From 08379b216c1fb7999becd035ab7ac1bf03bf8fad Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Mon, 20 Jun 2022 13:26:46 +0100 Subject: [PATCH] Increase ACME client HTTP timeout to 90s This is the final part of implementing https://github.com/cert-manager/cert-manager/pull/5214 This timeout is shorter than the 2 minute timeout we increased controllers to - that's because we'd generally expect that controller sync loops would need to do additional actions before and after making HTTP requests. Signed-off-by: Ashley Davis --- pkg/acme/accounts/client.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/acme/accounts/client.go b/pkg/acme/accounts/client.go index 9bc41d43a01..b11f87b048e 100644 --- a/pkg/acme/accounts/client.go +++ b/pkg/acme/accounts/client.go @@ -32,6 +32,13 @@ import ( "github.com/cert-manager/cert-manager/pkg/metrics" ) +const ( + // defaultACMEHTTPTimeout sets the default maximum time that an individual HTTP request can take when doing ACME operations. + // Note that there may be other timeouts - e.g. dial timeouts or TLS handshake timeouts - which will be smaller than this. This + // timeout is the overall timeout for the entire request. + defaultACMEHTTPTimeout = time.Second * 90 +) + // NewClientFunc is a function type for building a new ACME client. type NewClientFunc func(*http.Client, cmacme.ACMEIssuer, *rsa.PrivateKey, string) acmecl.Interface @@ -70,6 +77,6 @@ func BuildHTTPClient(metrics *metrics.Metrics, skipTLSVerify bool) *http.Client TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, }, - Timeout: time.Second * 30, + Timeout: defaultACMEHTTPTimeout, }) }