diff --git a/api/bases/octavia.openstack.org_octaviaapis.yaml b/api/bases/octavia.openstack.org_octaviaapis.yaml index a7fad9ca..13584f8c 100644 --- a/api/bases/octavia.openstack.org_octaviaapis.yaml +++ b/api/bases/octavia.openstack.org_octaviaapis.yaml @@ -48,6 +48,10 @@ spec: spec: description: OctaviaAPISpec defines the desired state of OctaviaAPI properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/api/bases/octavia.openstack.org_octavias.yaml b/api/bases/octavia.openstack.org_octavias.yaml index 359d8fdc..115d7fbf 100644 --- a/api/bases/octavia.openstack.org_octavias.yaml +++ b/api/bases/octavia.openstack.org_octavias.yaml @@ -150,6 +150,10 @@ spec: description: OctaviaAPI - Spec definition for the API service of the Octavia deployment properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/api/v1beta1/octavia_webhook.go b/api/v1beta1/octavia_webhook.go index fa43cd7f..cc7c04aa 100644 --- a/api/v1beta1/octavia_webhook.go +++ b/api/v1beta1/octavia_webhook.go @@ -198,9 +198,34 @@ func (r *Octavia) ValidateDelete() (admission.Warnings, error) { return nil, nil } -func (spec *OctaviaSpec) GetDefaultRouteAnnotations() (annotations map[string]string) { - annotations = map[string]string{ +func (spec *OctaviaAPISpecCore) GetDefaultRouteAnnotations() (annotations map[string]string) { + return map[string]string{ "haproxy.router.openshift.io/timeout": octaviaDefaults.OctaviaAPIRouteTimeout, } - return +} + +// SetDefaultRouteAnnotations sets HAProxy timeout values of the route +func (octaviaAPI *OctaviaAPISpecCore) SetDefaultRouteAnnotations(annotations map[string]string) { + const haProxyAnno = "haproxy.router.openshift.io/timeout" + // Use a custom annotation to flag when the operator has set the default HAProxy timeout + // With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout + const octaviaAnno = "api.octavia.openstack.org/timeout" + + valOctavia, okOctavia := annotations[octaviaAnno] + valHAProxy, okHAProxy := annotations[haProxyAnno] + + // Human operator set the HAProxy timeout manually + if !okOctavia && okHAProxy { + return + } + + // Human operator modified the HAProxy timeout manually without removing the Octavia flag + if okOctavia && okHAProxy && valOctavia != valHAProxy { + delete(annotations, octaviaAnno) + return + } + + timeout := octaviaAPI.APITimeout + "s" + annotations[octaviaAnno] = timeout + annotations[haProxyAnno] = timeout } diff --git a/api/v1beta1/octaviaapi_types.go b/api/v1beta1/octaviaapi_types.go index 2323590e..88d74cf7 100644 --- a/api/v1beta1/octaviaapi_types.go +++ b/api/v1beta1/octaviaapi_types.go @@ -141,6 +141,10 @@ type OctaviaAPISpecCore struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // TLS - Parameters related to the TLS TLS OctaviaApiTLS `json:"tls,omitempty"` + + // +kubebuilder:validation:Optional + // APITimeout for HAProxy and Apache defaults to OctaviaSpecCore APITimeout (seconds) + APITimeout string `json:"apiTimeout,omitempty"` } type OctaviaApiTLS struct { diff --git a/config/crd/bases/octavia.openstack.org_octaviaapis.yaml b/config/crd/bases/octavia.openstack.org_octaviaapis.yaml index a7fad9ca..13584f8c 100644 --- a/config/crd/bases/octavia.openstack.org_octaviaapis.yaml +++ b/config/crd/bases/octavia.openstack.org_octaviaapis.yaml @@ -48,6 +48,10 @@ spec: spec: description: OctaviaAPISpec defines the desired state of OctaviaAPI properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/config/crd/bases/octavia.openstack.org_octavias.yaml b/config/crd/bases/octavia.openstack.org_octavias.yaml index 359d8fdc..115d7fbf 100644 --- a/config/crd/bases/octavia.openstack.org_octavias.yaml +++ b/config/crd/bases/octavia.openstack.org_octavias.yaml @@ -150,6 +150,10 @@ spec: description: OctaviaAPI - Spec definition for the API service of the Octavia deployment properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/controllers/octaviaapi_controller.go b/controllers/octaviaapi_controller.go index 782c4d93..d0330720 100644 --- a/controllers/octaviaapi_controller.go +++ b/controllers/octaviaapi_controller.go @@ -984,6 +984,7 @@ func (r *OctaviaAPIReconciler) generateServiceSecrets( endptConfig := map[string]interface{}{} endptConfig["ServerName"] = fmt.Sprintf("%s-%s.%s.svc", octavia.ServiceName, endpt.String(), instance.Namespace) endptConfig["TLS"] = false // default TLS to false, and set it bellow to true if enabled + endptConfig["TimeOut"] = instance.Spec.APITimeout if instance.Spec.TLS.API.Enabled(endpt) { endptConfig["TLS"] = true endptConfig["SSLCertificateFile"] = fmt.Sprintf("/etc/pki/tls/certs/%s.crt", endpt.String()) diff --git a/templates/octaviaapi/config/httpd.conf b/templates/octaviaapi/config/httpd.conf index d971bc17..e0693f25 100644 --- a/templates/octaviaapi/config/httpd.conf +++ b/templates/octaviaapi/config/httpd.conf @@ -36,6 +36,8 @@ ErrorLog /dev/stdout CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded + TimeOut {{ $vhost.TimeOut }} + {{- if $vhost.TLS }} SetEnvIf X-Forwarded-Proto https HTTPS=1