api: Support Timeouts in ClientTrafficPolicy (#2605)

* feat: Suppress 'X-Envoy' headers and pass-through the upstream 'Server' header by default (#2585) * Implement and update tests for the default header transformations. Signed-off-by: Lior Okman <lior.okman@sap.com> * Make 'gen-check' happy Signed-off-by: Lior Okman <lior.okman@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com> Signed-off-by: Yael Shechter <yael.shechter@sap.com> * bug: fix merge race (#2604) Between #2585 & #2581 Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Yael Shechter <yael.shechter@sap.com> * feat: downstream mTLS (#2490) * feat: downstream mTLS Relates to #2483 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * configmap provider logic Signed-off-by: Arko Dasgupta <arko@tetrate.io> * gatewayapi translation Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix charts Signed-off-by: Arko Dasgupta <arko@tetrate.io> * tests Signed-off-by: Arko Dasgupta <arko@tetrate.io> * lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Yael Shechter <yael.shechter@sap.com> * add timeout to clientTrafficPolicy Signed-off-by: Yael Shechter <yael.shechter@sap.com> * fix comment Signed-off-by: Yael Shechter <yael.shechter@sap.com> * add omitempty Signed-off-by: Yael Shechter <yael.shechter@sap.com> * add cel test for coverage Signed-off-by: Yael Shechter <yael.shechter@sap.com> * run make commands Signed-off-by: Yael Shechter <yael.shechter@sap.com> * change request timeout field name and desc Signed-off-by: Yael Shechter <yael.shechter@sap.com> * tidy up comment Signed-off-by: Yael Shechter <yael.shechter@sap.com> * fix cel test Signed-off-by: Yael Shechter <yael.shechter@sap.com> * fix typo Signed-off-by: Yael Shechter <yael.shechter@sap.com> * run generate Signed-off-by: Yael Shechter <yael.shechter@sap.com> --------- Signed-off-by: Lior Okman <lior.okman@sap.com> Signed-off-by: Yael Shechter <yael.shechter@sap.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Co-authored-by: Lior Okman <lior.okman@sap.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com>
envoyproxy · Feb 18, 2024 · 199f50c · 199f50c
1 parent a5125bf
commit 199f50c
Show file tree

Hide file tree

Showing 6 changed files with 131 additions and 3 deletions.
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -84,6 +84,10 @@ type ClientTrafficPolicySpec struct {
 	//
 	// +optional
 	Headers *HeaderSettings `json:"headers,omitempty"`
+	// Timeout settings for the client connections.
+	//
+	// +optional
+	Timeout *ClientTimeout `json:"timeout,omitempty"`
 }
 
 // HeaderSettings providess configuration options for headers on the listener.

diff --git a/api/v1alpha1/timeout_types.go b/api/v1alpha1/timeout_types.go
@@ -41,3 +41,18 @@ type HTTPTimeout struct {
 	// +optional
 	MaxConnectionDuration *gwapiv1.Duration `json:"maxConnectionDuration,omitempty"`
 }
+
+type ClientTimeout struct {
+	// Timeout settings for HTTP.
+	//
+	// +optional
+	HTTP *HTTPClientTimeout `json:"http,omitempty"`
+}
+
+type HTTPClientTimeout struct {
+	// The duration envoy waits for the complete request reception. This timer starts upon request
+	// initiation and stops when either the last byte of the request is sent upstream or when the response begins.
+	//
+	// +optional
+	RequestReceivedTimeout *gwapiv1.Duration `json:"requestReceivedTimeout,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -230,6 +230,21 @@ spec:
                     format: int32
                     type: integer
                 type: object
+              timeout:
+                description: Timeout settings for the client connections.
+                properties:
+                  http:
+                    description: Timeout settings for HTTP.
+                    properties:
+                      requestReceivedTimeout:
+                        description: The duration envoy waits for the complete request
+                          reception. This timer starts upon request initiation and
+                          stops when either the last byte of the request is sent upstream
+                          or when the response begins.
+                        pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+                        type: string
+                    type: object
+                type: object
               tls:
                 description: TLS settings configure TLS termination settings with
                   the downstream client.

diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
@@ -246,6 +246,20 @@ _Appears in:_
 | `customHeader` | _[CustomHeaderExtensionSettings](#customheaderextensionsettings)_ |  false  | CustomHeader provides configuration for determining the client IP address for a request based on a trusted custom HTTP header. This uses the the custom_header original IP detection extension. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto for more details. |
 
 
+#### ClientTimeout
+
+
+
+
+
+_Appears in:_
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `http` | _[HTTPClientTimeout](#httpclienttimeout)_ |  false  | Timeout settings for HTTP. |
+
+
 #### ClientTrafficPolicy
 
 
@@ -299,6 +313,7 @@ _Appears in:_
 | `path` | _[PathSettings](#pathsettings)_ |  false  | Path enables managing how the incoming path set by clients can be normalized. |
 | `http1` | _[HTTP1Settings](#http1settings)_ |  false  | HTTP1 provides HTTP/1 configuration on the listener. |
 | `headers` | _[HeaderSettings](#headersettings)_ |  false  | HeaderSettings provides configuration for header management. |
+| `timeout` | _[ClientTimeout](#clienttimeout)_ |  false  | Timeout settings for the client connections. |
 
 
 
@@ -1145,6 +1160,20 @@ _Appears in:_
 | `expectedResponse` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ |  false  | ExpectedResponse defines a list of HTTP expected responses to match. |
 
 
+#### HTTPClientTimeout
+
+
+
+
+
+_Appears in:_
+- [ClientTimeout](#clienttimeout)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `requestReceivedTimeout` | _[Duration](#duration)_ |  false  | The duration envoy waits for the complete request reception. This timer starts upon request initiation and stops when either the last byte of the request is sent upstream or when the response begins. |
+
+
 #### HTTPExtAuthService
 
 

diff --git a/test/cel-validation/clienttrafficpolicy_test.go b/test/cel-validation/clienttrafficpolicy_test.go
@@ -15,12 +15,11 @@ import (
 	"testing"
 	"time"
 
+	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
-
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 )
 
 func TestClientTrafficPolicyTarget(t *testing.T) {
@@ -283,6 +282,27 @@ func TestClientTrafficPolicyTarget(t *testing.T) {
 				"spec.tls: Invalid value: \"object\": setting ciphers has no effect if the minimum possible TLS version is 1.3",
 			},
 		},
+		{
+			desc: "valid timeout",
+			mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
+				d := gwapiv1.Duration("300s")
+				ctp.Spec = egv1a1.ClientTrafficPolicySpec{
+					TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{
+						PolicyTargetReference: gwapiv1a2.PolicyTargetReference{
+							Group: gwapiv1a2.Group("gateway.networking.k8s.io"),
+							Kind:  gwapiv1a2.Kind("Gateway"),
+							Name:  gwapiv1a2.ObjectName("eg"),
+						},
+					},
+					Timeout: &egv1a1.ClientTimeout{
+						HTTP: &egv1a1.HTTPClientTimeout{
+							RequestReceivedTimeout: &d,
+						},
+					},
+				}
+			},
+			wantErrors: []string{},
+		},
 	}
 
 	for _, tc := range cases {