--proxy-gid uint Group ID for proxy control plane sockets. (default 1337)
--proxy-idle-timeout-seconds int Set Envoy upstream HTTP idle connection timeout in seconds. Does not apply to connections with pending requests. (default 60)
--proxy-initial-fetch-timeout uint Time after which an xDS stream is considered timed out (in seconds) (default 30)
+ --proxy-max-active-downstream-connections int Set Envoy HTTP option max_active_downstream_connections (default 50000)
--proxy-max-concurrent-retries uint32 Maximum number of concurrent retries on Envoy clusters (default 128)
--proxy-max-connection-duration-seconds int Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable)
--proxy-max-requests-per-connection int Set Envoy HTTP option max_requests_per_connection. Default 0 (disable)
--proxy-gid uint Group ID for proxy control plane sockets. (default 1337)
--proxy-idle-timeout-seconds int Set Envoy upstream HTTP idle connection timeout in seconds. Does not apply to connections with pending requests. (default 60)
--proxy-initial-fetch-timeout uint Time after which an xDS stream is considered timed out (in seconds) (default 30)
+ --proxy-max-active-downstream-connections int Set Envoy HTTP option max_active_downstream_connections (default 50000)
--proxy-max-concurrent-retries uint32 Maximum number of concurrent retries on Envoy clusters (default 128)
--proxy-max-connection-duration-seconds int Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable)
--proxy-max-requests-per-connection int Set Envoy HTTP option max_requests_per_connection. Default 0 (disable)
--proxy-gid uint Group ID for proxy control plane sockets. (default 1337)
--proxy-idle-timeout-seconds int Set Envoy upstream HTTP idle connection timeout in seconds. Does not apply to connections with pending requests. (default 60)
--proxy-initial-fetch-timeout uint Time after which an xDS stream is considered timed out (in seconds) (default 30)
+ --proxy-max-active-downstream-connections int Set Envoy HTTP option max_active_downstream_connections (default 50000)
--proxy-max-concurrent-retries uint32 Maximum number of concurrent retries on Envoy clusters (default 128)
--proxy-max-connection-duration-seconds int Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable)
--proxy-max-requests-per-connection int Set Envoy HTTP option max_requests_per_connection. Default 0 (disable)
- Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable)
- int
- ``0``
+ * - :spelling:ignore:`envoy.maxGlobalDownstreamConnections`
+ - Maximum number of global downstream connections
+ - int
+ - ``50000``
* - :spelling:ignore:`envoy.maxRequestsPerConnection`
- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy
- int
| envoy.log.path | string | `""` | Path to a separate Envoy log file, if any. Defaults to /dev/stdout. |
| envoy.maxConcurrentRetries | int | `128` | Maximum number of concurrent retries on Envoy clusters |
| envoy.maxConnectionDurationSeconds | int | `0` | Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) |
+| envoy.maxGlobalDownstreamConnections | int | `50000` | Maximum number of global downstream connections |
| envoy.maxRequestsPerConnection | int | `0` | ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy |
| envoy.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for cilium-envoy. |
| envoy.podAnnotations | object | `{}` | Annotations to be added to envoy pods |
- name: "envoy.resource_monitors.global_downstream_max_connections"
typedConfig:
"@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig"
- max_active_downstream_connections: "50000"
+ max_active_downstream_connections: "{{ .Values.envoy.maxGlobalDownstreamConnections }}"
applicationLogConfig:
logFormat:
{{- if .Values.envoy.log.format_json }}
proxy-xff-num-trusted-hops-egress: {{ .Values.envoy.xffNumTrustedHopsL7PolicyEgress | quote }}
proxy-connect-timeout: {{ .Values.envoy.connectTimeoutSeconds | quote }}
proxy-initial-fetch-timeout: {{ .Values.envoy.initialFetchTimeoutSeconds | quote }}
+ proxy-max-active-downstream-connections: {{ .Values.envoy.maxGlobalDownstreamConnections | quote }}
proxy-max-requests-per-connection: {{ .Values.envoy.maxRequestsPerConnection | quote }}
proxy-max-connection-duration-seconds: {{ .Values.envoy.maxConnectionDurationSeconds | quote }}
proxy-idle-timeout-seconds: {{ .Values.envoy.idleTimeoutDurationSeconds | quote }}
"maxConnectionDurationSeconds": {
"type": "integer"
},
+ "maxGlobalDownstreamConnections": {
+ "type": "integer"
+ },
"maxRequestsPerConnection": {
"type": "integer"
},
clusterMaxConnections: 1024
# -- Maximum number of requests on Envoy clusters
clusterMaxRequests: 1024
+ # -- Maximum number of global downstream connections
+ maxGlobalDownstreamConnections: 50000
# -- Maximum number of retries for each HTTP request
httpRetryCount: 3
# -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy
clusterMaxConnections: 1024
# -- Maximum number of requests on Envoy clusters
clusterMaxRequests: 1024
+ # -- Maximum number of global downstream connections
+ maxGlobalDownstreamConnections: 50000
# -- Maximum number of retries for each HTTP request
httpRetryCount: 3
# -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy
if !option.Config.ExternalEnvoyProxy {
return &onDemandXdsStarter{
- XDSServer: xdsServer,
- logger: params.Logger,
- runDir: option.Config.RunDir,
- envoyLogPath: params.EnvoyProxyConfig.EnvoyLog,
- envoyDefaultLogLevel: params.EnvoyProxyConfig.EnvoyDefaultLogLevel,
- envoyBaseID: params.EnvoyProxyConfig.EnvoyBaseID,
- keepCapNetBindService: params.EnvoyProxyConfig.EnvoyKeepCapNetbindservice,
- metricsListenerPort: params.EnvoyProxyConfig.ProxyPrometheusPort,
- adminListenerPort: params.EnvoyProxyConfig.ProxyAdminPort,
- connectTimeout: int64(params.EnvoyProxyConfig.ProxyConnectTimeout),
- maxRequestsPerConnection: uint32(params.EnvoyProxyConfig.ProxyMaxRequestsPerConnection),
- maxConnectionDuration: time.Duration(params.EnvoyProxyConfig.ProxyMaxConnectionDurationSeconds) * time.Second,
- idleTimeout: time.Duration(params.EnvoyProxyConfig.ProxyIdleTimeoutSeconds) * time.Second,
- maxConcurrentRetries: params.EnvoyProxyConfig.ProxyMaxConcurrentRetries,
- maxConnections: params.EnvoyProxyConfig.ProxyClusterMaxConnections,
- maxRequests: params.EnvoyProxyConfig.ProxyClusterMaxRequests,
+ XDSServer: xdsServer,
+ logger: params.Logger,
+ runDir: option.Config.RunDir,
+ envoyLogPath: params.EnvoyProxyConfig.EnvoyLog,
+ envoyDefaultLogLevel: params.EnvoyProxyConfig.EnvoyDefaultLogLevel,
+ envoyBaseID: params.EnvoyProxyConfig.EnvoyBaseID,
+ keepCapNetBindService: params.EnvoyProxyConfig.EnvoyKeepCapNetbindservice,
+ metricsListenerPort: params.EnvoyProxyConfig.ProxyPrometheusPort,
+ adminListenerPort: params.EnvoyProxyConfig.ProxyAdminPort,
+ connectTimeout: int64(params.EnvoyProxyConfig.ProxyConnectTimeout),
+ maxActiveDownstreamConnections: params.EnvoyProxyConfig.ProxyMaxActiveDownstreamConnections,
+ maxRequestsPerConnection: uint32(params.EnvoyProxyConfig.ProxyMaxRequestsPerConnection),
+ maxConnectionDuration: time.Duration(params.EnvoyProxyConfig.ProxyMaxConnectionDurationSeconds) * time.Second,
+ idleTimeout: time.Duration(params.EnvoyProxyConfig.ProxyIdleTimeoutSeconds) * time.Second,
+ maxConcurrentRetries: params.EnvoyProxyConfig.ProxyMaxConcurrentRetries,
+ maxConnections: params.EnvoyProxyConfig.ProxyClusterMaxConnections,
+ maxRequests: params.EnvoyProxyConfig.ProxyClusterMaxRequests,
}, nil
}
)
type ProxyConfig struct {
- DisableEnvoyVersionCheck bool
- ProxyPrometheusPort int
- ProxyAdminPort int
- EnvoyLog string
- EnvoyAccessLogBufferSize uint
- EnvoyDefaultLogLevel string
- EnvoyBaseID uint64
- EnvoyKeepCapNetbindservice bool
- ProxyConnectTimeout uint
- ProxyInitialFetchTimeout uint
- ProxyGID uint
- ProxyMaxRequestsPerConnection int
- ProxyMaxConnectionDurationSeconds int
- ProxyIdleTimeoutSeconds int
- ProxyMaxConcurrentRetries uint32
- ProxyClusterMaxConnections uint32
- ProxyClusterMaxRequests uint32
- HTTPNormalizePath bool
- HTTPRequestTimeout uint
- HTTPIdleTimeout uint
- HTTPMaxGRPCTimeout uint
- HTTPRetryCount uint
- HTTPRetryTimeout uint
- HTTPStreamIdleTimeout uint
- UseFullTLSContext bool
- ProxyXffNumTrustedHopsIngress uint32
- ProxyXffNumTrustedHopsEgress uint32
- EnvoyPolicyRestoreTimeout time.Duration
- EnvoyHTTPUpstreamLingerTimeout int
+ DisableEnvoyVersionCheck bool
+ ProxyPrometheusPort int
+ ProxyAdminPort int
+ EnvoyLog string
+ EnvoyAccessLogBufferSize uint
+ EnvoyDefaultLogLevel string
+ EnvoyBaseID uint64
+ EnvoyKeepCapNetbindservice bool
+ ProxyConnectTimeout uint
+ ProxyInitialFetchTimeout uint
+ ProxyGID uint
+ ProxyMaxActiveDownstreamConnections int64
+ ProxyMaxRequestsPerConnection int
+ ProxyMaxConnectionDurationSeconds int
+ ProxyIdleTimeoutSeconds int
+ ProxyMaxConcurrentRetries uint32
+ ProxyClusterMaxConnections uint32
+ ProxyClusterMaxRequests uint32
+ HTTPNormalizePath bool
+ HTTPRequestTimeout uint
+ HTTPIdleTimeout uint
+ HTTPMaxGRPCTimeout uint
+ HTTPRetryCount uint
+ HTTPRetryTimeout uint
+ HTTPStreamIdleTimeout uint
+ UseFullTLSContext bool
+ ProxyXffNumTrustedHopsIngress uint32
+ ProxyXffNumTrustedHopsEgress uint32
+ EnvoyPolicyRestoreTimeout time.Duration
+ EnvoyHTTPUpstreamLingerTimeout int
}
func (r ProxyConfig) Flags(flags *pflag.FlagSet) {
flags.Uint("proxy-connect-timeout", 2, "Time after which a TCP connect attempt is considered failed unless completed (in seconds)")
flags.Uint("proxy-initial-fetch-timeout", 30, "Time after which an xDS stream is considered timed out (in seconds)")
flags.Uint("proxy-gid", 1337, "Group ID for proxy control plane sockets.")
+ flags.Int64("proxy-max-active-downstream-connections", 50000, "Set Envoy HTTP option max_active_downstream_connections")
flags.Int("proxy-max-requests-per-connection", 0, "Set Envoy HTTP option max_requests_per_connection. Default 0 (disable)")
flags.Int("proxy-max-connection-duration-seconds", 0, "Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable)")
flags.Int("proxy-idle-timeout-seconds", 60, "Set Envoy upstream HTTP idle connection timeout in seconds. Does not apply to connections with pending requests.")
const (
ciliumEnvoyStarter = "cilium-envoy-starter"
ciliumEnvoy = "cilium-envoy"
-
- maxActiveDownstreamConnections = 50000
)
// EnableTracing changes Envoy log level to "trace", producing the most logs.
}
type embeddedEnvoyConfig struct {
- runDir string
- logPath string
- defaultLogLevel string
- baseID uint64
- keepCapNetBindService bool
- connectTimeout int64
- maxRequestsPerConnection uint32
- maxConnectionDuration time.Duration
- idleTimeout time.Duration
- maxConcurrentRetries uint32
- maxConnections uint32
- maxRequests uint32
+ runDir string
+ logPath string
+ defaultLogLevel string
+ baseID uint64
+ keepCapNetBindService bool
+ connectTimeout int64
+ maxActiveDownstreamConnections int64
+ maxRequestsPerConnection uint32
+ maxConnectionDuration time.Duration
+ idleTimeout time.Duration
+ maxConcurrentRetries uint32
+ maxConnections uint32
+ maxRequests uint32
}
// startEmbeddedEnvoyInternal starts an Envoy proxy instance.
bootstrapFilePath := filepath.Join(bootstrapDir, "bootstrap.pb")
o.writeBootstrapConfigFile(bootstrapConfig{
- filePath: bootstrapFilePath,
- nodeId: "host~127.0.0.1~no-id~localdomain", // node id format inherited from Istio
- cluster: ingressClusterName,
- adminPath: getAdminSocketPath(GetSocketDir(config.runDir)),
- xdsSock: getXDSSocketPath(GetSocketDir(config.runDir)),
- egressClusterName: egressClusterName,
- ingressClusterName: ingressClusterName,
- connectTimeout: config.connectTimeout,
- maxRequestsPerConnection: config.maxRequestsPerConnection,
- maxConnectionDuration: config.maxConnectionDuration,
- idleTimeout: config.idleTimeout,
- maxConcurrentRetries: config.maxConcurrentRetries,
- maxConnections: config.maxConnections,
- maxRequests: config.maxRequests,
+ filePath: bootstrapFilePath,
+ nodeId: "host~127.0.0.1~no-id~localdomain", // node id format inherited from Istio
+ cluster: ingressClusterName,
+ adminPath: getAdminSocketPath(GetSocketDir(config.runDir)),
+ xdsSock: getXDSSocketPath(GetSocketDir(config.runDir)),
+ egressClusterName: egressClusterName,
+ ingressClusterName: ingressClusterName,
+ connectTimeout: config.connectTimeout,
+ maxRequestsPerConnection: config.maxRequestsPerConnection,
+ maxActiveDownstreamConnections: config.maxActiveDownstreamConnections,
+ maxConnectionDuration: config.maxConnectionDuration,
+ idleTimeout: config.idleTimeout,
+ maxConcurrentRetries: config.maxConcurrentRetries,
+ maxConnections: config.maxConnections,
+ maxRequests: config.maxRequests,
})
o.logger.Debug("Envoy: Starting embedded Envoy")
}
type bootstrapConfig struct {
- filePath string
- nodeId string
- cluster string
- adminPath string
- xdsSock string
- egressClusterName string
- ingressClusterName string
- connectTimeout int64
- maxRequestsPerConnection uint32
- maxConnectionDuration time.Duration
- idleTimeout time.Duration
- maxConcurrentRetries uint32
- maxConnections uint32
- maxRequests uint32
+ filePath string
+ nodeId string
+ cluster string
+ adminPath string
+ xdsSock string
+ egressClusterName string
+ ingressClusterName string
+ connectTimeout int64
+ maxActiveDownstreamConnections int64
+ maxRequestsPerConnection uint32
+ maxConnectionDuration time.Duration
+ idleTimeout time.Duration
+ maxConcurrentRetries uint32
+ maxConnections uint32
+ maxRequests uint32
}
func (o *onDemandXdsStarter) writeBootstrapConfigFile(config bootstrapConfig) {
Name: "envoy.resource_monitors.global_downstream_max_connections",
ConfigType: &envoy_config_overload.ResourceMonitor_TypedConfig{
TypedConfig: toAny(&envoy_extensions_resource_monitors_downstream_connections.DownstreamConnectionsConfig{
- MaxActiveDownstreamConnections: maxActiveDownstreamConnections,
+ MaxActiveDownstreamConnections: config.maxActiveDownstreamConnections,
}),
},
}},
type onDemandXdsStarter struct {
XDSServer
- logger *slog.Logger
- runDir string
- envoyLogPath string
- envoyDefaultLogLevel string
- envoyBaseID uint64
- keepCapNetBindService bool
- metricsListenerPort int
- adminListenerPort int
- connectTimeout int64
- maxRequestsPerConnection uint32
- maxConnectionDuration time.Duration
- idleTimeout time.Duration
- maxConcurrentRetries uint32
- maxConnections uint32
- maxRequests uint32
+ logger *slog.Logger
+ runDir string
+ envoyLogPath string
+ envoyDefaultLogLevel string
+ envoyBaseID uint64
+ keepCapNetBindService bool
+ metricsListenerPort int
+ adminListenerPort int
+ connectTimeout int64
+ maxActiveDownstreamConnections int64
+ maxRequestsPerConnection uint32
+ maxConnectionDuration time.Duration
+ idleTimeout time.Duration
+ maxConcurrentRetries uint32
+ maxConnections uint32
+ maxRequests uint32
envoyOnce sync.Once
}
o.envoyOnce.Do(func() {
// Start embedded Envoy on first invocation
_, startErr = o.startEmbeddedEnvoyInternal(embeddedEnvoyConfig{
- runDir: o.runDir,
- logPath: o.envoyLogPath,
- defaultLogLevel: o.envoyDefaultLogLevel,
- baseID: o.envoyBaseID,
- keepCapNetBindService: o.keepCapNetBindService,
- connectTimeout: o.connectTimeout,
- maxRequestsPerConnection: o.maxRequestsPerConnection,
- maxConnectionDuration: o.maxConnectionDuration,
- idleTimeout: o.idleTimeout,
- maxConcurrentRetries: o.maxConcurrentRetries,
- maxConnections: o.maxConnections,
- maxRequests: o.maxRequests,
+ runDir: o.runDir,
+ logPath: o.envoyLogPath,
+ defaultLogLevel: o.envoyDefaultLogLevel,
+ baseID: o.envoyBaseID,
+ keepCapNetBindService: o.keepCapNetBindService,
+ connectTimeout: o.connectTimeout,
+ maxActiveDownstreamConnections: o.maxActiveDownstreamConnections,
+ maxRequestsPerConnection: o.maxRequestsPerConnection,
+ maxConnectionDuration: o.maxConnectionDuration,
+ idleTimeout: o.idleTimeout,
+ maxConcurrentRetries: o.maxConcurrentRetries,
+ maxConnections: o.maxConnections,
+ maxRequests: o.maxRequests,
})
// Add Prometheus listener if the port is (properly) configured
projects / 0xmirror / cilium.git / commitdiff