Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status #673

Merged
merged 1 commit into from Oct 15, 2021
Merged

Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status #673

merged 1 commit into from Oct 15, 2021

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #627

/assign palonsoro

@palonsoro
pkg/cvo/egress: Load HTTPS proxy from Proxy status
2ba3021 
Since 4.2's ea5e3bc (Add http transport for cincinnati to enable
proxy, 2019-07-16, openshift#219), the CVO has been loading proxy config from
the spec property.  We should be loading from status instead, so we
benefit from the network operator's validation.  Risk is small,
because unlike some other in-cluster components, the CVO is unlikely
to break things if it is temporarily consuming a broken proxy
configuration.

This is similar to c9fab43 (pkg/cvo: Fetch proxy CA certs from
openshift-config-managed/trusted-ca-bundle, 2020-01-31, openshift#311), where
we moved our trusted CA source from the user-configured ConfigMap to
the network-operator-validated ConfigMap.
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Oct 14, 2021
Merged
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 14, 2021

@openshift-cherrypick-robot: Bugzilla bug 1980411 has been cloned as Bugzilla bug 2014170. Retitling PR to link against new bug.
/retitle [release-4.6] Bug 2014170: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status

In response to this:

[release-4.6] Bug 1980411: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot changed the title [release-4.6] Bug 1980411: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status [release-4.6] Bug 2014170: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status Oct 14, 2021
@openshift-ci openshift-ci bot added bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Oct 14, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 14, 2021

@openshift-cherrypick-robot: This pull request references Bugzilla bug 2014170, which is invalid:

  • expected dependent Bugzilla bug 1980411 to target a release in 4.7.0, 4.7.z, but it targets "4.8.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.6] Bug 2014170: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@palonsoro
Copy link

/retitle Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status

@openshift-ci openshift-ci bot changed the title [release-4.6] Bug 2014170: [release-4.8] pkg/cvo/egress: Load HTTPS proxy from Proxy status Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status Oct 14, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 14, 2021

@openshift-cherrypick-robot: This pull request references Bugzilla bug 2014165, which is invalid:

  • expected dependent Bugzilla bug 2014170 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is NEW instead
  • expected dependent Bugzilla bug 2014170 to target a release in 4.7.0, 4.7.z, but it targets "4.6.z" instead
  • expected dependent Bugzilla bug 1980411 to target a release in 4.7.0, 4.7.z, but it targets "4.8.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@palonsoro
Copy link

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 14, 2021

@palonsoro: This pull request references Bugzilla bug 2014165, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.z) matches configured target release for branch (4.6.z)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 2007674 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
  • dependent Bugzilla bug 2007674 targets the "4.7.z" release, which is one of the valid target releases: 4.7.0, 4.7.z
  • bug has dependents

Requesting review from QA contact:
/cc @jianlinliu

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Oct 14, 2021
wking
wking approved these changes Oct 14, 2021
View reviewed changes
Copy link
Member

@wking wking left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 14, 2021
@LalatenduMohanty
Copy link
Member

/backport-risk-assessed

@LalatenduMohanty
Copy link
Member

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Oct 15, 2021
@jianlinliu
Copy link

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Oct 15, 2021
@jianlinliu
Copy link

/lgtm

@jianlinliu
Copy link

/bugzilla cc-qa

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 15, 2021

@jianlinliu: This pull request references Bugzilla bug 2014165, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.z) matches configured target release for branch (4.6.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 2007674 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
  • dependent Bugzilla bug 2007674 targets the "4.7.z" release, which is one of the valid target releases: 4.7.0, 4.7.z
  • bug has dependents

Requesting review from QA contact:
/cc @jianlinliu

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 15, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jianlinliu, openshift-cherrypick-robot, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jianlinliu
Copy link 

Verified this bug with pre-merge build, and PASS

[root@preserve-jialiu-ansible ~]# oc get co network
NAME      VERSION                                                  AVAILABLE   PROGRESSING   DEGRADED   SINCE
network   4.6.0-0.ci.test-2021-10-15-022413-ci-ln-blf1xq2-latest   True        False         False      98m

[root@preserve-jialiu-ansible ~]# oc patch proxies.config.openshift.io/cluster --patch '{"spec":{"httpProxy":"testing"}}' --type=merge
proxy.config.openshift.io/cluster patched

[root@preserve-jialiu-ansible ~]# oc patch proxies.config.openshift.io/cluster --patch '{"spec":{"httpsProxy":"testing"}}' --type=merge
proxy.config.openshift.io/cluster patched

[root@preserve-jialiu-ansible ~]# oc get proxies.config.openshift.io cluster -o json
{
    "apiVersion": "config.openshift.io/v1",
    "kind": "Proxy",
    "metadata": {
        "creationTimestamp": "2021-10-15T02:55:49Z",
        "generation": 3,
        "name": "cluster",
        "resourceVersion": "49092",
        "selfLink": "/apis/config.openshift.io/v1/proxies/cluster",
        "uid": "3b8e2941-c109-4021-8b2d-7f79df800dc1"
    },
    "spec": {
        "httpProxy": "testing",
        "httpsProxy": "testing",
        "noProxy": "test.no-proxy.com",
        "trustedCA": {
            "name": ""
        }
    },
    "status": {
        "httpProxy": "http://proxy-user1:xxxx@ec2-18-119-134-28.us-east-2.compute.amazonaws.com:3128",
        "httpsProxy": "http://proxy-user1:xxxxx@ec2-18-119-134-28.us-east-2.compute.amazonaws.com:3128",
        "noProxy": ".cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.jialiu46.qe.devcluster.openshift.com,etcd-0.jialiu46.qe.devcluster.openshift.com,etcd-1.jialiu46.qe.devcluster.openshift.com,etcd-2.jialiu46.qe.devcluster.openshift.com,localhost,test.no-proxy.com"
    }
}


[root@preserve-jialiu-ansible ~]# oc get co network
NAME      VERSION                                                  AVAILABLE   PROGRESSING   DEGRADED   SINCE
network   4.6.0-0.ci.test-2021-10-15-022413-ci-ln-blf1xq2-latest   True        False         True       101m


[root@preserve-jialiu-ansible ~]# oc describe co network
Name:         network
Namespace:    
Labels:       <none>
Annotations:  network.operator.openshift.io/last-seen-state: {"DaemonsetStates":[],"DeploymentStates":[]}
API Version:  config.openshift.io/v1
Kind:         ClusterOperator
<--snip-->
Status:
  Conditions:
    Last Transition Time:  2021-10-15T04:45:24Z
    Message:               The configuration is invalid for proxy 'cluster' (invalid httpProxy URI: parse "testing": invalid URI for request). Use 'oc edit proxy.config.openshift.io cluster' to fix.
    Reason:                InvalidProxyConfig
    Status:                True
    Type:                  Degraded
    Last Transition Time:  2021-10-15T03:03:46Z
    Status:                True
    Type:                  Upgradeable
    Last Transition Time:  2021-10-15T03:15:19Z
    Status:                False
    Type:                  Progressing
    Last Transition Time:  2021-10-15T03:04:42Z
    Status:                True
    Type:                  Available
  Extension:               <nil>
<--snip-->

[root@preserve-jialiu-ansible ~]# oc adm upgrade
Cluster version is 4.6.0-0.ci.test-2021-10-15-022413-ci-ln-blf1xq2-latest

Upstream: https://api.openshift.com/api/upgrades_info/v1/graph
Channel: stable-4.6
warning: Cannot display available updates:
  Reason: VersionNotFound
  Message: Unable to retrieve available updates: currently reconciling cluster version 4.6.0-0.ci.test-2021-10-15-022413-ci-ln-blf1xq2-latest not found in the "stable-4.6" channel

CVO does not complain about the proxy URI, using status for that.

@sdodson sdodson added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 15, 2021
@openshift-merge-robot openshift-merge-robot merged commit 4a67954 into openshift:release-4.6 Oct 15, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 15, 2021

@openshift-cherrypick-robot: All pull requests linked via external trackers have merged:

Bugzilla bug 2014165 has been moved to the MODIFIED state.

In response to this:

Bug 2014165: pkg/cvo/egress: Load HTTPS proxy from Proxy status

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wking wking wking approved these changes

@jottofar jottofar Awaiting requested review from jottofar

@vrutkovs vrutkovs Awaiting requested review from vrutkovs

@jianlinliu jianlinliu Awaiting requested review from jianlinliu

Assignees

@wking wking

@palonsoro palonsoro

@jianlinliu jianlinliu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@openshift-cherrypick-robot @palonsoro @LalatenduMohanty @jianlinliu @wking @sdodson @openshift-merge-robot