config: add runtime flags

2025-07-25 12:39:50 +02:00 · 2024-04-01 17:29:40 -04:00 · 2024-04-01 17:29:40 -04:00 · be9c14fc04
commit be9c14fc04
parent 84b44ae2e6
13 changed files with 486 additions and 212 deletions
--- a/config/envoyconfig/protocols.go
+++ b/config/envoyconfig/protocols.go
@ -2,11 +2,14 @@ package envoyconfig

 import (
 	"context"
+	"time"

 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_extensions_http_header_formatters_preserve_case_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3"
 	envoy_extensions_upstreams_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
 	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"

 	"github.com/pomerium/pomerium/config"
@ -41,6 +44,9 @@ var http1ProtocolOptions = &envoy_config_core_v3.Http1ProtocolOptions{
 	},
 }

+// Keepalive is a type to enable or disable keepalive
+type Keepalive bool
+
 var http2ProtocolOptions = &envoy_config_core_v3.Http2ProtocolOptions{
 	AllowConnect:                true,
 	MaxConcurrentStreams:        wrapperspb.UInt32(maxConcurrentStreams),
@ -48,27 +54,46 @@ var http2ProtocolOptions = &envoy_config_core_v3.Http2ProtocolOptions{
 	InitialConnectionWindowSize: wrapperspb.UInt32(initialConnectionWindowSizeLimit),
 }

+var http2ProtocolOptionsWithKeepalive = &envoy_config_core_v3.Http2ProtocolOptions{
+	AllowConnect:                true,
+	MaxConcurrentStreams:        wrapperspb.UInt32(maxConcurrentStreams),
+	InitialStreamWindowSize:     wrapperspb.UInt32(initialStreamWindowSizeLimit),
+	InitialConnectionWindowSize: wrapperspb.UInt32(initialConnectionWindowSizeLimit),
+	ConnectionKeepalive: &envoy_config_core_v3.KeepaliveSettings{
+		Interval:               durationpb.New(time.Minute),
+		Timeout:                durationpb.New(time.Minute),
+		IntervalJitter:         &typev3.Percent{Value: 15}, // envoy's default
+		ConnectionIdleInterval: durationpb.New(5 * time.Minute),
+	},
+}
+
 func buildTypedExtensionProtocolOptions(
 	endpoints []Endpoint,
 	upstreamProtocol upstreamProtocolConfig,
+	keepalive Keepalive,
 ) map[string]*anypb.Any {
 	return map[string]*anypb.Any{
-		"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": marshalAny(buildUpstreamProtocolOptions(endpoints, upstreamProtocol)),
+		"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": marshalAny(buildUpstreamProtocolOptions(endpoints, upstreamProtocol, keepalive)),
 	}
 }

 func buildUpstreamProtocolOptions(
 	endpoints []Endpoint,
 	upstreamProtocol upstreamProtocolConfig,
+	keepalive Keepalive,
 ) *envoy_extensions_upstreams_http_v3.HttpProtocolOptions {
 	switch upstreamProtocol {
 	case upstreamProtocolHTTP2:
+		h2opt := http2ProtocolOptions
+		if keepalive {
+			h2opt = http2ProtocolOptionsWithKeepalive
+		}
 		// when explicitly configured, force HTTP/2
 		return &envoy_extensions_upstreams_http_v3.HttpProtocolOptions{
 			UpstreamProtocolOptions: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{
 				ExplicitHttpConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig{
 					ProtocolConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
-						Http2ProtocolOptions: http2ProtocolOptions,
+						Http2ProtocolOptions: h2opt,
 					},
 				},
 			},