Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API call supposed to be sent through proxy is being sent directly to VCD #260

Open
LauriMikkola opened this issue Jun 13, 2023 · 2 comments
Open

API call supposed to be sent through proxy is being sent directly to VCD #260

LauriMikkola opened this issue Jun 13, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@LauriMikkola
Copy link

Describe the bug

We have a non-CSE cluster deployed in a network that doesn't allow direct connections to the VCD, instead we must use a HTTP/S proxy to connect. We have configured the vmware-cloud-director-ccm container to use the following configuration:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: proxy-config
  namespace: kube-system
data:
  HTTPS_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
  HTTP_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
  NO_PROXY: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
  http_proxy: "http://<PROXY_IP_ADDRESS>:3128"
  https_proxy: "http://<PROXY_IP_ADDRESS>:3128"
  no_proxy: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
---

Logging the HTTP requests and responses with the VCD reveals that the container is talking to the VCD, for example successfully listing networks from the VCD until a specific query times out and the binary exits:

F0613 11:05:16.950898       1 main.go:75] Cloud provider could not be initialized: [could not init cloud provider "vmware-cloud-director": failed to create GatewayManager: [error caching gateway related details: [unable to get OVDC network [<NETWORK_NAME>]: [unable to get all ovdc networks: [<nil>]: [Get "https://<VCD_FQDN>/cloudapi/1.0.0/orgVdcNetworks?page=1&pageSize=32": dial tcp <VCD_IP>:443: connect: connection timed out]]]]]

Capturing traffic on the control plane node of the cluster with tcpdump reveals that most traffic going to the VCD does so via the HTTP/S proxy, but then something tries to send a SYN packet to the VCD directly a couple of minutes before the timeout, tries retransmission six times and never receives a reply packet.

Reproduction steps

Configure the vmware-cloud-director-ccm container to use an HTTP/S proxy in an environment where direct connections to the VCD are not available.

Expected behavior

All connections to the VCD to be made through the proxy.

Additional context

No response
@LauriMikkola LauriMikkola added the bug Something isn't working label Jun 13, 2023
@ltimothy7
Copy link
Contributor

Hi @LauriMikkola
Which CCM version are you using? You can determine this by doing kubectl describe po
Additionally, would you please share if there are any instructions you are using to specify the proxy configurations for CCM?

Thank you

@ltimothy7
Copy link
Contributor

Hi @LauriMikkola
Let us know if you have any updates; otherwise, we can close this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ltimothy7 @LauriMikkola