TRACING-4238 | Fix gatewat 502 timeout (#2694)

* Fix gatewat 502 timeout Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix gatewat 502 timeout Signed-off-by: Pavol Loffay <p.loffay@gmail.com> --------- Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
jaegertracing · Oct 2, 2024 · fbf3ee7 · fbf3ee7
1 parent a2e03e2
commit fbf3ee7
Show file tree

Hide file tree

Showing 10 changed files with 58 additions and 10 deletions.
diff --git a/apis/v1/jaeger_types.go b/apis/v1/jaeger_types.go
@@ -374,6 +374,10 @@ type JaegerIngressOpenShiftSpec struct {
 	// SkipLogout tells the operator to not automatically add a "Log Out" menu option to the custom Jaeger configuration
 	// +optional
 	SkipLogout *bool `json:"skipLogout,omitempty"`
+
+	// Timeout defines client timeout from oauth-proxy to jaeger.
+	// +optional
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
 }
 
 // JaegerAllInOneSpec defines the options to be used when deploying the query

diff --git a/apis/v1/zz_generated.deepcopy.go b/apis/v1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/jaegertracing.io_jaegers.yaml b/bundle/manifests/jaegertracing.io_jaegers.yaml
@@ -7281,6 +7281,8 @@ spec:
                         type: string
                       skipLogout:
                         type: boolean
+                      timeout:
+                        type: string
                     type: object
                   options:
                     type: object

diff --git a/config/crd/bases/jaegertracing.io_jaegers.yaml b/config/crd/bases/jaegertracing.io_jaegers.yaml
@@ -7278,6 +7278,8 @@ spec:
                         type: string
                       skipLogout:
                         type: boolean
+                      timeout:
+                        type: string
                     type: object
                   options:
                     type: object

diff --git a/docs/api.md b/docs/api.md
@@ -27388,6 +27388,13 @@ Resource Types:
           <br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>timeout</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
       </tr></tbody>
 </table>
 

diff --git a/pkg/cmd/start/main.go b/pkg/cmd/start/main.go
@@ -28,7 +28,7 @@ func AddFlags(cmd *cobra.Command) {
 	cmd.Flags().String("jaeger-spark-dependencies-image", "ghcr.io/jaegertracing/spark-dependencies/spark-dependencies", "The Docker image for the Spark Dependencies Job")
 	cmd.Flags().String("jaeger-es-index-cleaner-image", "jaegertracing/jaeger-es-index-cleaner", "The Docker image for the Jaeger Elasticsearch Index Cleaner")
 	cmd.Flags().String("jaeger-es-rollover-image", "jaegertracing/jaeger-es-rollover", "The Docker image for the Jaeger Elasticsearch Rollover")
-	cmd.Flags().String(v1.FlagOpenShiftOauthProxyImage, "quay.io/openshift/origin-oauth-proxy:4.12", "The Docker image location definition for the OpenShift OAuth Proxy")
+	cmd.Flags().String(v1.FlagOpenShiftOauthProxyImage, "quay.io/openshift/origin-oauth-proxy:4.14", "The Docker image location definition for the OpenShift OAuth Proxy")
 	cmd.Flags().String("openshift-oauth-proxy-imagestream-ns", "", "The namespace for the OpenShift OAuth Proxy imagestream")
 	cmd.Flags().String("openshift-oauth-proxy-imagestream-name", "", "The name for the OpenShift OAuth Proxy imagestream")
 	cmd.Flags().String("platform", v1.FlagPlatformAutoDetect, "The target platform the operator will run. Possible values: 'kubernetes', 'openshift', 'auto-detect'")

diff --git a/pkg/inject/oauth_proxy.go b/pkg/inject/oauth_proxy.go
@@ -39,7 +39,7 @@ func OAuthProxy(jaeger *v1.Jaeger, dep *appsv1.Deployment) *appsv1.Deployment {
 
 func proxyInitArguments(jaeger *v1.Jaeger) []string {
 	secret := util.GenerateProxySecret()
-	return []string{
+	args := []string{
 		fmt.Sprintf("--cookie-secret=%s", secret),
 		"--https-address=:8443",
 		fmt.Sprintf("--openshift-service-account=%s", account.OAuthProxyAccountNameFor(jaeger)),
@@ -48,6 +48,10 @@ func proxyInitArguments(jaeger *v1.Jaeger) []string {
 		"--tls-key=/etc/tls/private/tls.key",
 		"--upstream=http://localhost:16686",
 	}
+	if jaeger.Spec.Ingress.Openshift.Timeout != nil {
+		args = append(args, fmt.Sprintf("--upstream-timeout=%s", (*jaeger.Spec.Ingress.Openshift.Timeout).Duration.String()))
+	}
+	return args
 }
 
 func getOAuthProxyContainer(jaeger *v1.Jaeger) corev1.Container {

diff --git a/pkg/inject/oauth_proxy_test.go b/pkg/inject/oauth_proxy_test.go
@@ -4,20 +4,21 @@ import (
 	"fmt"
 	"sort"
 	"testing"
-
-	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
-	"github.com/jaegertracing/jaeger-operator/pkg/autodetect"
-	"github.com/jaegertracing/jaeger-operator/pkg/config/ca"
-	"github.com/jaegertracing/jaeger-operator/pkg/util"
+	"time"
 
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
+	v1 "github.com/jaegertracing/jaeger-operator/apis/v1"
+	"github.com/jaegertracing/jaeger-operator/pkg/autodetect"
+	"github.com/jaegertracing/jaeger-operator/pkg/config/ca"
 	"github.com/jaegertracing/jaeger-operator/pkg/deployment"
 	"github.com/jaegertracing/jaeger-operator/pkg/service"
+	"github.com/jaegertracing/jaeger-operator/pkg/util"
 )
 
 func TestOAuthProxyContainerIsNotAddedByDefault(t *testing.T) {
@@ -80,6 +81,25 @@ func TestOAuthProxyWithCustomSAR(t *testing.T) {
 	assert.True(t, found)
 }
 
+func TestOAuthProxyWithTimeout(t *testing.T) {
+	jaeger := v1.NewJaeger(types.NamespacedName{Name: "my-instance"})
+	jaeger.Spec.Ingress.Security = v1.IngressSecurityOAuthProxy
+
+	timeout := metav1.Duration{
+		Duration: time.Second * 70,
+	}
+	jaeger.Spec.Ingress.Openshift.Timeout = &timeout
+	dep := OAuthProxy(jaeger, deployment.NewQuery(jaeger).Get())
+
+	found := false
+	for _, a := range dep.Spec.Template.Spec.Containers[1].Args {
+		if a == "--upstream-timeout=1m10s" {
+			found = true
+		}
+	}
+	assert.True(t, found)
+}
+
 func TestOAuthProxyWithHtpasswdFile(t *testing.T) {
 	jaeger := v1.NewJaeger(types.NamespacedName{Name: "my-instance"})
 	jaeger.Spec.Ingress.Security = v1.IngressSecurityOAuthProxy

diff --git a/pkg/route/query.go b/pkg/route/query.go
@@ -63,9 +63,10 @@ func (r *QueryRoute) Get() *corev1.Route {
 			APIVersion: "route.openshift.io/v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: r.jaeger.Namespace,
-			Labels:    util.Labels(r.jaeger.Name, "query-route", *r.jaeger),
+			Name:        name,
+			Namespace:   r.jaeger.Namespace,
+			Labels:      util.Labels(r.jaeger.Name, "query-route", *r.jaeger),
+			Annotations: r.jaeger.Spec.Ingress.Annotations,
 			OwnerReferences: []metav1.OwnerReference{
 				{
 					APIVersion: r.jaeger.APIVersion,

diff --git a/pkg/route/query_test.go b/pkg/route/query_test.go
@@ -48,11 +48,13 @@ func TestQueryRouteEnabled(t *testing.T) {
 func TestQueryRouteWithOAuthProxy(t *testing.T) {
 	jaeger := v1.NewJaeger(types.NamespacedName{Name: "TestQueryRouteWithOAuthProxy"})
 	jaeger.Spec.Ingress.Security = v1.IngressSecurityOAuthProxy
+	jaeger.Spec.Ingress.Annotations = map[string]string{"timeout": "10s"}
 	route := NewQueryRoute(jaeger)
 
 	r := route.Get()
 	assert.Equal(t, corev1.TLSTerminationReencrypt, r.Spec.TLS.Termination)
 	assert.Equal(t, intstr.FromString("https-query"), r.Spec.Port.TargetPort)
+	assert.Equal(t, map[string]string{"timeout": "10s"}, r.Annotations)
 }
 
 func TestQueryRouteWithoutOAuthProxy(t *testing.T) {