From 5667b261804e9bd9ecb5a086416c915cf40d78f3 Mon Sep 17 00:00:00 2001
From: MoritzWeber <kontakt@moritz-weber.net>
Date: Mon, 30 Sep 2024 17:44:57 +0200
Subject: [PATCH] feat: Let session proxy handle timeouts

The default timeout for nginx is 60 seconds and for haproxy it's 30 seconds.
Our session proxy should terminate requests after 60 seconds with a custom
error page, but the Ingress nginx / HAProxy were faster.

This sets the timeout to 70s, independently from nginx / HAProxy.
Since we want to have custom annotations for sessions and the rest of the
application, this commit splits the ingress into two.
---
 helm/templates/routing/routing.ingress.yaml  | 10 ------
 helm/templates/routing/sessions.ingress.yaml | 36 ++++++++++++++++++++
 2 files changed, 36 insertions(+), 10 deletions(-)
 create mode 100644 helm/templates/routing/sessions.ingress.yaml

diff --git a/helm/templates/routing/routing.ingress.yaml b/helm/templates/routing/routing.ingress.yaml
index a404d9577..cb077da28 100644
--- a/helm/templates/routing/routing.ingress.yaml
+++ b/helm/templates/routing/routing.ingress.yaml
@@ -11,11 +11,8 @@ metadata:
     nginx.ingress.kubernetes.io/fastcgi_buffer_size: 16k
     nginx.ingress.kubernetes.io/fastcgi_buffers: 16 16k
     nginx.ingress.kubernetes.io/fastcgi_busy_buffers_size: 16k
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
-    nginx.ingress.kubernetes.io/proxy-buffering: "off"
     nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
-    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
     {{- if eq .Values.cluster.kind "OpenShift" }}
     route.openshift.io/insecureEdgeTerminationPolicy: Redirect
     route.openshift.io/termination: edge
@@ -74,13 +71,6 @@ spec:
                 name: {{ .Release.Name }}-grafana-nginx
                 port:
                   name: grafui
-          - path: /session
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}-session-nginx
-                port:
-                  name: http
           {{ if .Values.mocks.oauth }}
           - path: /default
             pathType: Prefix
diff --git a/helm/templates/routing/sessions.ingress.yaml b/helm/templates/routing/sessions.ingress.yaml
new file mode 100644
index 000000000..bada43e1d
--- /dev/null
+++ b/helm/templates/routing/sessions.ingress.yaml
@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: Copyright DB InfraGO AG and contributors
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}-nginx-sessions
+  labels:
+    id: {{ .Release.Name }}-nginx-sessions
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: '70'
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: '70'
+    nginx.ingress.kubernetes.io/proxy-send-timeout: '70'
+    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+    {{- if eq .Values.cluster.kind "OpenShift" }}
+    route.openshift.io/insecureEdgeTerminationPolicy: Redirect
+    route.openshift.io/termination: edge
+    haproxy.router.openshift.io/timeout: 70s
+    {{ end }}
+spec:
+  ingressClassName: {{ .Values.cluster.ingressClassName }}
+  rules:
+    - http:
+        paths:
+          - path: /session
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-session-nginx
+                port:
+                  name: http
+      {{ if not .Values.general.wildcardHost }}
+      host: {{ .Values.general.host }}
+      {{ end }}