youngnick
commented
1 year ago I agree timeouts are super important, and am in the process of working on a GEP (GEP-1742, kubernetes-sigs/gateway-api#1742, kubernetes-sigs/gateway-api#1744 is the PR to add the actual design.)
Once I've got that a bit further along (I'm hoping to define a request timeout, analogous to the nginx proxy-send-timeout value, and an idle timeout, probably for the whole connection), then I think we can look at adding timeouts to Ingress that use the same concepts.
For reference, (and because I'm proud of my diagram), here's all the configurable Envoy timeouts we have available, on a standard HTTP request flow, where CM is the Connection Manager level settings, R is the Route level settings, and Cluster is the cluster level settings:
sequenceDiagram
participant C as Client
participant P as Envoy
participant U as Upstream
C->>P: Connection Started
activate P
Note left of P: transport_socket_connect_timeout for TLS
deactivate P
C->>P: Starts sending Request
activate C
activate P
activate P
C->>P: Finishes Headers
note left of P: CM request_headers_timeout
C->>P: Finishes request
deactivate P
activate U
note left of U: Cluster connect_timeout
deactivate U
P->>U: Connection Started
activate U
note right of U: CM idle_timeout<br />CM max_connection_duration
P->>U: Starts sending Request
P->>U: Finishes Headers
note left of P: CM request_timeout
P->>U: Finishes request
deactivate P
activate U
U->>P: Starts Response
U->>P: Finishes Headers
note right of U: R timeout<br/>R per_try_timeout<br/>R per_try_idle_timeout
U->>P: Finishes Response
deactivate U
P->>C: Starts Response
P->>C: Finishes Headers
P->>C: Finishes Response
Note left of C: CM stream_idle_timeout<br />R idle_timeout<br />CM,R max_stream_duration<br/>TCP proxy idle_timeout<br />TCP protocol idle_timeout
deactivate C
Note right of P: Repeat if connection sharing
U->>C: Connection ended
deactivate U
github-actions[bot]
nadavbuc
Cilium Feature Proposal
Is your feature request related to a problem?
Currently I'm using nginx-ingress and I when I want to expose hubble-relay outside the cluster, I need to configure the Nginx
grpc_read_timeoutoption in order to avoidhubble observe --followfrom disconnecting when there are no flows being transmitted. The same is true if I was writing data to a gRPC connection (I don't have an example for this to point at).Another similar example is for websockets. Some internal web applications I'm using maintain long lived websocket connections where no data is transmitted for a long period of time. In these cases, if no data is transmitted for long enough, the connection gets closed. With nginx-ingress I can adjust the read/write timeouts to handle this better by using the annotations
nginx.ingress.kubernetes.io/proxy-read-timeoutandnginx.ingress.kubernetes.io/proxy-send-timeout, which map to theproxy_read_timeoutandproxy_send_timeoutoptions in upstream Nginx.Describe the feature you'd like
Currently Cilium does not support exposing gRPC services via Ingress, and needs #21928 for gRPC support in GatewayAPI, so this is potentially preemptive.
I'd like the ability to tune the "read/write" timeouts of an HTTP or gRPC request. I know that envoy uses different settings, and breaks things down a bit more, but being able to tune these options is important for connections that aren't always transmitting data.