search

openshift / oauth-proxy

A reverse proxy that provides authentication with OpenShift via OAuth and Kubernetes service accounts
MIT License
261 stars 136 forks source link

APPSRE-7970: Add support for configuring upstream timeout #259

Closed kwilczynski closed 1 year ago

kwilczynski commented 1 year ago

Please ignore.

openshift-ci-robot commented 1 year ago

@kwilczynski: This pull request references APPSRE-7970 which is a valid jira issue.

In response to [this](https://github.com/openshift/oauth-proxy/pull/259): >Currently, there is no support for configuring the timeout between the proxy and the backends, and as such, the default timeout of **30 seconds** is applied (as per Go's standard library defaults). When the timeout occurs, the user will see an "http: proxy error: context canceled" in the logs, and the remote client will receive a **502** error. > >The default timeout might not be sufficient for some services, especially as every upstream service differs, and the abrupt connection termination might not be desirable. Typically, most upstream services only send response headers after they have gathered/processed all necessary data. > >Thus, add a new command-line switch called `--upstream-timeout`, allowing users to configure the timeout setting. > >Related: >- [APPSRE-7875](https://issues.redhat.com/browse/APPSRE-7875) >- [APPSRE-7970](https://issues.redhat.com/browse/APPSRE-7970) > >Note: this change is, almost entirely, a backport of a change that was added to the upstream [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy) project some time ago, per: > >- PR#1638: [Configure upstream timeout](https://github.com/oauth2-proxy/oauth2-proxy/pull/1638) > >Signed-off-by: Krzysztof Wilczyński Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
kwilczynski commented 1 year ago

To the reviewer:

Accidentally opened against the wrong upstream. Closing.

openshift-ci[bot] commented 1 year ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kwilczynski Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/openshift/oauth-proxy/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 1 year ago

@kwilczynski: This pull request references APPSRE-7970 which is a valid jira issue.

In response to [this](https://github.com/openshift/oauth-proxy/pull/259): > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci-robot commented 1 year ago

@kwilczynski: This pull request references APPSRE-7970 which is a valid jira issue.

In response to [this](https://github.com/openshift/oauth-proxy/pull/259): >Currently, there is no support for configuring the timeout between the proxy and the backends, and as such, the default timeout of **30 seconds** is applied (as per Go's standard library defaults). When the timeout occurs, the user will see an "http: proxy error: context canceled" in the logs, and the remote client will receive a **502** error. > >The default timeout might not be sufficient for some services, especially as every upstream service differs, and the abrupt connection termination might not be desirable. Typically, most upstream services only send response headers after they have gathered/processed all necessary data. > >Thus, add a new command-line switch called `--upstream-timeout`, allowing users to configure the timeout setting. > >Related: >- [APPSRE-7875](https://issues.redhat.com/browse/APPSRE-7875) >- [APPSRE-7970](https://issues.redhat.com/browse/APPSRE-7970) > >Note: this change is, almost entirely, a backport of a change that was added to the upstream [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy) project some time ago, per: > >- PR#1638: [Configure upstream timeout](https://github.com/oauth2-proxy/oauth2-proxy/pull/1638) > >Signed-off-by: Krzysztof Wilczyński Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci-robot commented 1 year ago

@kwilczynski: This pull request references APPSRE-7970 which is a valid jira issue.

In response to [this](https://github.com/openshift/oauth-proxy/pull/259): >Currently, there is no support for configuring the timeout between the proxy and the backends, and as such, the default timeout of **30 seconds** is applied (as per Go's standard library defaults). When the timeout occurs, the user will see an "http: proxy error: context canceled" in the logs, and the remote client will receive a **502** error. > >The default timeout might not be sufficient for some services, especially as every upstream service differs, and the abrupt connection termination might not be desirable. Typically, most upstream services only send response headers after they have gathered/processed all necessary data. > >Thus, add a new command-line switch called `--upstream-timeout`, allowing users to configure the timeout setting. > >Note: this change is, almost entirely, a backport of a change that was added to the upstream [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy) project some time ago, per: > >- PR#1638: [Configure upstream timeout](https://github.com/oauth2-proxy/oauth2-proxy/pull/1638) > >Signed-off-by: Krzysztof Wilczyński Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci-robot commented 1 year ago

@kwilczynski: This pull request references APPSRE-7970 which is a valid jira issue.

In response to [this](https://github.com/openshift/oauth-proxy/pull/259): >Please ignore. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.