diff --git a/pkg/ingress/kube/configmap/global.go b/pkg/ingress/kube/configmap/global.go index f7db0d41e..548ee75d7 100644 --- a/pkg/ingress/kube/configmap/global.go +++ b/pkg/ingress/kube/configmap/global.go @@ -37,15 +37,16 @@ const ( minInitialConnectionWindowSize = 65535 maxInitialConnectionWindowSize = 2147483647 - defaultIdleTimeout = 180 - defaultUpStreamIdleTimeout = 10 - defaultMaxRequestHeadersKb = 60 - defaultConnectionBufferLimits = 32768 - defaultMaxConcurrentStreams = 100 - defaultInitialStreamWindowSize = 65535 - defaultInitialConnectionWindowSize = 1048576 - defaultAddXRealIpHeader = false - defaultDisableXEnvoyHeaders = false + defaultIdleTimeout = 180 + defaultUpStreamIdleTimeout = 10 + defaultUpStreamConnectionBufferLimits = 10485760 + defaultMaxRequestHeadersKb = 60 + defaultConnectionBufferLimits = 32768 + defaultMaxConcurrentStreams = 100 + defaultInitialStreamWindowSize = 65535 + defaultInitialConnectionWindowSize = 1048576 + defaultAddXRealIpHeader = false + defaultDisableXEnvoyHeaders = false ) // Global configures the behavior of the downstream connection, x-real-ip header and x-envoy headers. @@ -72,6 +73,8 @@ type Downstream struct { type Upstream struct { // IdleTimeout limits the time that a connection may be idle on the upstream. IdleTimeout uint32 `json:"idleTimeout"` + // ConnectionBufferLimits configures the buffer size limits for connections. + ConnectionBufferLimits uint32 `json:"connectionBufferLimits,omitempty"` } // Http2 configures HTTP/2 specific options. @@ -158,6 +161,7 @@ func deepCopyGlobal(global *Global) (*Global, error) { } if global.Upstream != nil { newGlobal.Upstream.IdleTimeout = global.Upstream.IdleTimeout + newGlobal.Upstream.ConnectionBufferLimits = global.Upstream.ConnectionBufferLimits } newGlobal.AddXRealIpHeader = global.AddXRealIpHeader newGlobal.DisableXEnvoyHeaders = global.DisableXEnvoyHeaders @@ -187,7 +191,8 @@ func NewDefaultDownstream() *Downstream { // NewDefaultUpStream returns a default upstream config. func NewDefaultUpStream() *Upstream { return &Upstream{ - IdleTimeout: defaultUpStreamIdleTimeout, + IdleTimeout: defaultUpStreamIdleTimeout, + ConnectionBufferLimits: defaultUpStreamConnectionBufferLimits, } } @@ -339,10 +344,11 @@ func (g *GlobalOptionController) ConstructEnvoyFilters() ([]*config.Config, erro } upstreamStruct := g.constructUpstream(global.Upstream) + bufferLimitStruct = g.constructUpstreamBufferLimit(global.Upstream) if len(upstreamStruct) == 0 { return generateEnvoyFilter(namespace, configPatch), nil } - upstreamConfig := g.generateUpstreamEnvoyFilter(upstreamStruct, namespace) + upstreamConfig := g.generateUpstreamEnvoyFilter(upstreamStruct, bufferLimitStruct, namespace) configPatch = append(configPatch, upstreamConfig...) return generateEnvoyFilter(namespace, configPatch), nil @@ -404,7 +410,7 @@ func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueSt return downstreamConfig } -func (g *GlobalOptionController) generateUpstreamEnvoyFilter(upstreamValueStruct string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch { +func (g *GlobalOptionController) generateUpstreamEnvoyFilter(upstreamValueStruct string, bufferLimit string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch { upstreamConfig := []*networking.EnvoyFilter_EnvoyConfigObjectPatch{ { ApplyTo: networking.EnvoyFilter_CLUSTER, @@ -416,6 +422,16 @@ func (g *GlobalOptionController) generateUpstreamEnvoyFilter(upstreamValueStruct Value: util.BuildPatchStruct(upstreamValueStruct), }, }, + { + ApplyTo: networking.EnvoyFilter_CLUSTER, + Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{ + Context: networking.EnvoyFilter_GATEWAY, + }, + Patch: &networking.EnvoyFilter_Patch{ + Operation: networking.EnvoyFilter_Patch_MERGE, + Value: util.BuildPatchStruct(bufferLimit), + }, + }, } return upstreamConfig } @@ -531,6 +547,16 @@ func (g *GlobalOptionController) constructUpstream(upstream *Upstream) string { return upstreamConfig } +// constructUpstreamBufferLimit constructs the upstream buffer limit config. +func (g *GlobalOptionController) constructUpstreamBufferLimit(upstream *Upstream) string { + upstreamBufferLimitStruct := fmt.Sprintf(` + { + "per_connection_buffer_limit_bytes": %d + } + `, upstream.ConnectionBufferLimits) + return upstreamBufferLimitStruct +} + // constructAddXRealIpHeader constructs the add x-real-ip header config. func (g *GlobalOptionController) constructAddXRealIpHeader() string { addXRealIpHeaderStruct := fmt.Sprintf(` diff --git a/test/e2e/conformance/tests/configmap-global.go b/test/e2e/conformance/tests/configmap-global.go index c056ce43a..fa63dc26d 100644 --- a/test/e2e/conformance/tests/configmap-global.go +++ b/test/e2e/conformance/tests/configmap-global.go @@ -52,7 +52,8 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ }, }, Upstream: &configmap.Upstream{ - IdleTimeout: 10, + IdleTimeout: 10, + ConnectionBufferLimits: 10485760, }, DisableXEnvoyHeaders: true, AddXRealIpHeader: true, @@ -128,6 +129,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -146,7 +148,8 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ }, }, Upstream: &configmap.Upstream{ - IdleTimeout: 10, + IdleTimeout: 10, + ConnectionBufferLimits: 10485760, }, DisableXEnvoyHeaders: true, }, @@ -214,6 +217,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -232,7 +236,8 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ }, }, Upstream: &configmap.Upstream{ - IdleTimeout: 10, + IdleTimeout: 10, + ConnectionBufferLimits: 10485760, }, AddXRealIpHeader: true, }, @@ -305,6 +310,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -323,7 +329,8 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ }, }, Upstream: &configmap.Upstream{ - IdleTimeout: 10, + IdleTimeout: 10, + ConnectionBufferLimits: 10485760, }, }, envoyAssertion: []envoy.Assertion{ @@ -388,6 +395,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -559,6 +567,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -805,6 +814,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "10s", }, + "per_connection_buffer_limit_bytes": 10485760, }, }, }, @@ -823,7 +833,8 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ }, }, Upstream: &configmap.Upstream{ - IdleTimeout: 0, + IdleTimeout: 0, + ConnectionBufferLimits: 32768, }, DisableXEnvoyHeaders: true, AddXRealIpHeader: true, @@ -899,6 +910,7 @@ var ConfigMapGlobalEnvoy = suite.ConformanceTest{ "common_http_protocol_options": map[string]interface{}{ "idle_timeout": "0s", }, + "per_connection_buffer_limit_bytes": 32768, }, }, },