New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1861383: Clip haproxy.router.openshift.io/timeout annotation values to prevent bricking on upgrade #196
Bug 1861383: Clip haproxy.router.openshift.io/timeout annotation values to prevent bricking on upgrade #196
Conversation
@sgreene570: This pull request references Bugzilla bug 1861383, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
Doesnt appear to be working as intended when I verified manually |
I now realize there's a better approach. Pushing a new fix soon. |
@sgreene570: This pull request references Bugzilla bug 1861383, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
@sgreene570: This pull request references Bugzilla bug 1861383, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold cancel |
/retest |
@@ -463,7 +463,7 @@ backend {{genBackendNamePrefix $cfg.TLSTermination}}:{{$cfgIdx}} | |||
{{- end }} | |||
tcp-request content reject if !whitelist | |||
{{- end }} | |||
{{- with $value := firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout")}} | |||
{{- with $value := clipHAProxyTimeoutValue firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout")}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{{- with $value := clipHAProxyTimeoutValue firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout")}} | |
{{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout")) }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
67b4600
to
211451e
Compare
@sgreene570: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest Should clear metal-ipi jobs that are not mandatory. |
hm, don't think that did the trick. |
Or close and reopen? I recall we had a similar issue with another PR where the release job criteria had changed. |
@sgreene570: An error was encountered updating to the NEW state for bug 1861383 on the Bugzilla server at https://bugzilla.redhat.com:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@sgreene570: This pull request references Bugzilla bug 1861383, which is valid. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
expected: haproxyMaxTimeout, | ||
}, | ||
{ | ||
value: "1000h", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And a [test] case without any units defaults to milliseconds?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And a [test] case without any units defaults to milliseconds?
haproxy defaults to milliseconds:
timeout client <timeout>
timeout clitimeout <timeout> (deprecated)
Set the maximum inactivity time on the client side.
May be used in sections : defaults | frontend | listen | backend
yes | yes | yes | no
Arguments :
<timeout> is the timeout value specified in milliseconds by default, but
can be in any other unit if the number is suffixed by the unit,
as explained at the top of this document.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If no time unit is specific, HAProxy will assume milliseconds.
Added a test to highlight this.
e7ecfce
to
0e871e0
Compare
Add a new function, clipHAProxyTimeoutValue(...) to pkg/router/template/template_helper.go that clips values passed in to the template via the haproxy.router.openshift.io/timeout annotation. This way, clusters updating from a cluster version with a prior version of HAProxy (1.8) won't break when an annotation timeout of > 25 days was previously set on a route.
Add a unit test for clipHAProxyTimeoutValue(...) to pkg/router/template/template_helper_test.go
0e871e0
to
6bde7a0
Compare
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frobware, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/skip |
/test e2e-upgrade |
/retest Please review the full test history for this PR and help us cut down flakes. |
@sgreene570: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@sgreene570: All pull requests linked via external trackers have merged: Bugzilla bug 1861383 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.6 |
@sgreene570: new pull request created: #217 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.5 |
@sgreene570: #196 failed to apply on top of branch "release-4.5":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR adds the function
clipHAProxyTimeoutValue(...)
topkg/router/template/template_helper.go
to prevent invalid Route timeout annotations from breaking router reloads. In version 2.x, HAProxy supports a maximum timeout of2147483647ms
, which is ~24.8 days.clipHAProxyTimeoutValue
will replace any timeout above the maximum amount with the maximum allowable amount to prevent HAProxy from crashing after upgrades that bump HAProxy 1.8 to 2.x.This PR also adds unit tests cases for
clipHAProxyTimeoutValue
to verify that it works as intended.