Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.1.x (latest)
  • 2.0.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • 1.6.x
  • 1.5.x
  • 1.4.x
  • 1.3.x
  • 1.2.x
  • 1.1.x
  • 1.0.x
    • Introduction to Kong Mesh
    • What is Service Mesh?
    • How Kong Mesh works
    • Deployments
    • Version support policy
    • Stability
    • Release notes
    • Installation Options
    • Kubernetes
    • Helm
    • OpenShift
    • Docker
    • Amazon ECS
    • Amazon Linux
    • Red Hat
    • CentOS
    • Debian
    • Ubuntu
    • macOS
    • Windows
    • Explore Kong Mesh with the Kubernetes demo app
    • Explore Kong Mesh with the Universal demo app
    • Standalone deployment
    • Deploy a standalone control plane
    • Multi-zone deployment
    • Deploy a multi-zone global control plane
    • License
    • Overview
    • Data plane proxy
    • Data plane on Kubernetes
    • Data plane on Universal
    • Gateway
    • Zone Ingress
    • Zone Egress
    • CLI
    • GUI
    • Observability
    • Inspect API
    • Kubernetes Gateway API
    • Networking
    • Service Discovery
    • DNS
    • Kong Mesh CNI
    • Transparent Proxying
    • IPv6 support
    • Non-mesh traffic
    • Secure access across Kong Mesh components
    • Secrets
    • Kong Mesh API Access Control
    • API server authentication
    • Data plane proxy authentication
    • Zone proxy authentication
    • Data plane proxy membership
    • Dataplane Health
    • Fine-tuning
    • Control Plane Configuration
    • Upgrades
    • Requirements
    • Introduction
    • General notes about Kong Mesh policies
    • Applying Policies
    • How Kong Mesh chooses the right policy to apply
    • Understanding TargetRef policies
    • Protocol support in Kong Mesh
    • Mesh
    • Mutual TLS
    • Traffic Permissions
    • Traffic Route
    • Traffic Metrics
    • Traffic Trace
    • Traffic Log
    • Locality-aware Load Balancing
    • Fault Injection
    • Health Check
    • Circuit Breaker
    • Proxy Template
    • External Service
    • Retry
    • Timeout
    • Rate Limit
    • Virtual Outbound
    • MeshGateway
    • MeshGatewayRoute
    • Service Health Probes
    • MeshAccessLog (Beta)
    • MeshCircuitBreaker (Beta)
    • MeshFaultInjection (Beta)
    • MeshHealthCheck (Beta)
    • MeshHTTPRoute (Beta)
    • MeshProxyPatch (Beta)
    • MeshRateLimit (Beta)
    • MeshRetry (Beta)
    • MeshTimeout (Beta)
    • MeshTrace (Beta)
    • MeshTrafficPermission (Beta)
    • Overview
    • HashiCorp Vault CA
    • Amazon ACM Private CA
    • cert-manager Private CA
    • OPA policy support
    • MeshOPA (beta)
    • Multi-zone authentication
    • FIPS support
    • Certificate Authority rotation
    • Role-Based Access Control
    • UBI Images
    • Windows Support
    • Auditing
    • HTTP API
    • Annotations and labels in Kubernetes mode
    • Kong Mesh data collection
      • Mesh
      • CircuitBreaker
      • ExternalService
      • FaultInjection
      • HealthCheck
      • MeshGateway
      • MeshGatewayRoute
      • ProxyTemplate
      • RateLimit
      • Retry
      • Timeout
      • TrafficLog
      • TrafficPermission
      • TrafficRoute
      • TrafficTrace
      • VirtualOutbound
      • Dataplane
      • ZoneEgress
      • ZoneIngress
      • kuma-cp
      • kuma-dp
      • kumactl
    • Kuma-cp configuration reference
    • Open source License
    • Contribute to Mesh

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • TargetRef support matrix
  • Configuration
    • Timeouts explained
    • Examples
    • Defaults
Kong Mesh
2.1.x (latest)
  • Home
  • Kong Mesh
  • Policies
  • Mesh Timeout (beta)

Mesh Timeout (beta)

This policy uses new policy matching algorithm and is in beta state, it should not be mixed with Timeout policy.

TargetRef support matrix

TargetRef type top level to from
Mesh ✅ ✅ ✅
MeshSubset ✅ ❌ ❌
MeshService ✅ ✅ ❌
MeshServiceSubset ✅ ❌ ❌
MeshGatewayRoute ❌ ❌ ❌

To learn more about the information in this table, see the matching docs.

Configuration

This policy enables Kong Mesh to set timeouts on the inbound and outbound connections depending on the protocol. Using this policy you can configure TCP and HTTP timeouts. Timeout configuration is split into two sections: common configuration and HTTP configuration. Common config is applied to both HTTP and TCP communication. HTTP timeout are only applied when service is marked as http. More on this in protocol support section.

MeshTimeout policy lets you configure multiple timeouts:

  • connectionTimeout
  • idleTimeout
  • http requestTimeout
  • http streamIdleTimeout
  • http maxStreamDuration
  • http maxConnectionDuration

Timeouts explained

Connection timeout

Connection timeout specifies the amount of time DP will wait for a TCP connection to be established.

Idle timeout

For TCP connections idle timeout is the amount of time that the DP will allow a connection to exist with no inbound or outbound activity. On the other hand when connection in HTTP time at which a inbound or outbound connection will be terminated if there are no active streams

HTTP request timeout

Request timeout lets you configure how long the data plane proxy should wait for the full response. In details it spans between the point at which the entire request has been processed by DP and when the response has been completely processed by DP.

HTTP stream idle timeout

Stream idle timeout is the amount of time that the data plane proxy will allow a HTTP/2 stream to exist with no inbound or outbound activity. This timeout is strongly recommended for all requests (not just streaming requests/responses) as it additionally defends against a peer that does not open the stream window once an entire response has been buffered to be sent to a downstream client.

Stream timeouts apply even when you are only using HTTP/1.1 in you services. This is because every connection between data plane proxies is upgraded to HTTP/2.

HTTP max stream duration

Max stream duration is the maximum time that a stream’s lifetime will span. You can use this functionality when you want to reset HTTP request/response streams periodically.

HTTP max connection duration

Max connection duration is the time after which an inbound or outbound connection will be drained and/or closed, starting from when it was first established. If there are no active streams, the connection will be closed. If there are any active streams, the drain sequence will kick-in, and the connection will be force-closed after 5 seconds.

Examples

Simple outbound HTTP configuration

This configuration will be applied to all data plane proxies inside of Mesh.

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
  name: timeout-global
  namespace: kong-mesh-system
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Mesh
  to:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 20s
        connectionTimeout: 2s
        http:
          requestTimeout: 2s

We will apply the configuration with kubectl apply -f [..].

type: MeshTimeout
name: timeout-global
mesh: default
spec:
  targetRef:
    kind: Mesh
  to:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 20s
        connectionTimeout: 2s
        http:
          requestTimeout: 2s

We will apply the configuration with kumactl apply -f [..] or via the HTTP API.

Simple TCP configuration

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
  name: tcp-timeout
  namespace: kong-mesh-system
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Mesh
  to:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 20s
        connectionTimeout: 2s

We will apply the configuration with kubectl apply -f [..].

type: MeshTimeout
name: tcp-timeout
mesh: default
spec:
  targetRef:
    kind: Mesh
  to:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 20s
        connectionTimeout: 2s

We will apply the configuration with kumactl apply -f [..] or via the HTTP API.

Simple configuration for inboud applied to specific service

This configuration will be applied to backend service inbound.

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
  name: inboud-timeout
  namespace: kong-mesh-system
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: MeshService
    name: backend_kuma-test_svc_80
  from:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 60s
        connectionTimeout: 1s
        http:
          requestTimeout: 5s

We will apply the configuration with kubectl apply -f [..].

type: MeshTimeout
name: inboud-timeout
mesh: default
spec:
  targetRef:
    kind: MeshService
    name: backend
  from:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 20s
        connectionTimeout: 2s

We will apply the configuration with kumactl apply -f [..] or via the HTTP API.

Full config applied to inbound and outboud of specific service

This timeout configuration will be applied to all inbound connections to frontend and outbound connections from frontend to backend service

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
  name: inboud-timeout
  namespace: kong-mesh-system
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: MeshService
    name: fontend_kuma-test_svc_80
  from:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 60s
        connectionTimeout: 2s
        http:
          requestTimeout: 10s
          streamIdleTimeout: 1h
          maxStreamDuration: 30m
          maxConnectionDuration: 30m
  to:
    - targetRef:
        kind: MeshService
        name: backend_kuma-test_svc_80
      default:
        idleTimeout: 60s
        connectionTimeout: 1s
        http:
          requestTimeout: 5s
          streamIdleTimeout: 1h
          maxStreamDuration: 30m
          maxConnectionDuration: 30m

We will apply the configuration with kubectl apply -f [..].

type: MeshTimeout
name: inboud-timeout
mesh: default
spec:
  targetRef:
    kind: MeshService
    name: frontend
  from:
    - targetRef:
        kind: Mesh
      default:
        idleTimeout: 60s
        connectionTimeout: 2s
        http:
          requestTimeout: 10s
          streamIdleTimeout: 1h
          maxStreamDuration: 30m
          maxConnectionDuration: 30m
  to:
    - targetRef:
        kind: MeshService
        name: backend
      default:
        idleTimeout: 60s
        connectionTimeout: 1s
        http:
          requestTimeout: 5s
          streamIdleTimeout: 1h
          maxStreamDuration: 30m
          maxConnectionDuration: 30m

We will apply the configuration with kumactl apply -f [..] or via the HTTP API.

Defaults

Property default
idleTimeout 1h
connectionTimeout 5s
http.requestTimeout 15s
http.streamIdleTimeout 30m
http.maxStreamDuration 0s
http.maxConnectionDuration 0s

If you don’t specify from or to section defaults from Timeout policy will be used. This is known bug and will be fixed in the next version.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023