feat(translator): implement timeout in ClientTrafficPolicy

internal/gatewayapi/clienttrafficpolicy.go

@@ -324,6 +324,11 @@
 		// Translate Path Settings
 		translatePathSettings(policy.Spec.Path, httpIR)
 
+		// Translate Client Timeout Settings
+		if err := translateClientTimeout(policy.Spec.Timeout, httpIR); err != nil {
+			return err
+		}
+
 		// Translate HTTP1 Settings
 		if err := translateHTTP1Settings(policy.Spec.HTTP1, httpIR); err != nil {
 			return err
@@ -395,6 +400,34 @@
 	}
 }
 
+func translateClientTimeout(clientTimeout *egv1a1.ClientTimeout, httpIR *ir.HTTPListener) error {
+	if clientTimeout == nil {
+		return nil
+	}
+
+	if clientTimeout.HTTP != nil {
+		if clientTimeout.HTTP.RequestReceivedTimeout != nil {
+			d, err := time.ParseDuration(string(*clientTimeout.HTTP.RequestReceivedTimeout))
+			if err != nil {
+				return err
+			}
+
+			if httpIR.Timeout == nil {
+				httpIR.Timeout = &ir.ClientTimeout{}
+			}
+			if httpIR.Timeout.HTTP == nil {
+				httpIR.Timeout.HTTP = &ir.HTTPClientTimeout{}
+			}
+
+			httpIR.Timeout.HTTP.RequestReceivedTimeout = &metav1.Duration{
+				Duration: d,
+			}
+		}
+	}
+
+	return nil
+}
+
 func translateListenerProxyProtocol(enableProxyProtocol *bool, httpIR *ir.HTTPListener) {
 	// Return early if not set
 	if enableProxyProtocol == nil {

internal/gatewayapi/testdata/clienttrafficpolicy-timeout.in.yaml

@@ -0,0 +1,37 @@
+clientTrafficPolicies:
+  - apiVersion: gateway.envoyproxy.io/v1alpha1
+    kind: ClientTrafficPolicy
+    metadata:
+      namespace: envoy-gateway
+      name: target-gateway
+    spec:
+      targetRef:
+        group: gateway.networking.k8s.io
+        kind: Gateway
+        name: gateway
+        namespace: envoy-gateway
+        sectionName: http-1
+      timeout:
+        http:
+          requestReceivedTimeout: "5s"
+gateways:
+  - apiVersion: gateway.networking.k8s.io/v1
+    kind: Gateway
+    metadata:
+      namespace: envoy-gateway
+      name: gateway
+    spec:
+      gatewayClassName: envoy-gateway-class
+      listeners:
+        - name: http-1
+          protocol: HTTP
+          port: 80
+          allowedRoutes:
+            namespaces:
+              from: Same
+        - name: http-2
+          protocol: HTTP
+          port: 8080
+          allowedRoutes:
+            namespaces:
+              from: Same

internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml

@@ -0,0 +1,145 @@
+clientTrafficPolicies:
+  - apiVersion: gateway.envoyproxy.io/v1alpha1
+    kind: ClientTrafficPolicy
+    metadata:
+      creationTimestamp: null
+      name: target-gateway
+      namespace: envoy-gateway
+    spec:
+      targetRef:
+        group: gateway.networking.k8s.io
+        kind: Gateway
+        name: gateway
+        namespace: envoy-gateway
+        sectionName: http-1
+      timeout:
+        http:
+          requestReceivedTimeout: "5s"
+    status:
+      conditions:
+        - lastTransitionTime: null
+          message: ClientTrafficPolicy has been accepted.
+          reason: Accepted
+          status: "True"
+          type: Accepted
+gateways:
+  - apiVersion: gateway.networking.k8s.io/v1
+    kind: Gateway
+    metadata:
+      creationTimestamp: null
+      name: gateway
+      namespace: envoy-gateway
+    spec:
+      gatewayClassName: envoy-gateway-class
+      listeners:
+        - allowedRoutes:
+            namespaces:
+              from: Same
+          name: http-1
+          port: 80
+          protocol: HTTP
+        - allowedRoutes:
+            namespaces:
+              from: Same
+          name: http-2
+          port: 8080
+          protocol: HTTP
+    status:
+      listeners:
+        - attachedRoutes: 0
+          conditions:
+            - lastTransitionTime: null
+              message: Sending translated listener configuration to the data plane
+              reason: Programmed
+              status: "True"
+              type: Programmed
+            - lastTransitionTime: null
+              message: Listener has been successfully translated
+              reason: Accepted
+              status: "True"
+              type: Accepted
+            - lastTransitionTime: null
+              message: Listener references have been resolved
+              reason: ResolvedRefs
+              status: "True"
+              type: ResolvedRefs
+          name: http-1
+          supportedKinds:
+            - group: gateway.networking.k8s.io
+              kind: HTTPRoute
+            - group: gateway.networking.k8s.io
+              kind: GRPCRoute
+        - attachedRoutes: 0
+          conditions:
+            - lastTransitionTime: null
+              message: Sending translated listener configuration to the data plane
+              reason: Programmed
+              status: "True"
+              type: Programmed
+            - lastTransitionTime: null
+              message: Listener has been successfully translated
+              reason: Accepted
+              status: "True"
+              type: Accepted
+            - lastTransitionTime: null
+              message: Listener references have been resolved
+              reason: ResolvedRefs
+              status: "True"
+              type: ResolvedRefs
+          name: http-2
+          supportedKinds:
+            - group: gateway.networking.k8s.io
+              kind: HTTPRoute
+            - group: gateway.networking.k8s.io
+              kind: GRPCRoute
+infraIR:
+  envoy-gateway/gateway:
+    proxy:
+      listeners:
+        - address: null
+          name: envoy-gateway/gateway/http-1
+          ports:
+            - containerPort: 10080
+              name: http-1
+              protocol: HTTP
+              servicePort: 80
+        - address: null
+          name: envoy-gateway/gateway/http-2
+          ports:
+            - containerPort: 8080
+              name: http-2
+              protocol: HTTP
+              servicePort: 8080
+      metadata:
+        labels:
+          gateway.envoyproxy.io/owning-gateway-name: gateway
+          gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+      name: envoy-gateway/gateway
+xdsIR:
+  envoy-gateway/gateway:
+    accessLog:
+      text:
+        - path: /dev/stdout
+    http:
+      - address: 0.0.0.0
+        hostnames:
+          - '*'
+        isHTTP2: false
+        name: envoy-gateway/gateway/http-1
+        path:
+          mergeSlashes: true
+          escapedSlashesAction: UnescapeAndRedirect
+        port: 10080
+        timeout:
+          http:
+            RequestReceivedTimeout: "5s"
+      - address: 0.0.0.0
+        hostnames:
+          - '*'
+        isHTTP2: false
+        name: envoy-gateway/gateway/http-2
+        path:
+          mergeSlashes: true
+          escapedSlashesAction: UnescapeAndRedirect
+        port: 8080
+

internal/ir/xds.go

@@ -7,16 +7,15 @@
 
 import (
 	"cmp"
 	"errors"
-	"net/http"
-	"net/netip"
-	"reflect"
-
 	"golang.org/x/exp/slices"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/validation"
+	"net/http"
+	"net/netip"
+	"reflect"
 	"sigs.k8s.io/yaml"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
@@ -225,6 +224,8 @@
 	// HTTP1 provides HTTP/1 configuration on the listener
 	// +optional
 	HTTP1 *HTTP1Settings `json:"http1,omitempty" yaml:"http1,omitempty"`
+	// ClientTimeout sets the timeout configuration for downstream connections
+	Timeout *ClientTimeout `json:"timeout,omitempty" yaml:"clientTimeout,omitempty"`
 }
 
 // Validate the fields within the HTTPListener structure
@@ -389,6 +390,21 @@
 	EnableEnvoyHeaders bool `json:"enableEnvoyHeaders,omitempty" yaml:"enableEnvoyHeaders,omitempty"`
 }
 
+// ClientTimeout sets the timeout configuration for downstream connections
+// +k8s:deepcopy-gen=true
+type ClientTimeout struct {
+	// Timeout settings for HTTP.
+	HTTP *HTTPClientTimeout `json:"http,omitempty" yaml:"http,omitempty"`
+}
+
+// HTTPClientTimeout set the configuration for client HTTP.
+// +k8s:deepcopy-gen=true
+type HTTPClientTimeout struct {
+	// The duration envoy waits for the complete request reception. This timer starts upon request
+	// initiation and stops when either the last byte of the request is sent upstream or when the response begins.
+	RequestReceivedTimeout *metav1.Duration `json:"requestReceivedTimeout,omitempty" yaml:"requestReceivedTimeout,omitempty"`
+}
+
 // HTTPRoute holds the route information associated with the HTTP Route
 // +k8s:deepcopy-gen=true
 type HTTPRoute struct {

internal/xds/translator/listener.go

@@ -6,7 +6,8 @@
 package translator
 
 import (
 	"errors"
+	"google.golang.org/protobuf/types/known/durationpb"
 
 	xdscore "github.com/cncf/xds/go/xds/core/v3"
 	matcher "github.com/cncf/xds/go/xds/type/matcher/v3"
@@ -230,6 +231,10 @@
 		Tracing: hcmTracing,
 	}
 
+	if irListener.Timeout != nil && irListener.Timeout.HTTP != nil && irListener.Timeout.HTTP.RequestReceivedTimeout != nil {
+		mgr.RequestTimeout = durationpb.New(irListener.Timeout.HTTP.RequestReceivedTimeout.Duration)
+	}
+
 	// Add the proxy protocol filter if needed
 	patchProxyProtocolFilter(xdsListener, irListener)
 

internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml

@@ -0,0 +1,21 @@
+http:
+  - name: "first-listener"
+    address: "0.0.0.0"
+    port: 10080
+    hostnames:
+      - "*"
+    path:
+      mergeSlashes: true
+      escapedSlashesAction: UnescapeAndRedirect
+    routes:
+      - name: "first-route"
+        hostname: "*"
+        destination:
+          name: "first-route-dest"
+          settings:
+          - endpoints:
+            - host: "1.2.3.4"
+              port: 50000
+    timeout:
+      http:
+        RequestReceivedTimeout: "5s"