-
Bug
-
Resolution: Unresolved
-
Major
-
4.19.z
Description of problem:
Testing AllowedCIDRBlocks with max allowed limits of 500, caused HAproxy to abort with below error, HAproxy cannot read configs when more than 61 blocks are added to a HCP . After removing all 250 CIDR blocks, config reload was successful.
reloader logs
2025-08-06T13:14:57.962082903Z ❗️ Checksum change detected. 2025-08-06T13:14:57.962108535Z 🔎 Validating new configuration... 2025-08-06T13:14:57.983246446Z [NOTICE] (194776) : haproxy version is 3.0.5-8e879a5 2025-08-06T13:14:57.983258767Z [NOTICE] (194776) : path to executable is /usr/sbin/haproxy 2025-08-06T13:14:57.983266293Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:31]: too many words, truncating after word 64, position 1130: <250.250.250.60/32>. 2025-08-06T13:14:57.983272913Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:34] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-kube-apiserver_request_allowed'. 2025-08-06T13:14:57.983313781Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:49]: too many words, truncating after word 64, position 1124: <250.250.250.60/32>. 2025-08-06T13:14:57.983334577Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:51]: too many words, truncating after word 64, position 1128: <250.250.250.60/32>. 2025-08-06T13:14:57.983345903Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:53]: too many words, truncating after word 64, position 1125: <250.250.250.60/32>. 2025-08-06T13:14:57.983349680Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:55]: too many words, truncating after word 64, position 1121: <250.250.250.60/32>. 2025-08-06T13:14:57.983380754Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:64] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-ignition_request_allowed'. 2025-08-06T13:14:57.983385136Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:65] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-konnectivity_request_allowed'. 2025-08-06T13:14:57.983388130Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:66] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-apiserver_request_allowed'. 2025-08-06T13:14:57.983393314Z [ALERT] (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:67] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-oauth_request_allowed'. 2025-08-06T13:14:57.983508904Z [ALERT] (194776) : config : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg 2025-08-06T13:14:57.983516872Z [ALERT] (194776) : config : Fatal errors found in configuration. 2025-08-06T13:14:57.983911509Z ❌ ERROR: New configuration is invalid. Reload aborted. 2025-08-06T13:15:02.988403503Z ❗️ Checksum change detected. 2025-08-06T13:15:02.988435061Z 🔎 Validating new configuration... 2025-08-06T13:15:03.077353951Z Success=1 2025-08-06T13:15:03.077376027Z -- 2025-08-06T13:15:03.077379916Z [NOTICE] (1) : New worker (823) forked 2025-08-06T13:15:03.077382572Z [NOTICE] (1) : Loading success. 2025-08-06T13:15:03.077385200Z 2025-08-06T13:15:03.077613233Z ✅ Reload command sent successfully.
Version-Release number of selected component (if applicable):{code:none}
4.19.7
How reproducible:
Always
Steps to Reproduce:
1. Create a self-managed HCP on AKS, with no AllowedCIDRBlock spec, cluster state Completed as usual 2. Added 250 CIDR blocks to it 3. Watch hypershift-sharedingress reloader logs, says Reload aborted Attached haproxy config
Actual results:
Config reloader errored out
Expected results:
It should work as expected, as long as AllowedCIDRBlocks are valid and within allowed limit.
Additional info: