Details
-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.12
-
No
-
1
-
Sprint 252
-
1
-
Rejected
-
False
-
Description
>>> tested with annotations: haproxy.router.openshift.io/timeout: both HTTP/HTTPS request can timeout per set value in annotation.
>>> without timeout annotation we expect to see HTTP/HTTPS request both timeout per default value 30s explained below:
https://access.redhat.com/documentation/zh-cn/red_hat_process_automation_manager/7.1/html/managing_and_monitoring_process_server/configuring-openshift-connection-timeout-proc
while in fact we observed default timeout 30s only work for HTTP request, following is the test steps helped by fixed delay function in service mesh virtual service.
-
- HTTP test:
1. gateway route port: 8080
- HTTP test:
holly [ ~ ]$ oc get route -n istio-system NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD grafana grafana-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io grafana <all> reencrypt/Redirect None istio-ingressgateway istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io istio-ingressgateway 8080 None
2. bookinfo gateway port 80, protocol HTTP:
servers: - port: number: 80 name: http protocol: HTTP
3. edited bookinfo virtual service to have fixed delay 60s:
Spec: Gateways: bookinfo-gateway Hosts: * Http: Fault: Delay: Fixed Delay: 60s Percentage: Value: 100
4. tested curling istio-gateway host with HTTP protocol and getting 504 after 30s:
holly [ ~ ]$ date; curl -v -k http://istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io/productpage; date
Thu Apr 4 04:13:19 AM UTC 2024
* Host istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io:80 was resolved.
* IPv6: (none)
* IPv4: 137.135.78.52
* Trying 137.135.78.52:80...
* Connected to istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io (137.135.78.52) port 80
> GET /productpage HTTP/1.1
> Host: istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/1.1 504 Gateway Time-out
< content-length: 92
< cache-control: no-cache
< content-type: text/html
<
<html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>
* Connection #0 to host istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io left intact
Thu Apr 4 04:13:50 AM UTC 2024
holly [ ~ ]$
-
- HTTPS test
1. add secret in istio-system namespace for TLS use
- HTTPS test
holly [ ~ ]$ oc get secret -n istio-system | grep superdomain mysuperdomain-certs kubernetes.io/tls 2 17h
2. edit istio gateway route to use HTTPS and tls termination:
holly [ ~ ]$ oc get route -n istio-system NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD grafana grafana-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io grafana <all> reencrypt/Redirect None istio-ingressgateway istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io istio-ingressgateway https passthrough None
3. edit bookinfo gateway to use HTTPS and tls:
Spec:
Selector:
Istio: ingressgateway
Servers:
Hosts:
*
Port:
Name: https
Number: 443
Protocol: HTTPS
Tls:
Credential Name: mysuperdomain-certs
Mode: SIMPLE
4. didn't do change to bookinfo virtual service yaml in regards to HTTPS change, kept 60s fixed delay:
Spec: Gateways: bookinfo-gateway Hosts: * Http: Fault: Delay: Fixed Delay: 60s Percentage: Value: 100 Match: Uri: Exact: /productpage Uri: Prefix: /static Uri: Exact: /login Uri: Exact: /logout Uri: Prefix: /api/v1/products Route: Destination: Host: productpage Port: Number: 9080
5. tested curling istio gateway host with HTTPS and getting succeeded after 60s:
holly [ ~ ]$ date; curl -v -k https://istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io/productpage; date Thu Apr 4 05:06:26 AM UTC 2024 * Host istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io:443 was resolved. * IPv6: (none) * IPv4: 137.135.78.52 * Trying 137.135.78.52:443... * Connected to istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io (137.135.78.52) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF * ALPN: server accepted h2 * Server certificate: * subject: CN=helloworld.mysuperdomain.com; O=hello world from mysuperdomain.com * start date: Apr 3 11:46:24 2024 GMT * expire date: Apr 3 11:46:24 2025 GMT * issuer: O=$DOMAIN_NAME Inc.; CN=$DOMAIN_NAME * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io/productpage * [HTTP/2] [1] [:method: GET] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io] * [HTTP/2] [1] [:path: /productpage] * [HTTP/2] [1] [user-agent: curl/8.5.0] * [HTTP/2] [1] [accept: */*] > GET /productpage HTTP/2 > Host: istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io > User-Agent: curl/8.5.0 > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 200 < content-type: text/html; charset=utf-8 < content-length: 5290 < server: istio-envoy < date: Thu, 04 Apr 2024 05:07:28 GMT < x-envoy-upstream-service-time: 1226 < <!DOCTYPE html> <html> <head> <title>Simple Bookstore App</title> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Latest compiled and minified CSS --> <link rel="stylesheet" href="static/bootstrap/css/bootstrap.min.css"> <!-- Optional theme --> <link rel="stylesheet" href="static/bootstrap/css/bootstrap-theme.min.css"> </head> <body> <nav class="navbar navbar-inverse navbar-static-top"> <div class="container"> <div class="navbar-header"> <a class="navbar-brand" href="#">BookInfo Sample</a> </div> <button type="button" class="btn btn-default navbar-btn navbar-right" data-toggle="modal" href="#login-modal">Sign in</button> </div> </nav> <!--- <div class="navbar navbar-inverse navbar-fixed-top"> <div class="container"> <div class="navbar-header pull-left"> <a class="navbar-brand" href="#">Microservices Fabric BookInfo Demo</a> </div> <div class="navbar-header pull-right"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> </div> <div class="navbar-collapse collapse"> <button type="button" class="btn btn-default navbar-btn pull-right" data-toggle="modal" data-target="#login-modal">Sign in</button> </div> </div> </div> --> <div id="login-modal" class="modal fade" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal">×</button> <h4 class="modal-title">Please sign in</h4> </div> <div class="modal-body"> <form method="post" action='login' name="login_form"> <p><input type="text" class="form-control" name="username" id="username" placeholder="User Name"></p> <p><input type="password" class="form-control" name="passwd" placeholder="Password"></p> <p> <button type="submit" class="btn btn-primary">Sign in</button> <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> </p> </form> </div> </div> </div> </div> <div class="container-fluid"> <div class="row"> <div class="col-md-12"> <h3 class="text-center text-primary">The Comedy of Errors</h3> <p>Summary: <a href="https://en.wikipedia.org/wiki/The_Comedy_of_Errors">Wikipedia Summary</a>: The Comedy of Errors is one of <b>William Shakespeare's</b> early plays. It is his shortest and one of his most farcical comedies, with a major part of the humour coming from slapstick and mistaken identity, in addition to puns and word play.</p> </div> </div> <div class="row"> <div class="col-md-6"> <h4 class="text-center text-primary">Book Details</h4> <dl> <dt>Type:</dt>paperback <dt>Pages:</dt>200 <dt>Publisher:</dt>PublisherA <dt>Language:</dt>English <dt>ISBN-10:</dt>1234567890 <dt>ISBN-13:</dt>123-1234567890 </dl> </div> <div class="col-md-6"> <h4 class="text-center text-primary">Book Reviews</h4> <blockquote> <p>An extremely entertaining play by Shakespeare. The slapstick humour is refreshing!</p> <small>Reviewer1</small> <font color="red"> <!-- full stars: --> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <!-- empty stars: --> </font> </blockquote> <blockquote> <p>Absolutely fun and entertaining. The play lacks thematic depth when compared to other plays by Shakespeare.</p> <small>Reviewer2</small> <font color="red"> <!-- full stars: --> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <span class="glyphicon glyphicon-star"></span> <!-- empty stars: --> <span class="glyphicon glyphicon-star-empty"></span> </font> </blockquote> <dl> <dt>Reviews served by:</dt> <u>reviews-v3-55f9d7445c-rqdvf</u> </dl> </div> </div> </div> <!-- Latest compiled and minified JavaScript --> <script src="static/jquery.min.js"></script> <!-- Latest compiled and minified JavaScript --> <script src="static/bootstrap/js/bootstrap.min.js"></script> <script type="text/javascript"> $('#login-modal').on('shown.bs.modal', function () { $('#username').focus(); }); </script> </body> </html> * Connection #0 to host istio-ingressgateway-istio-system.apps.zluc3jm0e8382cc5f9.eastus.aroapp.io left intact Thu Apr 4 05:07:28 AM UTC 2024