4.4.z backport is posted and blocked on verification of the 4.5.z backport.
The bump to HAProxy 2.2 may block this change if the bump affects OCP 4.4 because HAProxy 2.2 removes the "http-use-htx" option (see bug 1897039). Need to investigate in the upcoming sprint.
(In reply to Miciah Dashiel Butler Masters from comment #2) > The bump to HAProxy 2.2 may block this change if the bump affects OCP 4.4 > because HAProxy 2.2 removes the "http-use-htx" option (see bug 1897039). > Need to investigate in the upcoming sprint. The bump to HAProxy 2.2 only affects OpenShift 4.7 because it requires a change to the Dockerfiles, and that change has not been backported to earlier release branches, so we can go ahead with turning off HTX in 4.4.
The 4.5 backport is verified, but the 4.4 backport is waiting for lgtm and cherry-pick-approval labels. We'll try to get this done in the upcoming sprint.
Tested in "4.4.0-0.ci.test-2020-12-10-085627-ci-ln-q8q318t" release. With this payload, it is noted that the haproxy configuration now has the "no option http-use-htx" with http2 disabled, and the headers are no more being moderated for the lower/upper cases: ----- $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.4.0-0.ci.test-2020-12-10-085627-ci-ln-q8q318t True False 12m Cluster version is 4.4.0-0.ci.test-2020-12-10-085627-ci-ln-q8q318t $ oc -n openshift-ingress exec router-internalapps-5b54d6b76b-6tfmw -- cat haproxy.config | grep -i htx no option http-use-htx $ oc get all NAME READY STATUS RESTARTS AGE pod/router-http-echo-1-deploy 0/1 Completed 0 17m pod/router-http-echo-1-r5r8j 1/1 Running 0 17m NAME DESIRED CURRENT READY AGE replicationcontroller/router-http-echo-1 1 1 1 17m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/router-http-echo ClusterIP 172.30.131.121 <none> 8676/TCP 17m NAME REVISION DESIRED CURRENT TRIGGERED BY deploymentconfig.apps.openshift.io/router-http-echo 1 1 1 config NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD route.route.openshift.io/router-http-echo router-http-echo-test1.internalapps.ci-ln-q8q318t-d5d6b.origin-ci-int-aws.dev.rhcloud.com ... 1 more router-http-echo router-http-echo None $ curl router-http-echo-test1.internalapps.ci-ln-q8q318t-d5d6b.origin-ci-int-aws.dev.rhcloud.com -H X-foo:foo -H X-Bar:Bar -H X-BaZ:BaZ GET / HTTP/1.1 User-Agent: curl/7.68.0 Accept: */* X-foo:foo X-Bar:Bar X-BaZ:BaZ Host: router-http-echo-test1.internalapps.ci-ln-q8q318t-d5d6b.origin-ci-int-aws.dev.rhcloud.com X-Forwarded-Host: router-http-echo-test1.internalapps.ci-ln-q8q318t-d5d6b.origin-ci-int-aws.dev.rhcloud.com X-Forwarded-Port: 80 X-Forwarded-Proto: http Forwarded: for=182.70.60.193;host=router-http-echo-test1.internalapps.ci-ln-q8q318t-d5d6b.origin-ci-int-aws.dev.rhcloud.com;proto=http X-Forwarded-For: 182.70.60.193 -----
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.4.32 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0029