From 88fa8c4df38a8ae5a87d8d597ecce70b648c6b79 Mon Sep 17 00:00:00 2001 From: Felix Wolf Date: Sun, 12 Apr 2026 18:49:02 +0200 Subject: [PATCH] fix(traefik): increase read-timeout to avoid crashing ocis for large uploads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Traefik's default readTimeout of 60s killing the upload connection. The cascade was: 1. Large upload exceeds 60s → Traefik kills connection 2. storageusers floods with NetworkTimeoutError 3. Aborted uploads generate tons of NATS events 4. NATS gets overwhelmed → no response from stream 5. Proxy can't resolve user roles → login returns 500 --- prototypes/traefik/helm/traefik.yaml | 6 ++++++ rendered/envs/production/traefik/daemonset-traefik.yaml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/prototypes/traefik/helm/traefik.yaml b/prototypes/traefik/helm/traefik.yaml index 5d3bda6..35d87e9 100644 --- a/prototypes/traefik/helm/traefik.yaml +++ b/prototypes/traefik/helm/traefik.yaml @@ -11,8 +11,14 @@ deployment: ports: web: hostPort: 80 + transport: + respondingTimeouts: + readTimeout: 600s websecure: hostPort: 443 + transport: + respondingTimeouts: + readTimeout: 600s metrics: expose: default: true diff --git a/rendered/envs/production/traefik/daemonset-traefik.yaml b/rendered/envs/production/traefik/daemonset-traefik.yaml index c4a22de..76685e9 100644 --- a/rendered/envs/production/traefik/daemonset-traefik.yaml +++ b/rendered/envs/production/traefik/daemonset-traefik.yaml @@ -44,7 +44,9 @@ spec: - --providers.kubernetesingress - --providers.kubernetesingress.allowEmptyServices=true - --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik + - --entryPoints.web.transport.respondingTimeouts.readTimeout=600s - --entryPoints.websecure.http.tls=true + - --entryPoints.websecure.transport.respondingTimeouts.readTimeout=600s - --log.level=INFO env: - name: POD_NAME