|
9 | 9 | {{- $dynamicConfigManager := .DynamicConfigManager }} |
10 | 10 | {{- $router_ip_v4_v6_mode := env "ROUTER_IP_V4_V6_MODE" "v4" }} |
11 | 11 | {{- $router_disable_http2 := env "ROUTER_DISABLE_HTTP2" "false" }} |
| 12 | +{{- $routerDefaultServerTimeout := env "ROUTER_DEFAULT_SERVER_TIMEOUT" "30s" }} |
| 13 | +{{- $routerDefaultTunnelTimeout := env "ROUTER_DEFAULT_TUNNEL_TIMEOUT" "1h" }} |
12 | 14 | {{- $haveClientCA := .HaveClientCA }} |
13 | 15 | {{- $haveCRLs := .HaveCRLs }} |
14 | 16 |
|
|
42 | 44 | {{- /* pathRewriteTargetPattern: Match path rewrite-Target */}} |
43 | 45 | {{- $pathRewriteTargetPattern := `^/.*$` -}} |
44 | 46 |
|
| 47 | +{{- /* Maximum timeout among all the routes, required to be set on the middle backends to avoid warning message about missing server timeout. */}} |
| 48 | +{{- $routerMaxServerTimeout := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern $routerDefaultServerTimeout }} |
| 49 | + |
45 | 50 | global |
46 | 51 | # Drop resource limit checks to mitigate https://issues.redhat.com/browse/OCPBUGS-21803 in HAProxy 2.6. |
47 | 52 | no strict-limits |
@@ -314,8 +319,8 @@ frontend public_ssl |
314 | 319 | # traffic |
315 | 320 | ########################################################################## |
316 | 321 | backend be_sni |
317 | | - {{- with $value := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s" }} |
318 | | - timeout server {{ $value }} |
| 322 | + {{- with $routerMaxServerTimeout }} |
| 323 | + timeout server {{ $routerMaxServerTimeout }} |
319 | 324 | {{- end }} |
320 | 325 | server fe_sni unix@/var/lib/haproxy/run/haproxy-sni.sock weight 1 send-proxy |
321 | 326 |
|
@@ -433,8 +438,8 @@ frontend fe_sni |
433 | 438 | ########################################################################## |
434 | 439 | # backend for when sni does not exist, or ssl term needs to happen on the edge |
435 | 440 | backend be_no_sni |
436 | | - {{- with $value := maxTimeoutFirstMatchedAndClipped .State "haproxy.router.openshift.io/timeout" $timeSpecPattern (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s" }} |
437 | | - timeout server {{ $value }} |
| 441 | + {{- with $routerMaxServerTimeout}} |
| 442 | + timeout server {{ $routerMaxServerTimeout }} |
438 | 443 | {{- end }} |
439 | 444 | server fe_no_sni unix@/var/lib/haproxy/run/haproxy-no-sni.sock weight 1 send-proxy |
440 | 445 |
|
@@ -595,11 +600,11 @@ backend {{ genBackendNamePrefix $cfg.TLSTermination }}:{{ $cfgIdx }} |
595 | 600 | {{- end }} |
596 | 601 | tcp-request content reject if !whitelist |
597 | 602 | {{- end }} |
598 | | - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s") }} |
599 | | - timeout server {{ $value }} |
| 603 | + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultServerTimeout) }} |
| 604 | + timeout server {{ $value }} |
600 | 605 | {{- end }} |
601 | | - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (env "ROUTER_DEFAULT_TUNNEL_TIMEOUT") "1h") }} |
602 | | - timeout tunnel {{ $value }} |
| 606 | + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") $routerDefaultTunnelTimeout) }} |
| 607 | + timeout tunnel {{ $value }} |
603 | 608 | {{- end }} |
604 | 609 |
|
605 | 610 | {{- if isTrue (index $cfg.Annotations "haproxy.router.openshift.io/rate-limit-connections") }} |
@@ -799,11 +804,11 @@ backend {{ genBackendNamePrefix $cfg.TLSTermination }}:{{ $cfgIdx }} |
799 | 804 | {{- end }} |
800 | 805 | tcp-request content reject if !whitelist |
801 | 806 | {{- end }} |
802 | | - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_SERVER_TIMEOUT") "30s") }} |
803 | | - timeout server {{ $value }} |
| 807 | + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultServerTimeout) }} |
| 808 | + timeout server {{ $value }} |
804 | 809 | {{- end }} |
805 | | - {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (index $cfg.Annotations "haproxy.router.openshift.io/timeout") (env "ROUTER_DEFAULT_TUNNEL_TIMEOUT") "1h") }} |
806 | | - timeout tunnel {{ $value }} |
| 810 | + {{- with $value := clipHAProxyTimeoutValue (firstMatch $timeSpecPattern (index $cfg.Annotations "haproxy.router.openshift.io/timeout-tunnel") (index $cfg.Annotations "haproxy.router.openshift.io/timeout") $routerDefaultTunnelTimeout) }} |
| 811 | + timeout tunnel {{ $value }} |
807 | 812 | {{- end }} |
808 | 813 |
|
809 | 814 | {{- if isTrue (index $cfg.Annotations "haproxy.router.openshift.io/rate-limit-connections") }} |
|
0 commit comments