Conncetiion, ConcurrentRequests, PendingRequest limits

[LakshmiNarayananDesikan]

Description

Testing & Reproduction steps

Links

PR Checklist

• updated test coverage
• external facing docs updated
• appropriate backport labels added
• not a security concern

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.

• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

• If applicable, I've documented the impact of any changes to security controls.

  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

[sreeram77]

snap can also be nil.

[LakshmiNarayananDesikan]

Snap is initialized with defaults, It can not be nil

[sreeram77]

In the scope of this method, it can be nil. If we call this method somewhere else and that passes nil, there will be a panic.

[anandmukul93]

it will not be nil, all handling is initialized after snapshot is initialized in the lifecycle handled by a proxycfg , manager. This comment can be ignored.

[sreeram77]

In the scope of this method, it can be nil. If we call this method somewhere else and that passes nil, there will be a panic.

[anandmukul93]

why do we need 2 loops one for merging limits . another for config . can we have duplicate upstreams which are already generated in api_gateway.go .

readyListeners is prepared/populated in the API gateway proxycfg pipeline (proxycfg/api_gateway.go) and then consumed later in cluster construction.

So in the clusters.go loop:

• it is iterating over a structure already assembled upstream in api_gateway.go,
• each readyListener carries the resolved/attached upstreams for that listener,
• cluster generation is using that prepared state rather than discovering listeners/upstreams itself.

my intuition says: if limits were already fully merged into the listener/upstream state in api_gateway.go, then clusters.go should only need to read/apply them (unless it has extra cluster-stage merge precedence).

upstream is created at service name level and uid here is created for cluster naming. Can you check the difference and reduce the merge here .

[LakshmiNarayananDesikan]

readyListeners is intentionally route/listener is built for listener-level xDS assembly, not for unique upstream identity, so duplicates by upstream UID are expected.
cluster stage must remove duplicates and keep one final item per UID and apply merged limit precedence.

[anandmukul93]

it will not be nil, all handling is initialized after snapshot is initialized in the lifecycle handled by a proxycfg , manager. This comment can be ignored.

[anandmukul93]

why do we need 2 loops one for merging limits . another for config . can we have duplicate upstreams which are already generated in api_gateway.go .

readyListeners is prepared/populated in the API gateway proxycfg pipeline (proxycfg/api_gateway.go) and then consumed later in cluster construction.

So in the clusters.go loop:

• it is iterating over a structure already assembled upstream in api_gateway.go,
• each readyListener carries the resolved/attached upstreams for that listener,
• cluster generation is using that prepared state rather than discovering listeners/upstreams itself.

my intuition says: if limits were already fully merged into the listener/upstream state in api_gateway.go, then clusters.go should only need to read/apply them (unless it has extra cluster-stage merge precedence).

upstream is created at service name level and uid here is created for cluster naming. Can you check the difference and reduce the merge here .