diff --git a/changelogs/unreleased/6315-ruzmuh-minor.md b/changelogs/unreleased/6315-ruzmuh-minor.md index 181d22d44f4..ee60c747625 100644 --- a/changelogs/unreleased/6315-ruzmuh-minor.md +++ b/changelogs/unreleased/6315-ruzmuh-minor.md @@ -1,3 +1,3 @@ ## http buffer filter configuration -Introduce two optional command line flags, `envoy-http-buffer-max-request-bytes` and `envoy-https-buffer-max-request-bytes`, with default values set to `0`. If the value is non-zero, an HTTP buffer filter will be added to the HTTP filter chain immediately after the `DefaultFilters()` with the `max_request_bytes` parameter. This configuration allows setting the buffer filter for the entire HTTP listener only. +Introduce two optional config parameter `http-buffer-max-request-bytes`, with default values set to `0`. If the value is non-zero, an HTTP buffer filter will be added to the HTTP filter chain immediately after the `DefaultFilters()` with the `max_request_bytes` parameter. This configuration allows setting the buffer filter for the entire HTTP listeners only (both http and https). diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index a9301627c3b..13d71c9835b 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -137,9 +137,7 @@ func registerServe(app *kingpin.Application) (*kingpin.CmdClause, *serveContext) serve.Flag("disable-leader-election", "Disable leader election mechanism.").BoolVar(&ctx.LeaderElection.Disable) serve.Flag("envoy-http-access-log", "Envoy HTTP access log.").PlaceHolder("/path/to/file").StringVar(&ctx.httpAccessLog) - serve.Flag("envoy-http-buffer-max-request-bytes", "Envoy HTTP buffer max request bytes.").PlaceHolder("10485760").Uint32Var(&ctx.httpBufferMaxRequestBytes) serve.Flag("envoy-https-access-log", "Envoy HTTPS access log.").PlaceHolder("/path/to/file").StringVar(&ctx.httpsAccessLog) - serve.Flag("envoy-https-buffer-max-request-bytes", "Envoy HTTPS buffer max request bytes.").PlaceHolder("10485760").Uint32Var(&ctx.httpsBufferMaxRequestBytes) serve.Flag("envoy-service-http-address", "Kubernetes Service address for HTTP requests.").PlaceHolder("").StringVar(&ctx.httpAddr) serve.Flag("envoy-service-http-port", "Kubernetes Service port for HTTP requests.").PlaceHolder("").IntVar(&ctx.httpPort) serve.Flag("envoy-service-https-address", "Kubernetes Service address for HTTPS requests.").PlaceHolder("").StringVar(&ctx.httpsAddr) diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index c2cca08aaea..a0e5aa06b72 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -77,16 +77,14 @@ type serveContext struct { useProxyProto bool // envoy's http listener parameters - httpAddr string - httpPort int - httpAccessLog string - httpBufferMaxRequestBytes uint32 + httpAddr string + httpPort int + httpAccessLog string // envoy's https listener parameters - httpsAddr string - httpsPort int - httpsAccessLog string - httpsBufferMaxRequestBytes uint32 + httpsAddr string + httpsPort int + httpsAccessLog string // PermitInsecureGRPC disables TLS on Contour's gRPC listener. PermitInsecureGRPC bool @@ -118,24 +116,22 @@ type LeaderElection struct { func newServeContext() *serveContext { // Set defaults for parameters which are then overridden via flags, ENV, or ConfigFile return &serveContext{ - Config: config.Defaults(), - statsAddr: "0.0.0.0", - statsPort: 8002, - debugAddr: "127.0.0.1", - debugPort: 6060, - healthAddr: "0.0.0.0", - healthPort: 8000, - metricsAddr: "0.0.0.0", - metricsPort: 8000, - httpAccessLog: xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, - httpsAccessLog: xdscache_v3.DEFAULT_HTTPS_ACCESS_LOG, - httpAddr: "0.0.0.0", - httpsAddr: "0.0.0.0", - httpBufferMaxRequestBytes: 0, - httpsBufferMaxRequestBytes: 0, - httpPort: 8080, - httpsPort: 8443, - PermitInsecureGRPC: false, + Config: config.Defaults(), + statsAddr: "0.0.0.0", + statsPort: 8002, + debugAddr: "127.0.0.1", + debugPort: 6060, + healthAddr: "0.0.0.0", + healthPort: 8000, + metricsAddr: "0.0.0.0", + metricsPort: 8000, + httpAccessLog: xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, + httpsAccessLog: xdscache_v3.DEFAULT_HTTPS_ACCESS_LOG, + httpAddr: "0.0.0.0", + httpsAddr: "0.0.0.0", + httpPort: 8080, + httpsPort: 8443, + PermitInsecureGRPC: false, ServerConfig: ServerConfig{ xdsAddr: "127.0.0.1", xdsPort: 8001, @@ -550,13 +546,13 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co Address: ctx.httpAddr, Port: ctx.httpPort, AccessLog: ctx.httpAccessLog, - BufferMaxRequestBytes: ctx.httpBufferMaxRequestBytes, + BufferMaxRequestBytes: ctx.Config.HTTPBufferMaxRequestBytes, }, HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: ctx.httpsAddr, Port: ctx.httpsPort, AccessLog: ctx.httpsAccessLog, - BufferMaxRequestBytes: ctx.httpsBufferMaxRequestBytes, + BufferMaxRequestBytes: ctx.Config.HTTPBufferMaxRequestBytes, }, Metrics: &envoyMetrics, Health: &contour_v1alpha1.HealthConfig{ diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index ed3a3a94fcd..f24ad1764b6 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -903,8 +903,7 @@ func TestConvertServeContext(t *testing.T) { }, "envoy buffer filter": { getServeContext: func(ctx *serveContext) *serveContext { - ctx.httpBufferMaxRequestBytes = 10 - ctx.httpsBufferMaxRequestBytes = 10 + ctx.Config.HTTPBufferMaxRequestBytes = 10 return ctx }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index e1bafe249f9..394d4b8bc63 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -700,6 +700,10 @@ type Parameters struct { // GlobalExternalAuthorization optionally holds properties of the global external authorization configuration. GlobalExternalAuthorization GlobalExternalAuthorization `yaml:"globalExtAuth,omitempty"` + // HTTPBufferMaxRequestBytes defines value for max_request_bytes parameter of http buffer filter. + // If the value is non-zero, an HTTP buffer filter will be added to the HTTP filter chain. + HTTPBufferMaxRequestBytes uint32 `yaml:"http-buffer-max-request-bytes,omitempty"` + // MetricsParameters holds configurable parameters for Contour and Envoy metrics. Metrics MetricsParameters `yaml:"metrics,omitempty"` @@ -1058,9 +1062,10 @@ func Defaults() Parameters { ResponseHeadersPolicy: HeadersPolicy{}, ApplyToIngress: false, }, - EnvoyServiceName: "envoy", - EnvoyServiceNamespace: contourNamespace, - DefaultHTTPVersions: []HTTPVersionType{}, + EnvoyServiceName: "envoy", + EnvoyServiceNamespace: contourNamespace, + DefaultHTTPVersions: []HTTPVersionType{}, + HTTPBufferMaxRequestBytes: 0, Cluster: ClusterParameters{ DNSLookupFamily: AutoClusterDNSFamily, },