envoy: Allow customize per cluster connections / requests limit by exherb · Pull Request #43049 · cilium/cilium

exherb · 2025-12-01T08:54:28Z

Envoy default limit on connections/requests on a cluster is 1024. This is not enough for large pod.

Please ensure your pull request adheres to the following guidelines:

For first time contributors, read Submitting a pull request
All code is covered by unit and/or runtime tests where feasible.
All commits contain a well written commit description including a title,
description and a Fixes: #XXX line if the commit addresses a particular
GitHub issue.
If your commit description contains a Fixes: <commit-id> tag, then
please add the commit author[s] as reviewer[s] to this issue.
All commits are signed off. See the section Developer’s Certificate of Origin
Provide a title or release-note blurb suitable for the release notes.
Are you a user of Cilium? Please add yourself to the Users doc
Thanks for contributing!

Allow set the limit via a new helm value 'envoy.clusterMaxConnections' / envoy.clusterMaxRequests and Cilium Agent command line argument '--proxy-cluster-max-connections' / '--proxy-cluster-max-requests'.

gandro

Helm-wise this looks good to me, thanks for your contribution!

Please make sure to sign off your commit (git commit --amend --sign-off).

gandro · 2025-12-01T08:59:25Z

I also notice that your PR description and commit message say the limit is increased, but the text mentions that the current default is 1024 and doesn't actually increase it. Please fix the commit and PR title.

Also, it seems the the build is broken. Have you tested this commit? If so, how have you tested it?

exherb · 2025-12-01T09:07:24Z

I also notice that your PR description and commit message say the limit is increased, but the text mentions that the current default is 1024 and doesn't actually increase it. Please fix the commit and PR title.

Also, it seems the the build is broken. Have you tested this commit? If so, how have you tested it?

sorry, I have change the commit message to 'Allow customize'
I have tested with our cilium cluster (11 nodes of 256 cores)

gandro · 2025-12-01T09:19:06Z

Thanks! Please note that the build is still broken:

22.69 ../pkg/ciliumenvoyconfig/cec_resource_parser.go:338:66: cannot use r.defaultMaxConnections (variable of type uint32) as int32 value in argument to fillInCircuitBreakers
22.69 ../pkg/ciliumenvoyconfig/cec_resource_parser.go:966:52: cannot use defaultMaxConnections (variable of type int32) as uint32 value in struct literal

gandro · 2025-12-01T09:35:54Z

The Helm schema also seems off (wrong order). Please run make -C install/kubernetes and amend your commit with the changes:

diff --git a/install/kubernetes/cilium/values.schema.json b/install/kubernetes/cilium/values.schema.json
index 5f19db7bbdc0..1f193890ff9d 100644
--- a/install/kubernetes/cilium/values.schema.json
+++ b/install/kubernetes/cilium/values.schema.json
@@ -2272,10 +2272,10 @@
         "maxConcurrentRetries": {
           "type": "integer"
         },
-        "maxConnections": {
+        "maxConnectionDurationSeconds": {
           "type": "integer"
         },
-        "maxConnectionDurationSeconds": {
+        "maxConnections": {
           "type": "integer"
         },
         "maxRequestsPerConnection": {

mhofstetter · 2025-12-02T13:46:02Z

This branch has conflicts that must be resolved

Please rebase to the top of main - sorry for the circumstances

mhofstetter · 2025-12-02T14:12:40Z

/test

mhofstetter

LGTM - Thanks!

Signed-off-by: exherb <[email protected]>

mhofstetter · 2025-12-02T15:33:07Z

@exherb There's no need to rebase the branch except there are conflicts. Otherwise we have to continue re-running the test suite.

exherb · 2025-12-02T15:39:44Z

sorry, I thought I have to rebase to merge.

mhofstetter · 2025-12-02T15:42:58Z

no problem. no, once the tests pass and the ready-to-merge label has been added a committer will pick it up and add the PR to the merge queue.

mhofstetter · 2025-12-02T15:43:21Z

/test

Cilium Cluster Mesh upgrade hit #41280
Conformance Cluster Mesh hit #41035
Cilium E2E Upgrade hit #40813

both unrelated to this PR

exherb · 2025-12-22T07:06:38Z

@mhofstetter #43455 is this back port pull request mergable?

…ernal envoy While we have cilium#43049 to cover embedded case. This PR is to cover the external envoy use case to use maxConnections and maxRequests Signed-off-by: Liyi Huang <[email protected]>

While we have cilium#43049 to cover embedded case. This PR is to cover the external envoy use case to use maxConnections and maxRequests Signed-off-by: Liyi Huang <[email protected]>

While we have cilium#43049 to cover embedded case. This PR is to cover the external envoy use case to use clusterMaxRequests and clusterMaxConnections Signed-off-by: Liyi Huang <[email protected]>

While we have #43049 to cover embedded case. This PR is to cover the external envoy use case to use clusterMaxRequests and clusterMaxConnections Signed-off-by: Liyi Huang <[email protected]>

While we have cilium#43049 to cover embedded case. This PR is to cover the external envoy use case to use clusterMaxRequests and clusterMaxConnections Signed-off-by: Liyi Huang <[email protected]>

[ upstream commit 3efb667 ] While we have #43049 to cover embedded case. This PR is to cover the external envoy use case to use clusterMaxRequests and clusterMaxConnections Signed-off-by: Liyi Huang <[email protected]> Signed-off-by: Tom Hadlaw <[email protected]>

exherb requested review from a team as code owners December 1, 2025 08:54

exherb requested review from gandro and mhofstetter December 1, 2025 08:54

This comment was marked as resolved.

Sign in to view

maintainer-s-little-helper bot added dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Dec 1, 2025

github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Dec 1, 2025

gandro approved these changes Dec 1, 2025

View reviewed changes

gandro added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/servicemesh GH issues or PRs regarding servicemesh labels Dec 1, 2025

maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 1, 2025

exherb force-pushed the main branch from 1d59397 to 8694792 Compare December 1, 2025 09:04

This comment was marked as resolved.

Sign in to view

exherb changed the title ~~envoy: Increase per cluster connections limit~~ envoy: Allow customize per cluster connections limit Dec 1, 2025

exherb force-pushed the main branch from 8694792 to db1a461 Compare December 1, 2025 09:05

This comment was marked as resolved.

Sign in to view

exherb force-pushed the main branch from db1a461 to a5cf9f7 Compare December 1, 2025 09:06

This comment was marked as resolved.

Sign in to view

exherb force-pushed the main branch from a5cf9f7 to f13860a Compare December 1, 2025 09:11

maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Dec 1, 2025

exherb force-pushed the main branch from f13860a to f2d34f4 Compare December 1, 2025 09:24

exherb force-pushed the main branch 3 times, most recently from 4036db7 to 134a51b Compare December 1, 2025 09:40

exherb force-pushed the main branch from de98a72 to b21ce66 Compare December 2, 2025 12:52

exherb force-pushed the main branch from b21ce66 to f208dba Compare December 2, 2025 13:47

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 2, 2025

mhofstetter approved these changes Dec 2, 2025

View reviewed changes

envoy: Allow customize per cluster connections / requests limit

dc0baeb

Signed-off-by: exherb <[email protected]>

exherb force-pushed the main branch from f208dba to dc0baeb Compare December 2, 2025 15:25

mhofstetter removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 2, 2025

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 2, 2025

julianwiedmann added this pull request to the merge queue Dec 3, 2025

Merged via the queue into cilium:main with commit 9728548 Dec 3, 2025
74 of 75 checks passed

exherb mentioned this pull request Dec 20, 2025

v1.18 Backports: envoy: Allow customize per cluster connections / requests limit #43455

Closed

youngnick mentioned this pull request Jan 23, 2026

CFP: Allow update of circuit breaker limits #43810

Closed

cilium-release-bot bot added this to cilium v1.19.0 Feb 3, 2026

cilium-release-bot bot moved this to Released in cilium v1.19.0 Feb 3, 2026

exherb mentioned this pull request Mar 20, 2026

feat(envoy): access log server, use worker to process #44904

Closed

7 tasks

Conversation

exherb commented Dec 1, 2025 • edited by aanm Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment was marked as resolved.

gandro left a comment

Choose a reason for hiding this comment

Uh oh!

gandro commented Dec 1, 2025

Uh oh!

This comment was marked as resolved.

This comment was marked as resolved.

This comment was marked as resolved.

exherb commented Dec 1, 2025

Uh oh!

gandro commented Dec 1, 2025

Uh oh!

gandro commented Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mhofstetter commented Dec 2, 2025

Uh oh!

mhofstetter commented Dec 2, 2025

Uh oh!

mhofstetter left a comment

Choose a reason for hiding this comment

Uh oh!

mhofstetter commented Dec 2, 2025

Uh oh!

exherb commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mhofstetter commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mhofstetter commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

exherb commented Dec 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

exherb commented Dec 1, 2025 •

edited by aanm

Loading

gandro commented Dec 1, 2025 •

edited

Loading

exherb commented Dec 2, 2025 •

edited

Loading

mhofstetter commented Dec 2, 2025 •

edited

Loading

mhofstetter commented Dec 2, 2025 •

edited

Loading