OCPBUGS-66104: Update no_proxy list to include the AWS DNS resolver

[sadasu]

This well known IP is added as a second resolver when ClusterHostedDNS is enabled. Add it to the no_proxy list for all cases.

[openshift-ci-robot]

@sadasu: This pull request references Jira Issue OCPBUGS-66104, which is invalid:

• expected the bug to target the "4.21.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This well known IP is added as a second resolver when ClusterHostedDNS is enabled. Add it to the no_proxy list for all cases.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Adds AWS Route 53 resolver IP (169.254.169.253) to the no-proxy configuration for AWS clusters with cluster-hosted DNS. The implementation file updates the no_proxy assembly logic, while the test file introduces a helper function and new test cases to validate the behavior.

Changes

Cohort / File(s)	Summary
AWS Route 53 Resolver in no_proxy Configuration pkg/util/proxyconfig/no_proxy.go	Adds AWS Route 53 resolver IP (169.254.169.253) to the no_proxy set for AWS platform type, executed after determining region-specific internal host suffix. Includes documentation comments and AWS DNS concepts reference.
Cluster Hosted DNS Test Support pkg/util/proxyconfig/no_proxy_test.go	Introduces new test helper infraConfigWithClusterHostedDNS() for constructing AWS Infrastructure with ClusterHostedDNSType. Updates existing TestMergeUserSystemNoProxy test expectations to include cluster-hosted DNS IPs (169.254.169.253 and 169.254.169.254). Adds new test case validating proxy configuration behavior with AWS provider and ClusterHostedDNS.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Areas requiring extra attention:
  • Verify AWS Route 53 resolver IP (169.254.169.253) is correct and applied only when appropriate
  • Confirm ClusterHostedDNS feature behavior is correctly represented across all updated test expectations
  • Validate that DNS IP additions align between implementation and test assertions

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sadasu
Once this PR has been reviewed and has the lgtm label, please assign jcaamano for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/util/proxyconfig/no_proxy.go (1)

120-123: LGTM! AWS Route 53 resolver IP correctly added to no_proxy list.

The implementation correctly adds the AWS Route 53 resolver IP for all AWS installations, which aligns with the PR objective. The documentation link provides good context.

Optional: Consider refining the comment for clarity:

-			// Add AWS Route 53 resolver IP needs to be added to the no_proxy list for ClusterHostedDNS.
+			// AWS Route 53 resolver IP should be added to the no_proxy list for ClusterHostedDNS.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8bd3f1c and 632e615.

📒 Files selected for processing (2)

• pkg/util/proxyconfig/no_proxy.go (1 hunks)
• pkg/util/proxyconfig/no_proxy_test.go (10 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• pkg/util/proxyconfig/no_proxy.go
• pkg/util/proxyconfig/no_proxy_test.go

🔇 Additional comments (3)

pkg/util/proxyconfig/no_proxy_test.go (3)

83-108: LGTM! AWS-specific test helper appropriately structured.

The helper function correctly constructs Infrastructure config with ClusterHostedDNSType for testing AWS scenarios. The AWS-only implementation is appropriate since the Route 53 resolver feature is AWS-specific.

---

160-160: LGTM! Test expectations consistently updated across all AWS scenarios.

All AWS test cases now correctly expect both AWS metadata service IP (169.254.169.254) and Route 53 resolver IP (169.254.169.253) in the no_proxy list. The updates are consistent and comprehensive.

Also applies to: 182-182, 193-193, 204-204, 215-215, 226-226, 292-292, 303-303, 314-314

---

317-327: LGTM! New test case provides explicit ClusterHostedDNS coverage.

The test correctly validates that the AWS Route 53 resolver IP is included in the no_proxy list for ClusterHostedDNS scenarios, directly addressing the PR objective.

[openshift-ci]

@sadasu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	632e615	link	false	/test security
ci/prow/e2e-aws-ovn-upgrade-ipsec	632e615	link	true	/test e2e-aws-ovn-upgrade-ipsec
ci/prow/4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-upgrade	632e615	link	false	/test 4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-upgrade
ci/prow/e2e-metal-ipi-ovn-ipv6-ipsec	632e615	link	true	/test e2e-metal-ipi-ovn-ipv6-ipsec
ci/prow/e2e-metal-ipi-ovn-ipv6	632e615	link	true	/test e2e-metal-ipi-ovn-ipv6

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.