Skip to content
|
search
Kong Mesh
2.1.x (latest)

Timeout

Timeout is an outbound policy. Dataplanes whose configuration is modified are in the sources matcher.

This policy enables Kong Mesh to set timeouts on the outbound connections depending on the protocol.

Usage

Specify the proxy to configure with the sources selector, and the outbound connections from the proxy with the destinations selector.

The policy lets you configure timeouts for HTTP, GRPC, and TCP protocols. More about Protocol support in Kong Mesh.

Configuration

Timeouts applied when communicating with services of any protocol:

Field: connectTimeout
Description: time to establish a connection
Default value: 10s
Envoy conf: Cluster

Timeouts applied when communicating with TCP services:

Field: tcp.idleTimeout
Description: period in which there are no bytes sent or received on either the upstream or downstream connection
Default value: disabled
Envoy conf: TCPProxy

Timeouts applied when communicating with HTTP, HTTP2 or GRPC services:

Field: http.requestTimeout
Description: is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed
Default value: disabled
Envoy conf: Route

Field: http.idleTimeout
Description: time at which a downstream or upstream connection will be terminated if there are no active streams
Default value: disabled
Envoy conf: HTTPConnectionManager and Cluster

Field: http.streamIdleTimeout
Description: amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity
Default value: disabled
Envoy conf: HTTPConnectionManager

Field: http.maxStreamDuration
Description: maximum time that a stream’s lifetime will span
Default value: disabled
Envoy conf: Cluster

Default general-purpose Timeout policy

By default, Kong Mesh creates the following Timeout policy:

apiVersion: kuma.io/v1alpha1
kind: Timeout
mesh: default
metadata:
  name: timeout-all-default
spec:
  sources:
    - match:
        kuma.io/service: '*'
  destinations:
    - match:
        kuma.io/service: '*'
  conf:
    connectTimeout: 5s # all protocols
    tcp: # tcp, kafka
      idleTimeout: 1h 
    http: # http, http2, grpc
      requestTimeout: 15s 
      idleTimeout: 1h
      streamIdleTimeout: 30m
      maxStreamDuration: 0s

type: Timeout
mesh: default
name: timeout-all-default
sources:
  - match:
      kuma.io/service: '*'
destinations:
  - match:
      kuma.io/service: '*'
conf:
  connectTimeout: 5s # all protocols
  tcp: # tcp, kafka
    idleTimeout: 1h
  http: # http, http2, grpc
    requestTimeout: 15s
    idleTimeout: 1h
    streamIdleTimeout: 30m
    maxStreamDuration: 0s

Default timeout policy works fine in most cases. But if your application is using GRPC streaming make sure to set http.requestTimeout to 0s.

Matching

Timeout is an Outbound Connection Policy. The only supported value for destinations.match is kuma.io/service.

Builtin Gateway support

Timeouts are connection policies and are supported by configuring the timeout parameters on the target Envoy cluster. Request timeouts are configured on the Envoy routes and may select a different Timeout policy when a route backend forwards to more than one distinct service.

Mesh configures an idle timeout on the HTTPConnectionManager, but doesn’t consistently use the Timeout policy values for this, so the semantica are ambiguous. There’s no policy that configures the idle timeout for downstream connections to the Gateway.

Inbound timeouts

Currently, there is no policy to set inbound timeouts. Timeouts on the inbound side have constant values:

connectTimeout: 10s 
tcp:
  idleTimeout: 2h
http:
  requestTimeout: 0s
  idleTimeout: 2h
  streamIdleTimeout: 1h
  maxStreamDuration: 0s

If you still need to change inbound timeouts you can use a ProxyTemplate:

apiVersion: kuma.io/v1alpha1
kind: ProxyTemplate
mesh: default
metadata:
  name: custom-template-1
spec:
  selectors:
    - match:
        kuma.io/service: '*'
  conf:
    imports:
      - default-proxy 
    modifications:
      - networkFilter:
          operation: patch
          match:
            name: envoy.filters.network.http_connection_manager
            origin: inbound 
          value: |
            name: envoy.filters.network.http_connection_manager
            typedConfig:
              '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
              streamIdleTimeout: 0s # disable http.streamIdleTimeout 
              common_http_protocol_options: 
                idle_timeout: 0s # disable http.idleTimeout

type: ProxyTemplate
mesh: default
name: custom-template-1
selectors:
  - match:
      kuma.io/service: "*"
conf:
  imports:
    - default-proxy 
  modifications:
    - networkFilter:
        operation: patch
        match:
          name: envoy.filters.network.http_connection_manager
          origin: inbound 
        value: |
          name: envoy.filters.network.http_connection_manager
          typedConfig:
            '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
            streamIdleTimeout: 0s # disable http.streamIdleTimeout 
            common_http_protocol_options: 
              idle_timeout: 0s # disable http.idleTimeout

It’s not recommended disabling streamIdleTimeouts and idleTimeout since it has a high likelihood of yielding connection leaks.

Non-mesh traffic

When passthrough mode is activated any non-mesh traffic is passing Envoy without applying the Timeout policies. Read more about Non-mesh traffic.