Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-60187

Hypershift ShardIngress HAProxy config reloader issues

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:
      Testing AllowedCIDRBlocks with max allowed limits of 500, caused HAproxy to abort with below error, HAproxy cannot read configs when more than 61 blocks are added to a HCP . After removing all 250 CIDR blocks, config reload was successful.

      reloader logs

      2025-08-06T13:14:57.962082903Z ❗️ Checksum change detected.
      2025-08-06T13:14:57.962108535Z 🔎 Validating new configuration...
      2025-08-06T13:14:57.983246446Z [NOTICE]   (194776) : haproxy version is 3.0.5-8e879a5
      2025-08-06T13:14:57.983258767Z [NOTICE]   (194776) : path to executable is /usr/sbin/haproxy
      2025-08-06T13:14:57.983266293Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:31]: too many words, truncating after word 64, position 1130: <250.250.250.60/32>.
      2025-08-06T13:14:57.983272913Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:34] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-kube-apiserver_request_allowed'.
      2025-08-06T13:14:57.983313781Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:49]: too many words, truncating after word 64, position 1124: <250.250.250.60/32>.
      2025-08-06T13:14:57.983334577Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:51]: too many words, truncating after word 64, position 1128: <250.250.250.60/32>.
      2025-08-06T13:14:57.983345903Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:53]: too many words, truncating after word 64, position 1125: <250.250.250.60/32>.
      2025-08-06T13:14:57.983349680Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:55]: too many words, truncating after word 64, position 1121: <250.250.250.60/32>.
      2025-08-06T13:14:57.983380754Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:64] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-ignition_request_allowed'.
      2025-08-06T13:14:57.983385136Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:65] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-konnectivity_request_allowed'.
      2025-08-06T13:14:57.983388130Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:66] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-apiserver_request_allowed'.
      2025-08-06T13:14:57.983393314Z [ALERT]    (194776) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:67] : error detected while parsing switching rule : no such ACL : 'is_clusters-aro-hcp-newing-oauth_request_allowed'.
      2025-08-06T13:14:57.983508904Z [ALERT]    (194776) : config : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg
      2025-08-06T13:14:57.983516872Z [ALERT]    (194776) : config : Fatal errors found in configuration.
      2025-08-06T13:14:57.983911509Z ❌ ERROR: New configuration is invalid. Reload aborted.
      2025-08-06T13:15:02.988403503Z ❗️ Checksum change detected.
      2025-08-06T13:15:02.988435061Z 🔎 Validating new configuration...
      2025-08-06T13:15:03.077353951Z Success=1
      2025-08-06T13:15:03.077376027Z --
      2025-08-06T13:15:03.077379916Z [NOTICE]   (1) : New worker (823) forked
      2025-08-06T13:15:03.077382572Z [NOTICE]   (1) : Loading success.
      2025-08-06T13:15:03.077385200Z 
      2025-08-06T13:15:03.077613233Z ✅ Reload command sent successfully.
      
      
          Version-Release number of selected component (if applicable):{code:none}
      4.19.7
          

      How reproducible:

      Always
          

      Steps to Reproduce:

      1. Create a self-managed HCP on AKS, with no AllowedCIDRBlock spec, cluster state Completed as usual
      2. Added 250 CIDR blocks to it 
      3. Watch hypershift-sharedingress reloader logs, says Reload aborted
      Attached haproxy config 
          

      Actual results:

      Config reloader errored out
          

      Expected results:

      It should work as expected, as long as AllowedCIDRBlocks are valid and within allowed limit.
          

      Additional info:

          

              rh-ee-mraee Mulham Raee
              mukrishn@redhat.com Murali Krishnasamy
              None
              None
              Murali Krishnasamy Murali Krishnasamy
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: