Allow changing per_connection_buffer_limit_bytes using contour configuration for clusters (#5493)

Fixes #5264
Fixes #1408

Signed-off-by: Rajat Vig <[email protected]>

Author: rajatvig

apis/projectcontour/v1alpha1/contourconfig.go

@@ -605,6 +605,15 @@ type ClusterParameters struct {
 	// +kubebuilder:validation:Minimum=1
 	// +optional
 	MaxRequestsPerConnection *uint32 `json:"maxRequestsPerConnection,omitempty"`
+
+	// Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.
+	// If unspecified, an implementation defined default is applied (1MiB).
+	// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+	// for more information.
+	//
+	// +kubebuilder:validation:Minimum=1
+	// +optional
+	PerConnectionBufferLimitBytes *uint32 `json:"per-connection-buffer-limit-bytes,omitempty"`
 }
 
 // HTTPProxyConfig defines parameters on HTTPProxy.

apis/projectcontour/v1alpha1/zz_generated.deepcopy.go

@@ -0,0 +1,3 @@
+## Allow setting of `per_connection_buffer_limit_bytes` value for Clusters
+
+Allow changing `per_connection_buffer_limit_bytes` for all Clusters. Default is not set to keep compatibility with existing configurations. Envoy [recommends](https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge) setting to 32KiB for Edge proxies.

changelogs/unreleased/5493-rajatvig-minor.md

@@ -517,6 +517,7 @@ func (s *Server) doServe() error {
 		httpsPort:                          contourConfiguration.Envoy.HTTPSListener.Port,
 		globalExternalAuthorizationService: contourConfiguration.GlobalExternalAuthorization,
 		maxRequestsPerConnection:           contourConfiguration.Envoy.Cluster.MaxRequestsPerConnection,
+		perConnectionBufferLimitBytes:      contourConfiguration.Envoy.Cluster.PerConnectionBufferLimitBytes,
 	})
 
 	// Build the core Kubernetes event handler.
@@ -1048,6 +1049,7 @@ type dagBuilderConfig struct {
 	httpsPort                          int
 	globalExternalAuthorizationService *contour_api_v1.AuthorizationServer
 	maxRequestsPerConnection           *uint32
+	perConnectionBufferLimitBytes      *uint32
 }
 
 func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder {
@@ -1109,12 +1111,14 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder {
 			HTTPSPort:    dbc.httpsPort,
 		},
 		&dag.IngressProcessor{
-			EnableExternalNameService: dbc.enableExternalNameService,
-			FieldLogger:               s.log.WithField("context", "IngressProcessor"),
-			ClientCertificate:         dbc.clientCert,
-			RequestHeadersPolicy:      &requestHeadersPolicyIngress,
-			ResponseHeadersPolicy:     &responseHeadersPolicyIngress,
-			ConnectTimeout:            dbc.connectTimeout,
+			EnableExternalNameService:     dbc.enableExternalNameService,
+			FieldLogger:                   s.log.WithField("context", "IngressProcessor"),
+			ClientCertificate:             dbc.clientCert,
+			RequestHeadersPolicy:          &requestHeadersPolicyIngress,
+			ResponseHeadersPolicy:         &responseHeadersPolicyIngress,
+			ConnectTimeout:                dbc.connectTimeout,
+			MaxRequestsPerConnection:      dbc.maxRequestsPerConnection,
+			PerConnectionBufferLimitBytes: dbc.perConnectionBufferLimitBytes,
 		},
 		&dag.ExtensionServiceProcessor{
 			// Note that ExtensionService does not support ExternalName, if it does get added,
@@ -1124,24 +1128,27 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder {
 			ConnectTimeout:    dbc.connectTimeout,
 		},
 		&dag.HTTPProxyProcessor{
-			EnableExternalNameService:   dbc.enableExternalNameService,
-			DisablePermitInsecure:       dbc.disablePermitInsecure,
-			FallbackCertificate:         dbc.fallbackCert,
-			DNSLookupFamily:             dbc.dnsLookupFamily,
-			ClientCertificate:           dbc.clientCert,
-			RequestHeadersPolicy:        &requestHeadersPolicy,
-			ResponseHeadersPolicy:       &responseHeadersPolicy,
-			ConnectTimeout:              dbc.connectTimeout,
-			GlobalExternalAuthorization: dbc.globalExternalAuthorizationService,
-			MaxRequestsPerConnection:    dbc.maxRequestsPerConnection,
+			EnableExternalNameService:     dbc.enableExternalNameService,
+			DisablePermitInsecure:         dbc.disablePermitInsecure,
+			FallbackCertificate:           dbc.fallbackCert,
+			DNSLookupFamily:               dbc.dnsLookupFamily,
+			ClientCertificate:             dbc.clientCert,
+			RequestHeadersPolicy:          &requestHeadersPolicy,
+			ResponseHeadersPolicy:         &responseHeadersPolicy,
+			ConnectTimeout:                dbc.connectTimeout,
+			GlobalExternalAuthorization:   dbc.globalExternalAuthorizationService,
+			MaxRequestsPerConnection:      dbc.maxRequestsPerConnection,
+			PerConnectionBufferLimitBytes: dbc.perConnectionBufferLimitBytes,
 		},
 	}
 
 	if len(dbc.gatewayControllerName) > 0 || dbc.gatewayRef != nil {
 		dagProcessors = append(dagProcessors, &dag.GatewayAPIProcessor{
-			EnableExternalNameService: dbc.enableExternalNameService,
-			FieldLogger:               s.log.WithField("context", "GatewayAPIProcessor"),
-			ConnectTimeout:            dbc.connectTimeout,
+			EnableExternalNameService:     dbc.enableExternalNameService,
+			FieldLogger:                   s.log.WithField("context", "GatewayAPIProcessor"),
+			ConnectTimeout:                dbc.connectTimeout,
+			MaxRequestsPerConnection:      dbc.maxRequestsPerConnection,
+			PerConnectionBufferLimitBytes: dbc.perConnectionBufferLimitBytes,
 		})
 	}
 

cmd/contour/serve.go

@@ -560,8 +560,9 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
 			DefaultHTTPVersions: defaultHTTPVersions,
 			Timeouts:            timeoutParams,
 			Cluster: &contour_api_v1alpha1.ClusterParameters{
-				DNSLookupFamily:          dnsLookupFamily,
-				MaxRequestsPerConnection: ctx.Config.Cluster.MaxRequestsPerConnection,
+				DNSLookupFamily:               dnsLookupFamily,
+				MaxRequestsPerConnection:      ctx.Config.Cluster.MaxRequestsPerConnection,
+				PerConnectionBufferLimitBytes: ctx.Config.Cluster.PerConnectionBufferLimitBytes,
 			},
 			Network: &contour_api_v1alpha1.NetworkParameters{
 				XffNumTrustedHops: &ctx.Config.Network.XffNumTrustedHops,

cmd/contour/servecontext.go

@@ -102,6 +102,15 @@ spec:
                         format: int32
                         minimum: 1
                         type: integer
+                      per-connection-buffer-limit-bytes:
+                        description: Defines the soft limit on size of the cluster’s
+                          new connection read and write buffers in bytes. If unspecified,
+                          an implementation defined default is applied (1MiB). see
+                          https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                          for more information.
+                        format: int32
+                        minimum: 1
+                        type: integer
                     type: object
                   defaultHTTPVersions:
                     description: "DefaultHTTPVersions defines the default set of HTTPS
@@ -3297,6 +3306,15 @@ spec:
                             format: int32
                             minimum: 1
                             type: integer
+                          per-connection-buffer-limit-bytes:
+                            description: Defines the soft limit on size of the cluster’s
+                              new connection read and write buffers in bytes. If unspecified,
+                              an implementation defined default is applied (1MiB).
+                              see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                              for more information.
+                            format: int32
+                            minimum: 1
+                            type: integer
                         type: object
                       defaultHTTPVersions:
                         description: "DefaultHTTPVersions defines the default set

examples/contour/01-crds.yaml

@@ -315,6 +315,15 @@ spec:
                         format: int32
                         minimum: 1
                         type: integer
+                      per-connection-buffer-limit-bytes:
+                        description: Defines the soft limit on size of the cluster’s
+                          new connection read and write buffers in bytes. If unspecified,
+                          an implementation defined default is applied (1MiB). see
+                          https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                          for more information.
+                        format: int32
+                        minimum: 1
+                        type: integer
                     type: object
                   defaultHTTPVersions:
                     description: "DefaultHTTPVersions defines the default set of HTTPS
@@ -3510,6 +3519,15 @@ spec:
                             format: int32
                             minimum: 1
                             type: integer
+                          per-connection-buffer-limit-bytes:
+                            description: Defines the soft limit on size of the cluster’s
+                              new connection read and write buffers in bytes. If unspecified,
+                              an implementation defined default is applied (1MiB).
+                              see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                              for more information.
+                            format: int32
+                            minimum: 1
+                            type: integer
                         type: object
                       defaultHTTPVersions:
                         description: "DefaultHTTPVersions defines the default set

examples/render/contour-deployment.yaml

@@ -116,6 +116,15 @@ spec:
                         format: int32
                         minimum: 1
                         type: integer
+                      per-connection-buffer-limit-bytes:
+                        description: Defines the soft limit on size of the cluster’s
+                          new connection read and write buffers in bytes. If unspecified,
+                          an implementation defined default is applied (1MiB). see
+                          https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                          for more information.
+                        format: int32
+                        minimum: 1
+                        type: integer
                     type: object
                   defaultHTTPVersions:
                     description: "DefaultHTTPVersions defines the default set of HTTPS
@@ -3311,6 +3320,15 @@ spec:
                             format: int32
                             minimum: 1
                             type: integer
+                          per-connection-buffer-limit-bytes:
+                            description: Defines the soft limit on size of the cluster’s
+                              new connection read and write buffers in bytes. If unspecified,
+                              an implementation defined default is applied (1MiB).
+                              see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                              for more information.
+                            format: int32
+                            minimum: 1
+                            type: integer
                         type: object
                       defaultHTTPVersions:
                         description: "DefaultHTTPVersions defines the default set

examples/render/contour-gateway-provisioner.yaml

@@ -321,6 +321,15 @@ spec:
                         format: int32
                         minimum: 1
                         type: integer
+                      per-connection-buffer-limit-bytes:
+                        description: Defines the soft limit on size of the cluster’s
+                          new connection read and write buffers in bytes. If unspecified,
+                          an implementation defined default is applied (1MiB). see
+                          https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                          for more information.
+                        format: int32
+                        minimum: 1
+                        type: integer
                     type: object
                   defaultHTTPVersions:
                     description: "DefaultHTTPVersions defines the default set of HTTPS
@@ -3516,6 +3525,15 @@ spec:
                             format: int32
                             minimum: 1
                             type: integer
+                          per-connection-buffer-limit-bytes:
+                            description: Defines the soft limit on size of the cluster’s
+                              new connection read and write buffers in bytes. If unspecified,
+                              an implementation defined default is applied (1MiB).
+                              see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                              for more information.
+                            format: int32
+                            minimum: 1
+                            type: integer
                         type: object
                       defaultHTTPVersions:
                         description: "DefaultHTTPVersions defines the default set

examples/render/contour-gateway.yaml

@@ -315,6 +315,15 @@ spec:
                         format: int32
                         minimum: 1
                         type: integer
+                      per-connection-buffer-limit-bytes:
+                        description: Defines the soft limit on size of the cluster’s
+                          new connection read and write buffers in bytes. If unspecified,
+                          an implementation defined default is applied (1MiB). see
+                          https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                          for more information.
+                        format: int32
+                        minimum: 1
+                        type: integer
                     type: object
                   defaultHTTPVersions:
                     description: "DefaultHTTPVersions defines the default set of HTTPS
@@ -3510,6 +3519,15 @@ spec:
                             format: int32
                             minimum: 1
                             type: integer
+                          per-connection-buffer-limit-bytes:
+                            description: Defines the soft limit on size of the cluster’s
+                              new connection read and write buffers in bytes. If unspecified,
+                              an implementation defined default is applied (1MiB).
+                              see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
+                              for more information.
+                            format: int32
+                            minimum: 1
+                            type: integer
                         type: object
                       defaultHTTPVersions:
                         description: "DefaultHTTPVersions defines the default set

examples/render/contour.yaml

@@ -997,6 +997,9 @@ type Cluster struct {
 
 	// MaxRequestsPerConnection defines the maximum number of requests per connection to the upstream before it is closed.
 	MaxRequestsPerConnection *uint32
+
+	// PerConnectionBufferLimitBytes defines the soft limit on size of the cluster’s new connection read and write buffers.
+	PerConnectionBufferLimitBytes *uint32
 }
 
 // WeightedService represents the load balancing weight of a