-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.13, 4.12, 4.14, 4.15
-
Moderate
-
Rejected
-
False
-
Description of problem:
The Ingress Controller API provides tuning options to set HAProxy timeouts. Currently the timeouts are validated using `duration` format marker of kubebuilder. That validation has known issue of accepting values which cannot be accepted by the golang's Duration type, see Bug 2082428 (e.g. "5 s", "5d"). This may result into the stuck reconciliation because the invalid duration value could be persisted into OpenShift. The error produced by a wrong duration value:
E0404 18:01:13.727351 1 reflector.go:147] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go:208: Failed to watch *v1.IngressController: failed to list *v1.IngressController: time: unknown unit "d" in duration "3d"
Version-Release number of selected component (if applicable):
4.15, 4.14, 4.13, 4.12
How reproducible:
Always
Steps to Reproduce:
1. Patch one of the timeout tuning options: oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"tuningOptions": {"clientTimeout": "3d"}}}' 2. Check that the ingress operator fails to reconcile the default ingress controller: oc -n openshift-ingress-operator logs deploy/ingress-operator | grep 'unknown unit' 3. Update any other field to check the reconciliation: oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"replicas": 3}}' 4. See the reconciliation is stuck: oc -n openshift-ingress get pods
Actual results:
Invalid timeout duration is accepted by the API and results into a reconciliation error loop.
Expected results:
Invalid timeout should not result into the stuck reconciliation.
Additional info:
Changing the validation format in the IngressController API to more rigid may break the compatibility for some clients.