diff --git a/images/router/haproxy/conf/haproxy-config.template b/images/router/haproxy/conf/haproxy-config.template index 8e20c0753..3b8f1fc37 100644 --- a/images/router/haproxy/conf/haproxy-config.template +++ b/images/router/haproxy/conf/haproxy-config.template @@ -9,6 +9,8 @@ {{- $dynamicConfigManager := .DynamicConfigManager }} {{- $router_ip_v4_v6_mode := env "ROUTER_IP_V4_V6_MODE" "v4" }} {{- $router_disable_http2 := env "ROUTER_DISABLE_HTTP2" "false" }} +{{- $routerDefaultServerTimeout := env "ROUTER_DEFAULT_SERVER_TIMEOUT" "30s" }} +{{- $routerDefaultTunnelTimeout := env "ROUTER_DEFAULT_TUNNEL_TIMEOUT" "1h" }} {{- $haveClientCA := .HaveClientCA }} {{- $haveCRLs := .HaveCRLs }} @@ -42,6 +44,9 @@ {{- /* pathRewriteTargetPattern: Match path rewrite-Target */}} {{- $pathRewriteTargetPattern := `^/.*$` -}} +{{- /* Maximum timeout among all the routes, required to be set on the middle backends to avoid warning message about missing server timeout. */}} +{{- $routerMaxServerTimeout := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern $routerDefaultServerTimeout }} + global # Drop resource limit checks to mitigate https://issues.redhat.com/browse/OCPBUGS-21803 in HAProxy 2.6. no strict-limits @@ -314,8 +319,8 @@ frontend public_ssl # traffic ########################################################################## backend be_sni - {{- with $value := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s" }} - timeout server {{ $value }} + {{- with $routerMaxServerTimeout }} + timeout server {{ $routerMaxServerTimeout }} {{- end }} server fe_sni unix@/var/lib/haproxy/run/haproxy-sni.sock weight 1 send-proxy @@ -433,8 +438,8 @@ frontend fe_sni ########################################################################## # backend for when sni does not exist, or ssl term needs to happen on the edge backend be_no_sni - {{- with $value := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s" }} - timeout server {{ $value }} + {{- with $routerMaxServerTimeout}} + timeout server {{ $routerMaxServerTimeout }} {{- end }} server fe_no_sni unix@/var/lib/haproxy/run/haproxy-no-sni.sock weight 1 send-proxy @@ -595,11 +600,11 @@ backend {{ genBackendNamePrefix $cfg.TLSTermination }}:{{ $cfgIdx }} {{- end }} tcp-request content reject if !whitelist {{- end }} - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s") }} - timeout server {{ $value }} + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultServerTimeout) }} + timeout server {{ $value }} {{- end }} - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (env "ROUTER_DEFAULT_TUNNEL_TIMEOUT") "1h") }} - timeout tunnel {{ $value }} + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") $routerDefaultTunnelTimeout) }} + timeout tunnel {{ $value }} {{- end }} {{- if isTrue (index $cfg.Annotations "haproxy.router.openshift.io/rate-limit-connections") }} @@ -799,11 +804,11 @@ backend {{ genBackendNamePrefix $cfg.TLSTermination }}:{{ $cfgIdx }} {{- end }} tcp-request content reject if !whitelist {{- end }} - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s") }} - timeout server {{ $value }} + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultServerTimeout) }} + timeout server {{ $value }} {{- end }} - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_TUNNEL_TIMEOUT") "1h") }} - timeout tunnel {{ $value }} + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultTunnelTimeout) }} + timeout tunnel {{ $value }} {{- end }} {{- if isTrue (index $cfg.Annotations "haproxy.router.openshift.io/rate-limit-connections") }}