From c656d3f9c1ff7f0646526d3681f7823e699ad03e Mon Sep 17 00:00:00 2001 From: Stephen Benjamin Date: Thu, 16 Jan 2020 15:02:13 -0500 Subject: [PATCH] proxy: use explicit list of platforms for metadata addresses The installer creates a manifest for proxy configuration, automatically adding specific addresses to NO_PROXY depending on the platform. One of those addresses is the metadata service, hosted at 169.254.169.254. The installer assumes this must be done for all platforms other than None of vSphere, whereas the cluster-network-operator has an explicit list of platforms: https://github.com/openshift/cluster-network-operator/blob/adaf257b4d63661726443ab2b059a9b4209a02d1/pkg/util/proxyconfig/no_proxy.go#L67-L69 When using a proxy with baremetal IPI, the installer adds this address, however when the CNO comes up, it does not, causing the rendered machine configs to differ, and installation to fail, with MCO reporting errors like: ``` pool master has not progressed to latest configuration: configuration status for pool master is empty: pool is degraded because nodes fail with "3 nodes are reporting degraded status on sync": "Node master-1 is reporting: \"machineconfig.machineconfiguration.openshift.io \\\"rendered-master-982b8698753da7e31b5f902aa4dc135e\\\" not found\"" ``` This needs a better, longer term solution to ensure the installer and CNO are not creating conflicting proxy objects, however as a short-term fix that is easily backportable to 4.3 to ensure proxies work on baremetal, this syncs the two lists between the installer and CNO. --- pkg/asset/manifests/proxy.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/asset/manifests/proxy.go b/pkg/asset/manifests/proxy.go index 0d60f43c1a1..46fa692c92f 100644 --- a/pkg/asset/manifests/proxy.go +++ b/pkg/asset/manifests/proxy.go @@ -15,9 +15,9 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" "github.com/openshift/installer/pkg/types/aws" + "github.com/openshift/installer/pkg/types/azure" "github.com/openshift/installer/pkg/types/gcp" - "github.com/openshift/installer/pkg/types/none" - "github.com/openshift/installer/pkg/types/vsphere" + "github.com/openshift/installer/pkg/types/openstack" ) var proxyCfgFilename = filepath.Join(manifestDir, "cluster-proxy-01-config.yaml") @@ -105,7 +105,7 @@ func (p *Proxy) Generate(dependencies asset.Parents) error { // createNoProxy combines user-provided & platform-specific values to create a comma-separated // list of unique NO_PROXY values. Platform values are: serviceCIDR, podCIDR, machineCIDR, // localhost, 127.0.0.1, api.clusterdomain, api-int.clusterdomain, etcd-idx.clusterdomain -// If platform is not vSphere or None add 169.254.169.254 to the list of NO_PROXY addresses. +// If platform is AWS, GCP, Azure, or OpenStack add 169.254.169.254 to the list of NO_PROXY addresses. // If platform is AWS, add ".ec2.internal" for region us-east-1 or for all other regions add // "..compute.internal" to the list of NO_PROXY addresses. We should not proxy // the instance metadata services: @@ -130,7 +130,10 @@ func createNoProxy(installConfig *installconfig.InstallConfig, network *Networki ) platform := installConfig.Config.Platform.Name() - if platform != vsphere.Name && platform != none.Name { + // FIXME: The cluster-network-operator duplicates this code in pkg/util/proxyconfig/no_proxy.go, + // if altering this list of platforms, you must ALSO alter the code in cluster-network-operator. + switch platform { + case aws.Name, gcp.Name, azure.Name, openstack.Name: set.Insert("169.254.169.254") }