Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec #2102

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec #2102

wants to merge 2 commits into from

Conversation

frobware
Copy link
Contributor

@frobware frobware commented Nov 18, 2024
edited
Loading

Introduce a new knob, IdleConnectionTerminationPolicy, in the IngressController configuration to control how idle connections are handled during router reloads.

Context

In OCPBUGS-32044, the idle-close-on-response option was unconditionally added to the HAProxy confuguration to address issues with incoming HTTP requests failing during router reloads. This issue primarily affected Apache HTTPClient versions prior to 5.0, which do not gracefully handle connection resets. Adding the option ensured that idle connections were left open to handle one final request before being closed.

Historically, HAProxy 2.2 maintained idle connections during router reloads by default, allowing requests on those connections to complete even when routing configuration changes were applied. Starting with HAProxy 2.4, the default behaviour changed to close idle connections immediately during soft reloads.

To accommodate existing clients dependent on the HAProxy 2.2 behaviour, the unconditional addition of idle-close-on-response restored the previous OpenShift status quo, where customers upgrading their OpenShift clusters experienced a behaviour change due to the jump from HAProxy 2.2 to 2.6, which altered the default handling of idle connections during router reloads.

However, unconditionally enabling idle-close-on-response has now led to issues (OCPBUGS-43745) with Route backend switching. When a Route switches its service backend, requests on persistent connections could continue being routed to the previously active backend due to HAProxy handling these connections in the old process. This behaviour occurs until the connection is closed, either by a new request, the expiration of the client keep-alive, or the expiration of the HAProxy timeout http-keep-alive 300s. While this behaviour is desirable in some cases (e.g., for clients sensitive to connection resets), it can lead to temporary inconsistencies and unexpected routing behaviour during backend switching.

This PR addresses these regressions by making the behaviour configurable through a new knob.

Changes

  • Add a new knob, IdleConnectionTerminationPolicy, to the IngressController configuration.
  • Provide two modes:
    • Immediate: Closes idle connections immediately during router reloads.
    • Deferred: Maintains idle connections during router reloads.

Behavioural Differences

  • Immediate (New Default in OpenShift 4.19+):

    • Closes idle connections immediately during router reloads.
    • Ensures immediate propagation of route changes.
    • May reset connections for clients sensitive to connection interruptions.

  • Deferred (Default for backports to 4.14–4.18):

    • Keeps idle connections open until a terminating event, such as:
      • A new request on the connection (handled by the old HAProxy process).
      • Expiration of haproxy timeout http-keep-alive (300 seconds in OpenShift).
      • The client closing the connection.
    • Restores pre-2.4 HAProxy behaviour for idle connection handling.
    • May cause temporary inconsistencies during the first request on a persistent connection after a reload.
    • Can lead to resource accumulation if connections remain idle for extended periods, especially with frequent reloads.

References:

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 18, 2024

Hello @frobware! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

@openshift-ci openshift-ci bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 18, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 18, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: frobware
Once this PR has been reviewed and has the lgtm label, please assign sjenning for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@frobware frobware force-pushed the OCPBUGS-43745-idle-close-on-response branch from e70b743 to 41b507e Compare November 18, 2024 16:28
@frobware frobware marked this pull request as draft November 18, 2024 16:44
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 18, 2024
@frobware frobware changed the title OCPBUGS 43745 idle close on response OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec Nov 18, 2024
@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Nov 18, 2024
@openshift-ci-robot
Copy link

@frobware: This pull request references Jira Issue OCPBUGS-43745, which is invalid:

  • expected the bug to target the "4.18.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

  • OCPBUGS-43745: make generate-with-container
  • OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerTuningOptions

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@frobware frobware force-pushed the OCPBUGS-43745-idle-close-on-response branch from 41b507e to 162d02c Compare November 18, 2024 16:50
@frobware frobware mentioned this pull request Nov 18, 2024
Closed
@frobware
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot
Copy link

@frobware: This pull request references Jira Issue OCPBUGS-43745, which is invalid:

  • expected the bug to target either version "4.18." or "openshift-4.18.", but it targets "4.19.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@frobware frobware force-pushed the OCPBUGS-43745-idle-close-on-response branch from 162d02c to 708ac88 Compare November 19, 2024 09:26
@frobware
OCPBUGS-43745: make generate-with-container
b400d0e
@frobware
OCPBUGS-43745: v1/types_ingress: add IdleConnectionTerminationPolicy
84689bf 
Add an `IdleConnectionTerminationPolicy` field to control whether
HAProxy keeps idle frontend connections open during a soft stop (router
reload). Allow users to prevent errors in clients or load balancers that
do not properly handle connection resets.
@frobware frobware force-pushed the OCPBUGS-43745-idle-close-on-response branch from 708ac88 to 84689bf Compare November 19, 2024 10:15
@frobware frobware mentioned this pull request Nov 19, 2024
Open
frobware added a commit to frobware/cluster-ingress-operator that referenced this pull request Nov 19, 2024
@frobware
DO NOT MERGE: github.com/openshift/api vendor bump
8868ce7 
Pickup openshift/api#2102

% go mod edit -replace github.com/openshift/api=github.com/frobware/api@84689bf6752251547541a87d3cfb891f9c6add29
% go mod tidy
% go mod vendor
@frobware frobware mentioned this pull request Nov 20, 2024
Open
@frobware frobware marked this pull request as ready for review November 21, 2024 07:40
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 21, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 21, 2024

@frobware: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/integration 84689bf link true /test integration

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

JoelSpeed
JoelSpeed reviewed Nov 28, 2024
View reviewed changes
Copy link
Contributor

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I follow why backports would set the default to Deferred rather than Immediate, if the change in behaviour has already been made as of 4.14 (HAProxy 2.2 to 2.4), doesn't this break a change that was done a while back? What did I miss?

operator/v1/types_ingress.go
@@ -258,6 +258,74 @@ type IngressControllerSpec struct {
//
// +optional
HTTPCompression HTTPCompressionPolicy `json:"httpCompression,omitempty"`

// IdleConnectionTerminationPolicy maps directly to HAProxy's
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit, godoc should start with the serialised version of the string. We do this so that oc explain looks correct

operator/v1/types_ingress.go
// frequent reloads to prevent resource exhaustion.
//
// +optional
// +kubebuilder:default:="Immediate"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So that OpenAPI also has the default

Suggested change
// +kubebuilder:default:="Immediate"
// +kubebuilder:default:="Immediate"
// +default="Immediate"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed left review comments

@bparees bparees Awaiting requested review from bparees

@knobunc knobunc Awaiting requested review from knobunc

Assignees
No one assigned
Labels
jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frobware @openshift-ci-robot @JoelSpeed