Description
Describe the bug
We have a non-CSE cluster deployed in a network that doesn't allow direct connections to the VCD, instead we must use a HTTP/S proxy to connect. We have configured the vmware-cloud-director-ccm container to use the following configuration:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-config
namespace: kube-system
data:
HTTPS_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
HTTP_PROXY: "http://<PROXY_IP_ADDRESS>:3128"
NO_PROXY: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
http_proxy: "http://<PROXY_IP_ADDRESS>:3128"
https_proxy: "http://<PROXY_IP_ADDRESS>:3128"
no_proxy: "localhost,127.0.0.1,10.20.172.10,<CLUSTER-SERVICE-CIDR-BLOCK>"
---Logging the HTTP requests and responses with the VCD reveals that the container is talking to the VCD, for example successfully listing networks from the VCD until a specific query times out and the binary exits:
F0613 11:05:16.950898 1 main.go:75] Cloud provider could not be initialized: [could not init cloud provider "vmware-cloud-director": failed to create GatewayManager: [error caching gateway related details: [unable to get OVDC network [<NETWORK_NAME>]: [unable to get all ovdc networks: [<nil>]: [Get "https://<VCD_FQDN>/cloudapi/1.0.0/orgVdcNetworks?page=1&pageSize=32": dial tcp <VCD_IP>:443: connect: connection timed out]]]]]
Capturing traffic on the control plane node of the cluster with tcpdump reveals that most traffic going to the VCD does so via the HTTP/S proxy, but then something tries to send a SYN packet to the VCD directly a couple of minutes before the timeout, tries retransmission six times and never receives a reply packet.
Reproduction steps
Configure the vmware-cloud-director-ccm container to use an HTTP/S proxy in an environment where direct connections to the VCD are not available.
Expected behavior
All connections to the VCD to be made through the proxy.
Additional context
No response