Skip to content
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
d283c60
wip
jukie May 29, 2025
3471fa3
testdata
jukie May 29, 2025
7467edf
Merge branch 'main' into api-connections-per-socket-event
jukie May 29, 2025
1a0533e
regen
jukie May 29, 2025
d399238
adjust description
jukie May 29, 2025
791a569
add test
jukie May 29, 2025
807865e
Release note
jukie May 29, 2025
f914ac9
remove defaulting logic
jukie May 30, 2025
6fa827c
Merge branch 'main' into api-connections-per-socket-event
jukie May 30, 2025
2f3ae30
Merge branch 'main' into api-connections-per-socket-event
jukie May 31, 2025
91d4ce5
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 1, 2025
b22b9c5
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 1, 2025
03e00bc
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 3, 2025
2d577c6
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 3, 2025
983d72b
Adjust description
jukie Jun 3, 2025
64d77e2
regen
jukie Jun 3, 2025
e1164f0
Merge branch 'main' into api-connections-per-socket-event
rudrakhp Jun 13, 2025
aa36dc6
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 16, 2025
7e88195
Merge branch 'main' into api-connections-per-socket-event
rudrakhp Jun 19, 2025
1c57e1f
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 20, 2025
4929f71
Merge branch 'main' into api-connections-per-socket-event
jukie Jun 21, 2025
67eced5
Merge branch 'main' into api-connections-per-socket-event
zirain Jun 21, 2025
1841550
Merge branch 'main' into api-connections-per-socket-event
rudrakhp Jun 21, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions api/v1alpha1/connection_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,13 @@ type ClientConnection struct {
// +optional
// +notImplementedHide
SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`

// MaxAcceptPerSocketEvent provides configuration for the maximum number of connections to accept from the kernel
// per socket event. If there are more than MaxAcceptPerSocketEvent connections
// pending accept, connections over this threshold will be accepted in later event loop iterations.
// Default: 1
Comment thread
jukie marked this conversation as resolved.
Outdated
// +optional
Comment thread
jukie marked this conversation as resolved.
MaxAcceptPerSocketEvent *uint32 `json:"maxAcceptPerSocketEvent,omitempty"`
}

// BackendConnection allows users to configure connection-level settings of backend
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,14 @@ spec:
required:
- value
type: object
maxAcceptPerSocketEvent:
description: |-
MaxAcceptPerSocketEvent provides configuration for the maximum number of connections to accept from the kernel
per socket event. If there are more than MaxAcceptPerSocketEvent connections
pending accept, connections over this threshold will be accepted in later event loop iterations.
Default: 1
format: int32
type: integer
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,14 @@ spec:
required:
- value
type: object
maxAcceptPerSocketEvent:
description: |-
MaxAcceptPerSocketEvent provides configuration for the maximum number of connections to accept from the kernel
per socket event. If there are more than MaxAcceptPerSocketEvent connections
pending accept, connections over this threshold will be accepted in later event loop iterations.
Default: 1
format: int32
type: integer
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1090,6 +1090,7 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/http
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -1201,6 +1202,7 @@ xds:
statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/grpc
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -1284,6 +1286,7 @@ xds:
cluster: tcproute/default/backend/rule/-1
statPrefix: tcp-1234
name: tcproute/default/backend
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -1374,6 +1377,7 @@ xds:
- name: envoy.filters.listener.tls_inspector
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tls-passthrough
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -912,6 +912,7 @@
],
"name": "default/eg/http"
},
"maxConnectionsToAcceptPerSocketEvent": 1,
"name": "default/eg/http",
"perConnectionBufferLimitBytes": 32768
}
Expand Down Expand Up @@ -1063,6 +1064,7 @@
],
"name": "default/eg/grpc"
},
"maxConnectionsToAcceptPerSocketEvent": 1,
"name": "default/eg/grpc",
"perConnectionBufferLimitBytes": 32768
}
Expand Down Expand Up @@ -1174,6 +1176,7 @@
"name": "tcproute/default/backend"
}
],
"maxConnectionsToAcceptPerSocketEvent": 1,
"name": "default/eg/tcp",
"perConnectionBufferLimitBytes": 32768
}
Expand Down Expand Up @@ -1298,6 +1301,7 @@
}
}
],
"maxConnectionsToAcceptPerSocketEvent": 1,
"name": "default/eg/tls-passthrough",
"perConnectionBufferLimitBytes": 32768
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -543,6 +543,7 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/http
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -654,6 +655,7 @@ xds:
statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/grpc
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -737,6 +739,7 @@ xds:
cluster: tcproute/default/backend/rule/-1
statPrefix: tcp-1234
name: tcproute/default/backend
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -827,6 +830,7 @@ xds:
- name: envoy.filters.listener.tls_inspector
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tls-passthrough
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: default/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/http
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -253,6 +254,7 @@ xds:
statPrefix: http-8080
useRemoteAddress: true
name: default/eg/grpc
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/grpc
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -336,6 +338,7 @@ xds:
cluster: tcproute/default/backend/rule/-1
statPrefix: tcp-1234
name: tcproute/default/backend
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tcp
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down Expand Up @@ -426,6 +429,7 @@ xds:
- name: envoy.filters.listener.tls_inspector
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
maxConnectionsToAcceptPerSocketEvent: 1
name: default/eg/tls-passthrough
perConnectionBufferLimitBytes: 32768
- activeState:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -661,6 +661,7 @@
],
"name": "envoy-gateway-system/eg/http"
},
"maxConnectionsToAcceptPerSocketEvent": 1,
"name": "envoy-gateway-system/eg/http",
"perConnectionBufferLimitBytes": 32768
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,7 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: envoy-gateway-system/eg/http
perConnectionBufferLimitBytes: 32768
- '@type': type.googleapis.com/envoy.admin.v3.RoutesConfigDump
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -162,5 +162,6 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: envoy-gateway-system/eg/http
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,7 @@ xds:
statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway-system/eg/http
maxConnectionsToAcceptPerSocketEvent: 1
name: envoy-gateway-system/eg/http
perConnectionBufferLimitBytes: 32768
- '@type': type.googleapis.com/envoy.admin.v3.RoutesConfigDump
Expand Down
2 changes: 2 additions & 0 deletions internal/ir/xds.go
Original file line number Diff line number Diff line change
Expand Up @@ -2936,6 +2936,8 @@ type ClientConnection struct {
ConnectionLimit *ConnectionLimit `json:"limit,omitempty" yaml:"limit,omitempty"`
// BufferLimitBytes is the maximum number of bytes that can be buffered for a connection.
BufferLimitBytes *uint32 `json:"bufferLimit,omitempty" yaml:"bufferLimit,omitempty"`
// MaxAcceptPerSocketEvent is the maximum number of connections to accept from the kernel per socket event.
MaxAcceptPerSocketEvent *uint32 `json:"maxAcceptPerSocketEvent,omitempty" yaml:"maxAcceptPerSocketEvent,omitempty"`
}

// ConnectionLimit contains settings for downstream connection limits
Expand Down
5 changes: 5 additions & 0 deletions internal/ir/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 15 additions & 5 deletions internal/xds/translator/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ const (
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-http2protocoloptions-initial-connection-window-size
http2InitialConnectionWindowSize = 1048576 // 1 MiB
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/connection_limit/v3/connection_limit.proto
networkConnectionLimit = "envoy.filters.network.connection_limit"
networkConnectionLimit = "envoy.filters.network.connection_limit"
maxConnAcceptPerSocketEvent = 1
)

func http1ProtocolOptions(opts *ir.HTTP1Settings) *corev3.Http1ProtocolOptions {
Expand Down Expand Up @@ -197,11 +198,13 @@ func buildXdsTCPListener(
return nil, err
}
bufferLimitBytes := buildPerConnectionBufferLimitBytes(connection)
maxAcceptPerSocketEvent := buildMaxAcceptPerSocketEvent(connection)
listener := &listenerv3.Listener{
Name: name,
AccessLog: al,
SocketOptions: socketOptions,
PerConnectionBufferLimitBytes: bufferLimitBytes,
Name: name,
AccessLog: al,
SocketOptions: socketOptions,
PerConnectionBufferLimitBytes: bufferLimitBytes,
MaxConnectionsToAcceptPerSocketEvent: maxAcceptPerSocketEvent,
Address: &corev3.Address{
Address: &corev3.Address_SocketAddress{
SocketAddress: &corev3.SocketAddress{
Expand Down Expand Up @@ -230,6 +233,13 @@ func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrappe
return wrapperspb.UInt32(tcpListenerPerConnectionBufferLimitBytes)
}

func buildMaxAcceptPerSocketEvent(connection *ir.ClientConnection) *wrapperspb.UInt32Value {
if connection != nil && connection.MaxAcceptPerSocketEvent != nil {
return wrapperspb.UInt32(*connection.MaxAcceptPerSocketEvent)
}
return wrapperspb.UInt32(maxConnAcceptPerSocketEvent)
}

// buildXdsQuicListener creates a xds Listener resource for quic
func buildXdsQuicListener(name, address string, port uint32, ipFamily *egv1a1.IPFamily, accesslog *ir.AccessLog) (*listenerv3.Listener, error) {
log, err := buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeListener)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
http:
- name: "first-listener"
address: "::"
port: 10080
hostnames:
- "*"
path:
mergeSlashes: true
escapedSlashesAction: UnescapeAndRedirect
routes:
- name: "first-route"
hostname: "*"
destination:
name: "first-route-dest"
settings:
- endpoints:
- host: "1.2.3.4"
port: 50000
name: "first-route-dest/backend/0"
connection:
maxAcceptPerSocketEvent: 2
tcp:
- name: "second-listener"
address: "::"
connection:
maxAcceptPerSocketEvent: 3
port: 10081
routes:
- name: "tcp-route-dest"
destination:
name: "tcp-route-dest"
settings:
- endpoints:
- host: "1.2.3.4"
port: 50000
name: "tcp-route-dest/backend/0"
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
'@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: tcp-route-dest
statPrefix: tcp-10080
maxConnectionsToAcceptPerSocketEvent: 1
name: envoy-gateway/gateway-1/http1
perConnectionBufferLimitBytes: 32768
statPrefix: envoy-gateway/gateway-1/http1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
statPrefix: http-10080
useRemoteAddress: true
name: extension-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: extension-listener
perConnectionBufferLimitBytes: 32768
statPrefix: mock-extension-inserted-prefix
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: extension-post-xdslistener-hook-error
maxConnectionsToAcceptPerSocketEvent: 1
name: extension-post-xdslistener-hook-error
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: first-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: first-listener
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: extension-post-xdstranslate-hook-error
maxConnectionsToAcceptPerSocketEvent: 1
name: extension-post-xdstranslate-hook-error
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: extension-post-xdsvirtualhost-hook-error
maxConnectionsToAcceptPerSocketEvent: 1
name: extension-post-xdsvirtualhost-hook-error
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: first-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: first-listener
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
statPrefix: http-10081
useRemoteAddress: true
name: policyextension-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: policyextension-listener
perConnectionBufferLimitBytes: 32768
statPrefix: from-the-policy
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,6 @@
- name: envoy.filters.listener.tls_inspector
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
maxConnectionsToAcceptPerSocketEvent: 1
name: first-listener-error
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -179,5 +179,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: first-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: first-listener
perConnectionBufferLimitBytes: 32768
Original file line number Diff line number Diff line change
Expand Up @@ -140,5 +140,6 @@
statPrefix: http-10080
useRemoteAddress: true
name: first-listener
maxConnectionsToAcceptPerSocketEvent: 1
name: first-listener
perConnectionBufferLimitBytes: 32768
Loading