はじめに

Istio の Connection idleTimeout の初期値および設定値の変更方法について調査した結果を備忘録として纏めておく
対象の Istio バージョンは v1.14.1

Connection idleTimeout

Istio Documentation の DestinationRule [1] によると、idleTimeout が適用されるのは upstream connection pool に対してのみであり、downstream の idleTimeout には触れられていない

The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached, the connection will be closed. If the connection is an HTTP/2 connection a drain sequence will occur prior to closing the connection. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.

Envoy Documentation の How do I configure timeouts? [2] を見ると、upstream/downstream 共にデフォルト値は 1 hour と読み取れる
そして downstream の idleTimeout を設定するには、envoy.filters.network.http_connection_manager の common_http_protocol_options で idle_timeout を指定すればよいと思われる

The HTTP protocol idle_timeout is defined in a generic message used by both the HTTP connection manager as well as upstream cluster HTTP connections. The idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams. The default idle timeout if not otherwise specified is 1 hour. To modify the idle timeout for downstream connections use the common_http_protocol_options field in the HTTP connection manager configuration. To modify the idle timeout for upstream connections use the common_http_protocol_options field in the Cluster’s extension_protocol_options, keyed by envoy.extensions.upstreams.http.v3.HttpProtocolOptions

Istio では listener.go [3] で common_http_protocol_options に NodeMetadata の idleTimeout をセットしている

idleTimeout, err := time.ParseDuration(lb.node.Metadata.IdleTimeout)
if err == nil {
    connectionManager.CommonHttpProtocolOptions = &core.HttpProtocolOptions{
        IdleTimeout: durationpb.New(idleTimeout),
    }
}

NodeMetadata は context.go [4] で定義されていて、idleTimeout は IDLE_TIMEOUT で指定できる

// IdleTimeout specifies the idle timeout for the proxy, in duration format (10s).
// If not set, default timeout is 1 hour.
IdleTimeout string `json:"IDLE_TIMEOUT,omitempty"`

これは istioctl install 時に Global Mesh Options の ProxyConfig [5] で、proxyMetadata に ISTIO_META_IDLE_TIMEOUT を指定すればよい

Additional environment variables for the proxy. Names starting with ISTIO_META_ will be included in the generated bootstrap and sent to the XDS server.

実際に試してみたいところなのだが、GKE Cluster を立ち上げようとすると GCE_STOCKOUT となってしまったのでまたの機会に・・・

Reference

[1] https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-HTTPSettings
[2] https://www.envoyproxy.io/docs/envoy/latest/faq/configuration/timeouts#how-do-i-configure-timeouts
[3] https://github.com/istio/istio/blob/1.14.1/pilot/pkg/networking/core/v1alpha3/listener.go#L1134-L1139
[4] https://github.com/istio/istio/blob/1.14.1/pilot/pkg/model/context.go#L576-L578
[5] https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig