Timeout

New to Kuma? Don’t use this policy, check MeshTimeout instead. If you want to use the Retry policy, remember that it requires the TrafficRoute policy to function properly.

Timeout is an outbound policy. Dataplanes whose configuration is modified are in the sources matcher.

This policy enables Kuma to set timeouts on the outbound connections depending on the protocol.

Usage

Specify the proxy to configure with the sources selector, and the outbound connections from the proxy with the destinations selector.

The policy lets you configure timeouts for HTTP, GRPC, and TCP protocols. More about Protocol support in Kuma.

Configuration

Timeouts applied when communicating with services of any protocol:

Field: connectTimeout
Description: time to establish a connection
Default value: 10s
Envoy conf: Cluster

Timeouts applied when communicating with TCP services:

Field: tcp.idleTimeout
Description: period in which there are no bytes sent or received on either the upstream or downstream connection
Default value: disabled
Envoy conf: TCPProxy

Timeouts applied when communicating with HTTP, HTTP2 or GRPC services:

Field: http.requestTimeout
Description: is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed
Default value: disabled
Envoy conf: Route

Field: http.idleTimeout
Description: time at which a downstream or upstream connection will be terminated if there are no active streams
Default value: disabled
Envoy conf: HTTPConnectionManager and Cluster

Field: http.streamIdleTimeout
Description: amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity
Default value: disabled
Envoy conf: HTTPConnectionManager

Field: http.maxStreamDuration
Description: maximum time that a stream’s lifetime will span
Default value: disabled
Envoy conf: Cluster

Default general-purpose Timeout policy

By default, Kuma creates the following Timeout policy:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: Timeout
  3. mesh: default
  4. metadata:
  5. name: timeout-all-default
  6. spec:
  7. sources:
  8. - match:
  9. kuma.io/service: '*'
  10. destinations:
  11. - match:
  12. kuma.io/service: '*'
  13. conf:
  14. connectTimeout: 5s # all protocols
  15. tcp: # tcp, kafka
  16. idleTimeout: 1h
  17. http: # http, http2, grpc
  18. requestTimeout: 15s
  19. idleTimeout: 1h
  20. streamIdleTimeout: 30m
  21. maxStreamDuration: 0s
  1. type: Timeout
  2. mesh: default
  3. name: timeout-all-default
  4. sources:
  5. - match:
  6. kuma.io/service: '*'
  7. destinations:
  8. - match:
  9. kuma.io/service: '*'
  10. conf:
  11. connectTimeout: 5s # all protocols
  12. tcp: # tcp, kafka
  13. idleTimeout: 1h
  14. http: # http, http2, grpc
  15. requestTimeout: 15s
  16. idleTimeout: 1h
  17. streamIdleTimeout: 30m
  18. maxStreamDuration: 0s

Default timeout policy works fine in most cases. But if your application is using GRPC streaming make sure to set http.requestTimeout to 0s.

Matching

Timeout is an Outbound Connection Policy. The only supported value for destinations.match is kuma.io/service.

Builtin Gateway support

Timeouts are connection policies and are supported by configuring the timeout parameters on the target Envoy cluster. Request timeouts are configured on the Envoy routes and may select a different Timeout policy when a route backend forwards to more than one distinct service.

Mesh configures an idle timeout on the HTTPConnectionManager, but doesn’t consistently use the Timeout policy values for this, so the semantica are ambiguous. There’s no policy that configures the idle timeout for downstream connections to the Gateway.

Inbound timeouts

Currently, there is no policy to set inbound timeouts. Timeouts on the inbound side have constant values:

  1. connectTimeout: 10s
  2. tcp:
  3. idleTimeout: 2h
  4. http:
  5. requestTimeout: 0s
  6. idleTimeout: 2h
  7. streamIdleTimeout: 1h
  8. maxStreamDuration: 0s

If you still need to change inbound timeouts you can use a ProxyTemplate:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: ProxyTemplate
  3. mesh: default
  4. metadata:
  5. name: custom-template-1
  6. spec:
  7. selectors:
  8. - match:
  9. kuma.io/service: '*'
  10. conf:
  11. imports:
  12. - default-proxy
  13. modifications:
  14. - networkFilter:
  15. operation: patch
  16. match:
  17. name: envoy.filters.network.http_connection_manager
  18. origin: inbound
  19. value: |
  20. name: envoy.filters.network.http_connection_manager
  21. typedConfig:
  22. '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
  23. streamIdleTimeout: 0s # disable http.streamIdleTimeout
  24. common_http_protocol_options:
  25. idle_timeout: 0s # disable http.idleTimeout
  1. type: ProxyTemplate
  2. mesh: default
  3. name: custom-template-1
  4. selectors:
  5. - match:
  6. kuma.io/service: "*"
  7. conf:
  8. imports:
  9. - default-proxy
  10. modifications:
  11. - networkFilter:
  12. operation: patch
  13. match:
  14. name: envoy.filters.network.http_connection_manager
  15. origin: inbound
  16. value: |
  17. name: envoy.filters.network.http_connection_manager
  18. typedConfig:
  19. '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
  20. streamIdleTimeout: 0s # disable http.streamIdleTimeout
  21. common_http_protocol_options:
  22. idle_timeout: 0s # disable http.idleTimeout

It’s not recommended disabling streamIdleTimeouts and idleTimeout since it has a high likelihood of yielding connection leaks.

Non-mesh traffic

When passthrough mode is activated any non-mesh traffic is passing Envoy without applying the Timeout policies. Read more about Non-mesh traffic.

All options