api: connection limits (#2709)

* api: connection limit Signed-off-by: Guy Daich <[email protected]> * Apply suggestions from code review Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Guy Daich <[email protected]> * fix gen Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]>
envoyproxy · Mar 15, 2024 · d145921 · d145921
1 parent 6c6f92f
commit d145921
Show file tree

Hide file tree

Showing 5 changed files with 163 additions and 25 deletions.
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -87,6 +87,10 @@ type ClientTrafficPolicySpec struct {
 	//
 	// +optional
 	Timeout *ClientTimeout `json:"timeout,omitempty"`
+	// Connection includes client connection settings.
+	//
+	// +optional
+	Connection *Connection `json:"connection,omitempty"`
 }
 
 // HeaderSettings providess configuration options for headers on the listener.

diff --git a/api/v1alpha1/connection_types.go b/api/v1alpha1/connection_types.go
@@ -0,0 +1,33 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+
+// Connection allows users to configure connection-level settings
+type Connection struct {
+	// Limit defines limits related to connections
+	//
+	// +optional
+	Limit *ConnectionLimit `json:"limit,omitempty"`
+}
+
+type ConnectionLimit struct {
+	// Value of the maximum concurrent connections limit.
+	// When the limit is reached, incoming connections will be closed after the CloseDelay duration.
+	// Default: unlimited.
+	//
+	// +optional
+	// +kubebuilder:validation:Minimum=0
+	Value *int64 `json:"value,omitempty"`
+
+	// CloseDelay defines the delay to use before closing connections that are rejected
+	// once the limit value is reached.
+	// Default: none.
+	//
+	// +optional
+	CloseDelay *gwapiv1.Duration `json:"closeDelay,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -91,6 +91,27 @@ spec:
                 x-kubernetes-validations:
                 - message: customHeader cannot be used in conjunction with xForwardedFor
                   rule: '!(has(self.xForwardedFor) && has(self.customHeader))'
+              connection:
+                description: Connection includes client connection settings.
+                properties:
+                  limit:
+                    description: Limit defines limits related to connections
+                    properties:
+                      closeDelay:
+                        description: 'CloseDelay defines the delay to use before closing
+                          connections that are rejected once the limit value is reached.
+                          Default: none.'
+                        pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+                        type: string
+                      value:
+                        description: 'Value of the maximum concurrent connections
+                          limit. When the limit is reached, incoming connections will
+                          be closed after the CloseDelay duration. Default: unlimited.'
+                        format: int64
+                        minimum: 0
+                        type: integer
+                    type: object
+                type: object
               enableProxyProtocol:
                 description: EnableProxyProtocol interprets the ProxyProtocol header
                   and adds the Client Address into the X-Forwarded-For header. Note

diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
@@ -329,6 +329,7 @@ _Appears in:_
 | `http1` | _[HTTP1Settings](#http1settings)_ |  false  | HTTP1 provides HTTP/1 configuration on the listener. |
 | `headers` | _[HeaderSettings](#headersettings)_ |  false  | HeaderSettings provides configuration for header management. |
 | `timeout` | _[ClientTimeout](#clienttimeout)_ |  false  | Timeout settings for the client connections. |
+| `connection` | _[Connection](#connection)_ |  false  | Connection includes client connection settings. |
 
 
 #### ClientValidationContext
@@ -371,6 +372,35 @@ _Appears in:_
 
 
 
+#### Connection
+
+
+
+Connection allows users to configure connection-level settings
+
+_Appears in:_
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `limit` | _[ConnectionLimit](#connectionlimit)_ |  false  | Limit defines limits related to connections |
+
+
+#### ConnectionLimit
+
+
+
+
+
+_Appears in:_
+- [Connection](#connection)
+
+| Field | Type | Required | Description |
+| ---   | ---  | ---      | ---         |
+| `value` | _integer_ |  false  | Value of the maximum concurrent connections limit. When the limit is reached, incoming connections will be closed after the CloseDelay duration. Default: unlimited. |
+| `closeDelay` | _[Duration](#duration)_ |  false  | CloseDelay defines the delay to use before closing connections that are rejected once the limit value is reached. Default: none. |
+
+
 #### ConsistentHash