Adds support for global circuit budget

apis/projectcontour/v1alpha1/contourconfig.go

@@ -76,6 +76,11 @@ type ContourConfigurationSpec struct {
 	// +optional
 	Policy *PolicyConfig `json:"policy,omitempty"`
 
+	// GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.
+	// If defined, this will be used as the default for all services.
+	// +optional
+	GlobalCircuitBreakerDefaults *GlobalCircuitBreakerDefaults `json:"circuitBreaker,omitempty"`
+
 	// Metrics defines the endpoint Contour uses to serve metrics.
 	//
 	// Contour's default is { address: "0.0.0.0", port: 8000 }.
@@ -107,6 +112,21 @@ const (
 	EnvoyServerType XDSServerType = "envoy"
 )
 
+type GlobalCircuitBreakerDefaults struct {
+	// The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.
+	// +optional
+	MaxConnections uint32 `json:"maxConnections,omitempty" yaml:"maxConnections,omitempty"`
+	// The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.
+	// +optional
+	MaxPendingRequests uint32 `json:"maxPendingRequests,omitempty" yaml:"maxPendingRequests,omitempty"`
+	// The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024
+	// +optional
+	MaxRequests uint32 `json:"maxRequests,omitempty" yaml:"maxRequests,omitempty"`
+	// The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3.
+	// +optional
+	MaxRetries uint32 `json:"maxRetries,omitempty" yaml:"maxRetries,omitempty"`
+}
+
 // XDSServerConfig holds the config for the Contour xDS server.
 type XDSServerConfig struct {
 	// Defines the XDSServer to use for `contour serve`.

changelogs/unreleased/6013-davinci26-small.md

@@ -0,0 +1,4 @@
+## Support for Global Circuit Breaker Policy
+
+The way (circuit-breaker-annotations)[https://projectcontour.io/docs/1.27/config/annotations/] work currently is that when not present they are being defaulted to Envoy defaults. The Envoy defaults can be quite low for larger clusters with more traffic so if
+a user accidentally deletes them or unset them this cause an issue. With this change we are providing contour administrators the ability to provide global defaults that are good. In that case even if the user forgets to set them or deletes them they can have the safety net of good defaults.

cmd/contour/serve.go

@@ -560,6 +560,7 @@
 		globalRateLimitService:             contourConfiguration.RateLimitService,
 		maxRequestsPerConnection:           contourConfiguration.Envoy.Cluster.MaxRequestsPerConnection,
 		perConnectionBufferLimitBytes:      contourConfiguration.Envoy.Cluster.PerConnectionBufferLimitBytes,
+		globalCircuitBreakerDefaults:       contourConfiguration.GlobalCircuitBreakerDefaults,
 	})
 
 	// Build the core Kubernetes event handler.
@@ -1117,6 +1118,7 @@
 	maxRequestsPerConnection           *uint32
 	perConnectionBufferLimitBytes      *uint32
 	globalRateLimitService             *contour_api_v1alpha1.RateLimitServiceConfig
+	globalCircuitBreakerDefaults       *contour_api_v1alpha1.GlobalCircuitBreakerDefaults
 }
 
 func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder {
@@ -1209,6 +1211,7 @@
 			GlobalRateLimitService:        dbc.globalRateLimitService,
 			PerConnectionBufferLimitBytes: dbc.perConnectionBufferLimitBytes,
 			SetSourceMetadataOnRoutes:     true,
+			GlobalCircuitBreakerDefaults:  dbc.globalCircuitBreakerDefaults,
 		},
 	}
 

cmd/contour/servecontext.go

@@ -584,13 +584,14 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
 			RootNamespaces:        ctx.proxyRootNamespaces(),
 			FallbackCertificate:   fallbackCertificate,
 		},
-		EnableExternalNameService:   &ctx.Config.EnableExternalNameService,
-		GlobalExternalAuthorization: globalExtAuth,
-		RateLimitService:            rateLimitService,
-		Policy:                      policy,
-		Metrics:                     &contourMetrics,
-		Tracing:                     tracingConfig,
-		FeatureFlags:                ctx.Config.FeatureFlags,
+		EnableExternalNameService:    &ctx.Config.EnableExternalNameService,
+		GlobalExternalAuthorization:  globalExtAuth,
+		RateLimitService:             rateLimitService,
+		Policy:                       policy,
+		GlobalCircuitBreakerDefaults: ctx.Config.GlobalCircuitBreakerDefaults,
+		Metrics:                      &contourMetrics,
+		Tracing:                      tracingConfig,
+		FeatureFlags:                 ctx.Config.FeatureFlags,
 	}
 
 	xdsServerType := contour_api_v1alpha1.ContourServerType

cmd/contour/servecontext_test.go

@@ -485,9 +485,10 @@ func TestConvertServeContext(t *testing.T) {
 				DisablePermitInsecure: ref.To(false),
 				FallbackCertificate:   nil,
 			},
-			EnableExternalNameService:   ref.To(false),
-			RateLimitService:            nil,
-			GlobalExternalAuthorization: nil,
+			EnableExternalNameService:    ref.To(false),
+			RateLimitService:             nil,
+			GlobalExternalAuthorization:  nil,
+			GlobalCircuitBreakerDefaults: nil,
 			Policy: &contour_api_v1alpha1.PolicyConfig{
 				RequestHeadersPolicy:  &contour_api_v1alpha1.HeadersPolicy{},
 				ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{},
@@ -772,6 +773,26 @@ func TestConvertServeContext(t *testing.T) {
 				return cfg
 			},
 		},
+		"global circuit breaker defaults": {
+			getServeContext: func(ctx *serveContext) *serveContext {
+				ctx.Config.GlobalCircuitBreakerDefaults = &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{
+					MaxConnections:     4,
+					MaxPendingRequests: 5,
+					MaxRequests:        6,
+					MaxRetries:         7,
+				}
+				return ctx
+			},
+			getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec {
+				cfg.GlobalCircuitBreakerDefaults = &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{
+					MaxConnections:     4,
+					MaxPendingRequests: 5,
+					MaxRequests:        6,
+					MaxRetries:         7,
+				}
+				return cfg
+			},
+		},
 		"global external authorization": {
 			getServeContext: func(ctx *serveContext) *serveContext {
 				ctx.Config.GlobalExternalAuthorization = config.GlobalExternalAuthorization{

examples/contour/01-crds.yaml

@@ -39,6 +39,33 @@ spec:
               Contour controller. It contains most of all the options that can be
               customized, the other remaining options being command line flags.
             properties:
+              circuitBreaker:
+                description: GlobalCircuitBreakerDefaults specifies default circuit
+                  breaker budget across all services. If defined, this will be used
+                  as the default for all services.
+                properties:
+                  maxConnections:
+                    description: The maximum number of connections that a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 1024.
+                    format: int32
+                    type: integer
+                  maxPendingRequests:
+                    description: The maximum number of pending requests that a single
+                      Envoy instance allows to the Kubernetes Service; defaults to
+                      1024.
+                    format: int32
+                    type: integer
+                  maxRequests:
+                    description: The maximum parallel requests a single Envoy instance
+                      allows to the Kubernetes Service; defaults to 1024
+                    format: int32
+                    type: integer
+                  maxRetries:
+                    description: The maximum number of parallel retries a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 3.
+                    format: int32
+                    type: integer
+                type: object
               debug:
                 description: Debug contains parameters to enable debug logging and
                   debug interfaces inside Contour.
@@ -3505,6 +3532,35 @@ spec:
                   used when provisioning a Contour instance that will influence aspects
                   of the Contour instance's runtime behavior.
                 properties:
+                  circuitBreaker:
+                    description: GlobalCircuitBreakerDefaults specifies default circuit
+                      breaker budget across all services. If defined, this will be
+                      used as the default for all services.
+                    properties:
+                      maxConnections:
+                        description: The maximum number of connections that a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 1024.
+                        format: int32
+                        type: integer
+                      maxPendingRequests:
+                        description: The maximum number of pending requests that a
+                          single Envoy instance allows to the Kubernetes Service;
+                          defaults to 1024.
+                        format: int32
+                        type: integer
+                      maxRequests:
+                        description: The maximum parallel requests a single Envoy
+                          instance allows to the Kubernetes Service; defaults to 1024
+                        format: int32
+                        type: integer
+                      maxRetries:
+                        description: The maximum number of parallel retries a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 3.
+                        format: int32
+                        type: integer
+                    type: object
                   debug:
                     description: Debug contains parameters to enable debug logging
                       and debug interfaces inside Contour.

examples/render/contour-deployment.yaml

@@ -258,6 +258,33 @@ spec:
               Contour controller. It contains most of all the options that can be
               customized, the other remaining options being command line flags.
             properties:
+              circuitBreaker:
+                description: GlobalCircuitBreakerDefaults specifies default circuit
+                  breaker budget across all services. If defined, this will be used
+                  as the default for all services.
+                properties:
+                  maxConnections:
+                    description: The maximum number of connections that a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 1024.
+                    format: int32
+                    type: integer
+                  maxPendingRequests:
+                    description: The maximum number of pending requests that a single
+                      Envoy instance allows to the Kubernetes Service; defaults to
+                      1024.
+                    format: int32
+                    type: integer
+                  maxRequests:
+                    description: The maximum parallel requests a single Envoy instance
+                      allows to the Kubernetes Service; defaults to 1024
+                    format: int32
+                    type: integer
+                  maxRetries:
+                    description: The maximum number of parallel retries a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 3.
+                    format: int32
+                    type: integer
+                type: object
               debug:
                 description: Debug contains parameters to enable debug logging and
                   debug interfaces inside Contour.
@@ -3724,6 +3751,35 @@ spec:
                   used when provisioning a Contour instance that will influence aspects
                   of the Contour instance's runtime behavior.
                 properties:
+                  circuitBreaker:
+                    description: GlobalCircuitBreakerDefaults specifies default circuit
+                      breaker budget across all services. If defined, this will be
+                      used as the default for all services.
+                    properties:
+                      maxConnections:
+                        description: The maximum number of connections that a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 1024.
+                        format: int32
+                        type: integer
+                      maxPendingRequests:
+                        description: The maximum number of pending requests that a
+                          single Envoy instance allows to the Kubernetes Service;
+                          defaults to 1024.
+                        format: int32
+                        type: integer
+                      maxRequests:
+                        description: The maximum parallel requests a single Envoy
+                          instance allows to the Kubernetes Service; defaults to 1024
+                        format: int32
+                        type: integer
+                      maxRetries:
+                        description: The maximum number of parallel retries a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 3.
+                        format: int32
+                        type: integer
+                    type: object
                   debug:
                     description: Debug contains parameters to enable debug logging
                       and debug interfaces inside Contour.

examples/render/contour-gateway-provisioner.yaml

@@ -50,6 +50,33 @@ spec:
               Contour controller. It contains most of all the options that can be
               customized, the other remaining options being command line flags.
             properties:
+              circuitBreaker:
+                description: GlobalCircuitBreakerDefaults specifies default circuit
+                  breaker budget across all services. If defined, this will be used
+                  as the default for all services.
+                properties:
+                  maxConnections:
+                    description: The maximum number of connections that a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 1024.
+                    format: int32
+                    type: integer
+                  maxPendingRequests:
+                    description: The maximum number of pending requests that a single
+                      Envoy instance allows to the Kubernetes Service; defaults to
+                      1024.
+                    format: int32
+                    type: integer
+                  maxRequests:
+                    description: The maximum parallel requests a single Envoy instance
+                      allows to the Kubernetes Service; defaults to 1024
+                    format: int32
+                    type: integer
+                  maxRetries:
+                    description: The maximum number of parallel retries a single Envoy
+                      instance allows to the Kubernetes Service; defaults to 3.
+                    format: int32
+                    type: integer
+                type: object
               debug:
                 description: Debug contains parameters to enable debug logging and
                   debug interfaces inside Contour.
@@ -3516,6 +3543,35 @@ spec:
                   used when provisioning a Contour instance that will influence aspects
                   of the Contour instance's runtime behavior.
                 properties:
+                  circuitBreaker:
+                    description: GlobalCircuitBreakerDefaults specifies default circuit
+                      breaker budget across all services. If defined, this will be
+                      used as the default for all services.
+                    properties:
+                      maxConnections:
+                        description: The maximum number of connections that a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 1024.
+                        format: int32
+                        type: integer
+                      maxPendingRequests:
+                        description: The maximum number of pending requests that a
+                          single Envoy instance allows to the Kubernetes Service;
+                          defaults to 1024.
+                        format: int32
+                        type: integer
+                      maxRequests:
+                        description: The maximum parallel requests a single Envoy
+                          instance allows to the Kubernetes Service; defaults to 1024
+                        format: int32
+                        type: integer
+                      maxRetries:
+                        description: The maximum number of parallel retries a single
+                          Envoy instance allows to the Kubernetes Service; defaults
+                          to 3.
+                        format: int32
+                        type: integer
+                    type: object
                   debug:
                     description: Debug contains parameters to enable debug logging
                       and debug interfaces inside Contour.