api: Support Timeouts in ClientTrafficPolicy (#2605)

* feat: Suppress 'X-Envoy' headers and pass-through the upstream 'Server' header by default (#2585) * Implement and update tests for the default header transformations. Signed-off-by: Lior Okman <[email protected]> * Make 'gen-check' happy Signed-off-by: Lior Okman <[email protected]> --------- Signed-off-by: Lior Okman <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * bug: fix merge race (#2604) Between #2585 & #2581 Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * feat: downstream mTLS (#2490) * feat: downstream mTLS Relates to #2483 Signed-off-by: Arko Dasgupta <[email protected]> * configmap provider logic Signed-off-by: Arko Dasgupta <[email protected]> * gatewayapi translation Signed-off-by: Arko Dasgupta <[email protected]> * fix charts Signed-off-by: Arko Dasgupta <[email protected]> * tests Signed-off-by: Arko Dasgupta <[email protected]> * lint Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * add timeout to clientTrafficPolicy Signed-off-by: Yael Shechter <[email protected]> * fix comment Signed-off-by: Yael Shechter <[email protected]> * add omitempty Signed-off-by: Yael Shechter <[email protected]> * add cel test for coverage Signed-off-by: Yael Shechter <[email protected]> * run make commands Signed-off-by: Yael Shechter <[email protected]> * change request timeout field name and desc Signed-off-by: Yael Shechter <[email protected]> * tidy up comment Signed-off-by: Yael Shechter <[email protected]> * fix cel test Signed-off-by: Yael Shechter <[email protected]> * fix typo Signed-off-by: Yael Shechter <[email protected]> * run generate Signed-off-by: Yael Shechter <[email protected]> --------- Signed-off-by: Lior Okman <[email protected]> Signed-off-by: Yael Shechter <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: Lior Okman <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: zirain <[email protected]>
envoyproxy · Feb 18, 2024 · 199f50c · 199f50c
1 parent a5125bf
commit 199f50c
Show file tree

Hide file tree

Showing 6 changed files with 131 additions and 3 deletions.
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -84,6 +84,10 @@ type ClientTrafficPolicySpec struct {
 	//
 	// +optional
 	Headers *HeaderSettings `json:"headers,omitempty"`
+	// Timeout settings for the client connections.
+	//
+	// +optional
+	Timeout *ClientTimeout `json:"timeout,omitempty"`
 }
 
 // HeaderSettings providess configuration options for headers on the listener.

diff --git a/api/v1alpha1/timeout_types.go b/api/v1alpha1/timeout_types.go
@@ -41,3 +41,18 @@ type HTTPTimeout struct {
 	// +optional
 	MaxConnectionDuration *gwapiv1.Duration `json:"maxConnectionDuration,omitempty"`
 }
+
+type ClientTimeout struct {
+	// Timeout settings for HTTP.
+	//
+	// +optional
+	HTTP *HTTPClientTimeout `json:"http,omitempty"`
+}
+
+type HTTPClientTimeout struct {
+	// The duration envoy waits for the complete request reception. This timer starts upon request
+	// initiation and stops when either the last byte of the request is sent upstream or when the response begins.
+	//
+	// +optional
+	RequestReceivedTimeout *gwapiv1.Duration `json:"requestReceivedTimeout,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -230,6 +230,21 @@ spec:
                     format: int32
                     type: integer
                 type: object
+              timeout:
+                description: Timeout settings for the client connections.
+                properties:
+                  http:
+                    description: Timeout settings for HTTP.
+                    properties:
+                      requestReceivedTimeout:
+                        description: The duration envoy waits for the complete request
+                          reception. This timer starts upon request initiation and
+                          stops when either the last byte of the request is sent upstream
+                          or when the response begins.
+                        pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+                        type: string
+                    type: object
+                type: object
               tls:
                 description: TLS settings configure TLS termination settings with
                   the downstream client.

diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
@@ -246,6 +246,20 @@ _Appears in:_
 | `customHeader` | _[CustomHeaderExtensionSettings](#customheaderextensionsettings)_ |  false  | CustomHeader provides configuration for determining the client IP address for a request based on a trusted custom HTTP header. This uses the the custom_header original IP detection extension. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto for more details. |
 
 
+#### ClientTimeout
+
+
+
+
+
+_Appears in:_
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `http` | _[HTTPClientTimeout](#httpclienttimeout)_ |  false  | Timeout settings for HTTP. |
+
+
 #### ClientTrafficPolicy
 
 
@@ -299,6 +313,7 @@ _Appears in:_
 | `path` | _[PathSettings](#pathsettings)_ |  false  | Path enables managing how the incoming path set by clients can be normalized. |
 | `http1` | _[HTTP1Settings](#http1settings)_ |  false  | HTTP1 provides HTTP/1 configuration on the listener. |
 | `headers` | _[HeaderSettings](#headersettings)_ |  false  | HeaderSettings provides configuration for header management. |
+| `timeout` | _[ClientTimeout](#clienttimeout)_ |  false  | Timeout settings for the client connections. |
 
 
 
@@ -1145,6 +1160,20 @@ _Appears in:_
 | `expectedResponse` | _[ActiveHealthCheckPayload](#activehealthcheckpayload)_ |  false  | ExpectedResponse defines a list of HTTP expected responses to match. |
 
 
+#### HTTPClientTimeout
+
+
+
+
+
+_Appears in:_
+- [ClientTimeout](#clienttimeout)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `requestReceivedTimeout` | _[Duration](#duration)_ |  false  | The duration envoy waits for the complete request reception. This timer starts upon request initiation and stops when either the last byte of the request is sent upstream or when the response begins. |
+
+
 #### HTTPExtAuthService
 
 

diff --git a/test/cel-validation/clienttrafficpolicy_test.go b/test/cel-validation/clienttrafficpolicy_test.go
@@ -15,12 +15,11 @@ import (
 	"testing"
 	"time"
 
+	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
-
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 )
 
 func TestClientTrafficPolicyTarget(t *testing.T) {
@@ -283,6 +282,27 @@ func TestClientTrafficPolicyTarget(t *testing.T) {
 				"spec.tls: Invalid value: \"object\": setting ciphers has no effect if the minimum possible TLS version is 1.3",
 			},
 		},
+		{
+			desc: "valid timeout",
+			mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
+				d := gwapiv1.Duration("300s")
+				ctp.Spec = egv1a1.ClientTrafficPolicySpec{
+					TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{
+						PolicyTargetReference: gwapiv1a2.PolicyTargetReference{
+							Group: gwapiv1a2.Group("gateway.networking.k8s.io"),
+							Kind:  gwapiv1a2.Kind("Gateway"),
+							Name:  gwapiv1a2.ObjectName("eg"),
+						},
+					},
+					Timeout: &egv1a1.ClientTimeout{
+						HTTP: &egv1a1.HTTPClientTimeout{
+							RequestReceivedTimeout: &d,
+						},
+					},
+				}
+			},
+			wantErrors: []string{},
+		},
 	}
 
 	for _, tc := range cases {