From 71152d55d00f2387b4abd0ef6c3559687eeb3550 Mon Sep 17 00:00:00 2001 From: Fernando Royo Date: Wed, 23 Oct 2024 17:53:29 +0200 Subject: [PATCH] Add configurable httpd timeout This patch adds an apiTimeout field to the OctaviaSpecCore to the already OctaviaSpec one to allow configure the timeouts for HAProxy and Apache. Also fixing *core* API spec version of the new GetDefaultRouteAnnotations function. Jira: https://issues.redhat.com/browse/OSPRH-6713 --- .../octavia.openstack.org_octaviaapis.yaml | 3 ++ api/v1beta1/octavia_webhook.go | 31 +++++++++++++++++-- api/v1beta1/octaviaapi_types.go | 5 +++ .../octavia.openstack.org_octaviaapis.yaml | 3 ++ .../bases/octavia.openstack.org_octavias.yaml | 3 ++ controllers/octaviaapi_controller.go | 1 + templates/octaviaapi/config/httpd.conf | 2 ++ 7 files changed, 45 insertions(+), 3 deletions(-) diff --git a/api/bases/octavia.openstack.org_octaviaapis.yaml b/api/bases/octavia.openstack.org_octaviaapis.yaml index a7fad9ca..5dd5352a 100644 --- a/api/bases/octavia.openstack.org_octaviaapis.yaml +++ b/api/bases/octavia.openstack.org_octaviaapis.yaml @@ -48,6 +48,9 @@ spec: spec: description: OctaviaAPISpec defines the desired state of OctaviaAPI properties: + apiTimeout: + description: Octavia API timeout + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/api/v1beta1/octavia_webhook.go b/api/v1beta1/octavia_webhook.go index fa43cd7f..cc0d5ab9 100644 --- a/api/v1beta1/octavia_webhook.go +++ b/api/v1beta1/octavia_webhook.go @@ -198,9 +198,34 @@ func (r *Octavia) ValidateDelete() (admission.Warnings, error) { return nil, nil } -func (spec *OctaviaSpec) GetDefaultRouteAnnotations() (annotations map[string]string) { - annotations = map[string]string{ +func (spec *OctaviaAPISpecCore) GetDefaultRouteAnnotations() (annotations map[string]string) { + return map[string]string{ "haproxy.router.openshift.io/timeout": octaviaDefaults.OctaviaAPIRouteTimeout, } - return +} + +// SetDefaultRouteAnnotations sets HAProxy timeout values of the route +func (octaviaAPI *OctaviaAPISpecCore) SetDefaultRouteAnnotations(annotations map[string]string) { + const haProxyAnno = "haproxy.router.openshift.io/timeout" + // Use a custom annotation to flag when the operator has set the default HAProxy timeout + // With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout + const octaviaAnno = "api.octavia.openstack.org/timeout" + + valOctavia, okOctavia := annotations[octaviaAnno] + valHAProxy, okHAProxy := annotations[haProxyAnno] + + // Human operator set the HAProxy timeout manually + if !okOctavia && okHAProxy { + return + } + + // Human operator modified the HAProxy timeout manually without removing the Octavia flag + if okOctavia && okHAProxy && valOctavia != valHAProxy { + delete(annotations, octaviaAnno) + return + } + + timeout := fmt.Sprintf("%ds", octaviaAPI.APITimeout) + annotations[octaviaAnno] = timeout + annotations[haProxyAnno] = timeout } diff --git a/api/v1beta1/octaviaapi_types.go b/api/v1beta1/octaviaapi_types.go index 2323590e..df4e3eac 100644 --- a/api/v1beta1/octaviaapi_types.go +++ b/api/v1beta1/octaviaapi_types.go @@ -141,6 +141,11 @@ type OctaviaAPISpecCore struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // TLS - Parameters related to the TLS TLS OctaviaApiTLS `json:"tls,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=1 + // APITimeout for HAProxy and Apache defaults to OctaviaSpecCore APITimeout + APITimeout int `json:"apiTimeout,omitempty"` } type OctaviaApiTLS struct { diff --git a/config/crd/bases/octavia.openstack.org_octaviaapis.yaml b/config/crd/bases/octavia.openstack.org_octaviaapis.yaml index a7fad9ca..5dd5352a 100644 --- a/config/crd/bases/octavia.openstack.org_octaviaapis.yaml +++ b/config/crd/bases/octavia.openstack.org_octaviaapis.yaml @@ -48,6 +48,9 @@ spec: spec: description: OctaviaAPISpec defines the desired state of OctaviaAPI properties: + apiTimeout: + description: Octavia API timeout + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/config/crd/bases/octavia.openstack.org_octavias.yaml b/config/crd/bases/octavia.openstack.org_octavias.yaml index 359d8fdc..b2d46e66 100644 --- a/config/crd/bases/octavia.openstack.org_octavias.yaml +++ b/config/crd/bases/octavia.openstack.org_octavias.yaml @@ -150,6 +150,9 @@ spec: description: OctaviaAPI - Spec definition for the API service of the Octavia deployment properties: + apiTimeout: + description: Octavia API timeout + type: string containerImage: description: Octavia Container Image URL type: string diff --git a/controllers/octaviaapi_controller.go b/controllers/octaviaapi_controller.go index 782c4d93..d0330720 100644 --- a/controllers/octaviaapi_controller.go +++ b/controllers/octaviaapi_controller.go @@ -984,6 +984,7 @@ func (r *OctaviaAPIReconciler) generateServiceSecrets( endptConfig := map[string]interface{}{} endptConfig["ServerName"] = fmt.Sprintf("%s-%s.%s.svc", octavia.ServiceName, endpt.String(), instance.Namespace) endptConfig["TLS"] = false // default TLS to false, and set it bellow to true if enabled + endptConfig["TimeOut"] = instance.Spec.APITimeout if instance.Spec.TLS.API.Enabled(endpt) { endptConfig["TLS"] = true endptConfig["SSLCertificateFile"] = fmt.Sprintf("/etc/pki/tls/certs/%s.crt", endpt.String()) diff --git a/templates/octaviaapi/config/httpd.conf b/templates/octaviaapi/config/httpd.conf index 45f233f9..c0a2e797 100644 --- a/templates/octaviaapi/config/httpd.conf +++ b/templates/octaviaapi/config/httpd.conf @@ -35,6 +35,8 @@ CustomLog /dev/stdout proxy env=forwarded CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded + TimeOut {{ $vhost.TimeOut }} + {{- if $vhost.TLS }} SetEnvIf X-Forwarded-Proto https HTTPS=1