Skip to content

Commit

Permalink
OCPBUGS-43745: Add support for idle connection termination policy
Browse files Browse the repository at this point in the history
Introduce logic in desiredRouterDeployment to set the environment
variable `ROUTER_IDLE_CLOSE_ON_RESPONSE` when the
`IdleConnectionTerminationPolicy` field in the IngressController spec is
set to `Deferred`. This change enables configuring HAProxy with the
`idle-close-on-response` option for better control over idle connection
termination behaviour.
  • Loading branch information
frobware committed Dec 19, 2024
1 parent 6a882ac commit 60b3714
Show file tree
Hide file tree
Showing 4 changed files with 837 additions and 0 deletions.
7 changes: 7 additions & 0 deletions pkg/operator/controller/ingress/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -1185,6 +1185,13 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController
)
}

if ci.Spec.IdleConnectionTerminationPolicy == operatorv1.IngressControllerConnectionTerminationPolicyDeferred {
env = append(env, corev1.EnvVar{
Name: "ROUTER_IDLE_CLOSE_ON_RESPONSE",
Value: "true",
})
}

// TODO: The only connections from the router that may need the cluster-wide proxy are those for downloading CRLs,
// which, as of writing this, will always be http. If https becomes necessary, the router will need to mount the
// trusted CA bundle that cluster-network-operator generates. The process for adding that is described here:
Expand Down
51 changes: 51 additions & 0 deletions pkg/operator/controller/ingress/deployment_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2564,3 +2564,54 @@ func TestDesiredRouterDeploymentRouterExternalCertificate(t *testing.T) {

checkDeploymentHasEnvSorted(t, deployment)
}

// Test_IdleConnectionTerminationPolicy validates that the ingress
// controller correctly sets the ROUTER_IDLE_CLOSE_ON_RESPONSE
// environment variable based on the IngressController's
// IdleConnectionTerminationPolicy field.
func Test_IdleConnectionTerminationPolicy(t *testing.T) {
ic, ingressConfig, infraConfig, apiConfig, networkConfig, _, clusterProxyConfig := getRouterDeploymentComponents(t)

for _, tc := range []struct {
name string
policy operatorv1.IngressControllerConnectionTerminationPolicy
expectEnvVarPresent bool
expectedEnvVarValue string
}{{
name: "IdleConnectionTerminationPolicy is Deferred",
policy: operatorv1.IngressControllerConnectionTerminationPolicyDeferred,
expectEnvVarPresent: true,
expectedEnvVarValue: "true",
}, {
name: "IdleConnectionTerminationPolicy is not set",
policy: "",
expectEnvVarPresent: false,
expectedEnvVarValue: "",
}, {
name: "IdleConnectionTerminationPolicy is Immediate (default)",
policy: operatorv1.IngressControllerConnectionTerminationPolicyImmediate,
expectEnvVarPresent: false,
expectedEnvVarValue: "",
}} {
t.Run(tc.name, func(t *testing.T) {
ic.Spec.IdleConnectionTerminationPolicy = tc.policy

deployment, err := desiredRouterDeployment(ic, ingressControllerImage, ingressConfig, infraConfig, apiConfig, networkConfig, false, false, nil, clusterProxyConfig, false, false)
if err != nil {
t.Fatalf("failed to generate desired router Deployment: %v", err)
}

expectedEnv := []envData{{
name: "ROUTER_IDLE_CLOSE_ON_RESPONSE",
expectPresent: tc.expectEnvVarPresent,
expectedValue: tc.expectedEnvVarValue,
}}

if err := checkDeploymentEnvironment(t, deployment, expectedEnv); err != nil {
t.Errorf("environment variable check failed: %v", err)
}

checkDeploymentHasEnvSorted(t, deployment)
})
}
}
1 change: 1 addition & 0 deletions test/e2e/all_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ func TestAll(t *testing.T) {
t.Run("TestUnmanagedAWSLBSubnets", TestUnmanagedAWSLBSubnets)
t.Run("TestAWSEIPAllocationsForNLB", TestAWSEIPAllocationsForNLB)
t.Run("TestUnmanagedAWSEIPAllocations", TestUnmanagedAWSEIPAllocations)
t.Run("Test_IdleConnectionTerminationPolicy", Test_IdleConnectionTerminationPolicy)
})

t.Run("serial", func(t *testing.T) {
Expand Down
Loading

0 comments on commit 60b3714

Please sign in to comment.