foundation agent need inbound network available which break ocm pull mode design

[huxiaoliang]

Problem:

I follow the guide to make foundation-hub and foundation-agent get deployed and all related pods state in Runnning , I noticed that foundation-agent depends on inbound network agent-address so that hub cluster access to managed cluster directly, this behavior break ocm pull mode, in the most of case, the managed cluster doesn't have inbound network, such as the managed k8s cluster placed in private IDC.

Due to above problem, the api to get container log from managed cluster doesn't work as well, could you please take a look this issue and clarify, thanks in advance.

curl -sk -H "Authorization: Bearer $TOKEN" -H "Content-Type:application/json"  https://127.0.0.1:32768/apis/proxy.open-cluster-management.io/v1beta1/namespaces/cluster1/clusterstatuses/cluster1/log/open-cluster-management/klusterlet-registry-server-6b4f866fcd-wl8sc/klusterlet-registry-server
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "error trying to reach service: dial tcp: lookup foundation-agent.open-cluster-management-agent.svc on 10.96.0.10:53: no such host",
  "code": 500
}

[qiujian16]

Thanks. This is currently by design...since we do not want to save logs from clusters on the hub. I would certainly like to know if there are other techniques for log collection that we can leverage.