Increase ACME client HTTP timeout to 90s

This is the final part of implementing #5214 This timeout is shorter than the 2 minute timeout we increased controllers to - that's because we'd generally expect that controller sync loops would need to do additional actions before and after making HTTP requests. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
cert-manager · Jun 20, 2022 · 08379b2 · 08379b2
1 parent 03aff7e
commit 08379b2
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/pkg/acme/accounts/client.go b/pkg/acme/accounts/client.go
@@ -32,6 +32,13 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/metrics"
 )
 
+const (
+	// defaultACMEHTTPTimeout sets the default maximum time that an individual HTTP request can take when doing ACME operations.
+	// Note that there may be other timeouts - e.g. dial timeouts or TLS handshake timeouts - which will be smaller than this. This
+	// timeout is the overall timeout for the entire request.
+	defaultACMEHTTPTimeout = time.Second * 90
+)
+
 // NewClientFunc is a function type for building a new ACME client.
 type NewClientFunc func(*http.Client, cmacme.ACMEIssuer, *rsa.PrivateKey, string) acmecl.Interface
 
@@ -70,6 +77,6 @@ func BuildHTTPClient(metrics *metrics.Metrics, skipTLSVerify bool) *http.Client
 				TLSHandshakeTimeout:   10 * time.Second,
 				ExpectContinueTimeout: 1 * time.Second,
 			},
-			Timeout: time.Second * 30,
+			Timeout: defaultACMEHTTPTimeout,
 		})
 }