OCPBUGS-43745: Add support for IdleCloseTerminationPolicy (Go http.Client)

[frobware]

Introduce logic in desiredRouterDeployment to set the environmentvariable ROUTER_IDLE_CLOSE_ON_RESPONSE when the IdleConnectionTerminationPolicy field in the IngressController spec is set to Deferred. This change enables configuring HAProxy with the idle-close-on-response option for better control over idle connection termination behaviour.

Add an e2e test Test_IdleConnectionTerminationPolicy to verify the behaviour.

Requires:

• OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec api#2102
• OCPBUGS-43745: Add support for IdleCloseTerminationPolicy router#639

[openshift-ci-robot]

@frobware: This pull request references Jira Issue OCPBUGS-43745, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.19.0) matches configured target version for branch (4.19.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lihongan

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is like #1166 but uses the Go http.Client.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[frobware]

/hold

[frobware]

/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator openshift/router#639

[frobware]

/retest

[frobware]

/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator openshift/router#639

[frobware]

/retest-required

[frobware]

/retest-required

[frobware]

/test e2e-aws-operator

[frobware]

/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator openshift/router#639

[frobware]

/test e2e-aws-operator

[frobware]

/test e2e-azure-operator

[frobware]

/test e2e-gcp-operator

[frobware]

/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator openshift/router#639

[frobware]

@frobware: any particular reason to run multi pr tests?

/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator https://github.com/openshift/router/pull/639

The router's code was merged 2 weeks ago, it must be in the CI builds since a while now.

FWIW, I tried using /testwith without an additional PR and that did not launch a job, so I'll just continue to use the already merged router PR.

[frobware]

/retest-required

[frobware]

@alebedev87 I pushed a commit that separates the test from a parallel test with parallel subtests into two discrete tests--that still run in parallel. This change allows me to reliably piece together the test output when reviewing CI jobs. I'm using https://github.com/frobware/go-test-sift to collate parallel test output from CI logs (and locally). I haven't seen Test_IdleConnectionTerminationPolicy flake in the last few days, so I'd consider this my final iteration.

[frobware]

/testwith openshift/cluster-ingress-operator/master/e2e-gcp-operator openshift/router#639
/testwith openshift/cluster-ingress-operator/master/e2e-azure-operator openshift/router#639
/testwith openshift/cluster-ingress-operator/master/e2e-aws-operator openshift/router#639

[alebedev87]

/lgtm
/approve

[alebedev87]

/label acknowledge-critical-fixes-only

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alebedev87

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [alebedev87]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 2856e6d and 2 for PR HEAD 1385b13 in total

[frobware]

/retest-required

[frobware]

e2e-aws-ovn-serial and e2e-hypershift are failing in an empty PR: #1185 (comment)

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 2856e6d and 2 for PR HEAD 1385b13 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 2856e6d and 2 for PR HEAD 1385b13 in total

[lihongan]

Did pre-merge test and looks good.

##  no "option idle-close-on-response" in default router pod
$ oc -n openshift-ingress-operator get ingresscontroller/default -oyaml | yq .spec.idleConnectionTerminationPolicy
Immediate
$ oc -n openshift-ingress get deployment/router-default -oyaml | grep IDLE
(null)
$ oc -n openshift-ingress exec router-default-595897545-kfczn -- cat haproxy.config | grep idle
(null)

## create custom ingresscontroller and update spec.idleConnectionTerminationPolicy
$ oc -n openshift-ingress-operator get ingresscontroller/test -oyaml | yq .spec.idleConnectionTerminationPolicy
Immediate

$ oc -n openshift-ingress-operator patch ingresscontroller/test --type=merge -p '{"spec":{"idleConnectionTerminationPolicy":"Deferred"}}'
ingresscontroller.operator.openshift.io/test patched

$ oc -n openshift-ingress get deployment/router-test -oyaml | grep IDLE -A1
        - name: ROUTER_IDLE_CLOSE_ON_RESPONSE
          value: "true"

$ oc -n openshift-ingress exec router-test-6c756c4ff8-gdv4s -- cat haproxy.config | grep idle -B4
  frontend public
    
  bind :80
  mode http
  option idle-close-on-response
--
frontend fe_sni
  # terminate ssl on edge
  bind unix@/var/lib/haproxy/run/haproxy-sni.sock ssl crt /var/lib/haproxy/router/certs/default.pem crt-list /var/lib/haproxy/conf/cert_config.map accept-proxy no-alpn
  mode http
  option idle-close-on-response
--
frontend fe_no_sni
  # terminate ssl on edge
  bind unix@/var/lib/haproxy/run/haproxy-no-sni.sock ssl crt /var/lib/haproxy/router/certs/default.pem accept-proxy no-alpn
  mode http
  option idle-close-on-response

/label qe-approved

[openshift-ci-robot]

@frobware: This pull request references Jira Issue OCPBUGS-43745, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.19.0) matches configured target version for branch (4.19.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lihongan

In response to this:

Introduce logic in desiredRouterDeployment to set the environmentvariable ROUTER_IDLE_CLOSE_ON_RESPONSE when the IdleConnectionTerminationPolicy field in the IngressController spec is set to Deferred. This change enables configuring HAProxy with the idle-close-on-response option for better control over idle connection termination behaviour.

Add an e2e test Test_IdleConnectionTerminationPolicy to verify the behaviour.

Requires:

• OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec api#2102
• OCPBUGS-43745: Add support for IdleCloseTerminationPolicy router#639

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[frobware]

The e2e-aws-ovn-serial job is failing with "Image signature workflow can push a signed image to openshift registry and verify it" - related links:

• NO-JIRA: use quay.io/openshift/origin-cli:latest directly origin#29466
• https://redhat-internal.slack.com/archives/C01CQA76KMX/p1737106812413019

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 2856e6d and 2 for PR HEAD 1385b13 in total

[openshift-ci]

@frobware: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	1385b13	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-azure-ovn	1385b13	link	false	/test e2e-azure-ovn
ci/prow/e2e-aws-operator-techpreview	1385b13	link	false	/test e2e-aws-operator-techpreview

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 2856e6d and 2 for PR HEAD 1385b13 in total

[openshift-ci-robot]

@frobware: Jira Issue OCPBUGS-43745: All pull requests linked via external trackers have merged:

• openshift/api#2102
• openshift/router#639
• openshift/cluster-ingress-operator#1182

Jira Issue OCPBUGS-43745 has been moved to the MODIFIED state.

In response to this:

Introduce logic in desiredRouterDeployment to set the environmentvariable ROUTER_IDLE_CLOSE_ON_RESPONSE when the IdleConnectionTerminationPolicy field in the IngressController spec is set to Deferred. This change enables configuring HAProxy with the idle-close-on-response option for better control over idle connection termination behaviour.

Add an e2e test Test_IdleConnectionTerminationPolicy to verify the behaviour.

Requires:

• OCPBUGS-43745: Add IdleCloseOnResponse field to IngressControllerSpec api#2102
• OCPBUGS-43745: Add support for IdleCloseTerminationPolicy router#639

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-cluster-ingress-operator
This PR has been included in build ose-cluster-ingress-operator-container-v4.19.0-202501240608.p0.gcba3e44.assembly.stream.el9.
All builds following this will include this PR.