kayobe

Traffic to internal VIP can go through proxy

Bug #2087556 reported by Pierre Riteau
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kayobe
Fix Released
Undecided
Unassigned
Antelope
Fix Released
Undecided
Unassigned
Bobcat
Fix Released
Undecided
Unassigned
Caracal
Fix Released
Undecided
Unassigned
Dalmatian
Fix Released
Undecided
Unassigned

Bug Description

When running API requests from a host configured with kayobe, traffic destined for the internal VIP is sent via the default proxy.

This can be a security issue if not using TLS as the proxy will be able to intercept the traffic. This is considered a minor issue as traffic between containers will not use the proxy by default.

OpenStack Infra (hudson-openstack)
Changed in kayobe:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (master)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/922787
Committed: https://opendev.org/openstack/kayobe/commit/6fb47e2193d912f85c977923ba0e06aea9d6c689
Submitter: "Zuul (22348)"
Branch: master

commit 6fb47e2193d912f85c977923ba0e06aea9d6c689
Author: Michal Nasiadka <email address hidden>
Date: Wed Jun 26 09:58:16 2024 +0200

    Add internal VIP address to no_proxy

    Change-Id: I7a9aa9abf611cdaa47cc91f40a6753f23a7f187e
    Closes-Bug: #2087556

Changed in kayobe:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/kayobe/+/934729

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/kayobe/+/934730

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/kayobe/+/934731

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/934729
Committed: https://opendev.org/openstack/kayobe/commit/4e07e042b74ba6c97ea921987021cf9030aac0ba
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 4e07e042b74ba6c97ea921987021cf9030aac0ba
Author: Michal Nasiadka <email address hidden>
Date: Wed Jun 26 09:58:16 2024 +0200

    Add internal VIP address to no_proxy

    Change-Id: I7a9aa9abf611cdaa47cc91f40a6753f23a7f187e
    Closes-Bug: #2087556
    (cherry picked from commit 6fb47e2193d912f85c977923ba0e06aea9d6c689)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/934730
Committed: https://opendev.org/openstack/kayobe/commit/715b4b93f87cc5ea733868b5036852513a638dcf
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 715b4b93f87cc5ea733868b5036852513a638dcf
Author: Michal Nasiadka <email address hidden>
Date: Wed Jun 26 09:58:16 2024 +0200

    Add internal VIP address to no_proxy

    Change-Id: I7a9aa9abf611cdaa47cc91f40a6753f23a7f187e
    Closes-Bug: #2087556
    (cherry picked from commit 6fb47e2193d912f85c977923ba0e06aea9d6c689)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/934731
Committed: https://opendev.org/openstack/kayobe/commit/d182f3344dd4654af3935e84221b22364ac08472
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit d182f3344dd4654af3935e84221b22364ac08472
Author: Michal Nasiadka <email address hidden>
Date: Wed Jun 26 09:58:16 2024 +0200

    Add internal VIP address to no_proxy

    Change-Id: I7a9aa9abf611cdaa47cc91f40a6753f23a7f187e
    Closes-Bug: #2087556
    (cherry picked from commit 6fb47e2193d912f85c977923ba0e06aea9d6c689)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 17.0.0.0rc1

This issue was fixed in the openstack/kayobe 17.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 2023.1-eom

This issue was fixed in the openstack/kayobe 2023.1-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 15.6.0

This issue was fixed in the openstack/kayobe 15.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 16.3.0

This issue was fixed in the openstack/kayobe 16.3.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.