Describe the bug
We have a non-CSE cluster deployed in a network that doesn't allow direct connections to the VCD, instead we must use a HTTP/S proxy to connect. We have configured the vmware-cloud-director-ccm container to use the following configuration:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-config
namespace: kube-system
data:
HTTPS_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
HTTP_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
NO_PROXY: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
http_proxy: "http://<PROXY_IP_ADDRESS>:3128"
https_proxy: "http://<PROXY_IP_ADDRESS>:3128"
no_proxy: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
---
Logging the HTTP requests and responses with the VCD reveals that the container is talking to the VCD, for example successfully listing networks from the VCD until a specific query times out and the binary exits:
F0613 11:05:16.950898 1 main.go:75] Cloud provider could not be initialized: [could not init cloud provider "vmware-cloud-director": failed to create GatewayManager: [error caching gateway related details: [unable to get OVDC network [<NETWORK_NAME>]: [unable to get all ovdc networks: [<nil>]: [Get "https://<VCD_FQDN>/cloudapi/1.0.0/orgVdcNetworks?page=1&pageSize=32": dial tcp <VCD_IP>:443: connect: connection timed out]]]]]
Capturing traffic on the control plane node of the cluster with tcpdump reveals that most traffic going to the VCD does so via the HTTP/S proxy, but then something tries to send a SYN packet to the VCD directly a couple of minutes before the timeout, tries retransmission six times and never receives a reply packet.
Reproduction steps
Configure the vmware-cloud-director-ccm container to use an HTTP/S proxy in an environment where direct connections to the VCD are not available.
Expected behavior
All connections to the VCD to be made through the proxy.
Additional context
No response
Describe the bug
We have a non-CSE cluster deployed in a network that doesn't allow direct connections to the VCD, instead we must use a HTTP/S proxy to connect. We have configured the vmware-cloud-director-ccm container to use the following configuration:
Logging the HTTP requests and responses with the VCD reveals that the container is talking to the VCD, for example successfully listing networks from the VCD until a specific query times out and the binary exits:
Capturing traffic on the control plane node of the cluster with tcpdump reveals that most traffic going to the VCD does so via the HTTP/S proxy, but then something tries to send a SYN packet to the VCD directly a couple of minutes before the timeout, tries retransmission six times and never receives a reply packet.
Reproduction steps
Configure the vmware-cloud-director-ccm container to use an HTTP/S proxy in an environment where direct connections to the VCD are not available.
Expected behavior
All connections to the VCD to be made through the proxy.
Additional context
No response