf("failed to reach endpoint(%q) found in NO_PROXY(%q) with error: %v", endpointURL.String(), noProxy, withoutProxyErr) }

      return fmt.Errorf("endpoint(%q) found in NO_PROXY(%q) is unreachable with proxy(%v) and without proxy(%v)", endpointURL.String(), noProxy, withProxyErr, withoutProxyErr)
      }

      if !noProxyMatchesEndpoint && withProxyErr != nil {
      if withoutProxyErr == nil

      { return fmt.Errorf("failed to reach endpoint(%q) missing in NO_PROXY(%q) with error: %v", endpointURL.String(), noProxy, withProxyErr) }

      return fmt.Errorf("endpoint(%q) is unreachable with proxy(%v) and without proxy(%v)", endpointURL.String(), withProxyErr, withoutProxyErr)
      }

      return nil
      }

      3. Why does the customer need this? (List the business requirements here)

      Customer setting  no proxy and  want to understand why apiserver is making those calls and how to instruct it not to use proxy and call oauth-openshift.apps endpoints directly?

      4. List any affected packages or components.

       

      Authentication-operator ignores noproxy settings defined in the cluster-wide proxy

            anachand Anandnatraj Chandramohan (Inactive)
            rhn-support-imm Immanuvel M (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: