From b4c2195eef0bf25c12dccab141db6c5a85952fdb Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Thu, 17 Sep 2020 22:25:09 +0100
Subject: [PATCH] Add EnvoyFilter to enable tcp keepalive for all Ingress
 Envoys

---
 charts/kubezero-istio/Chart.yaml              |  2 +-
 charts/kubezero-istio/README.md               |  2 +-
 .../kubezero-istio/templates/envoyfilter.yaml | 68 +++++++++++++++++++
 3 files changed, 70 insertions(+), 2 deletions(-)
 create mode 100644 charts/kubezero-istio/templates/envoyfilter.yaml

diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml
index 22dbe8d..a31a4cb 100644
--- a/charts/kubezero-istio/Chart.yaml
+++ b/charts/kubezero-istio/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.3.2
+version: 0.3.3
 appVersion: 1.7.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md
index b3ac36e..cf39c80 100644
--- a/charts/kubezero-istio/README.md
+++ b/charts/kubezero-istio/README.md
@@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
 Installs Istio Operator and KubeZero Istio profile
 
 
-Current chart version is `0.3.0`
+Current chart version is `0.3.3`
 
 Source code can be found [here](https://kubezero.com)
 
diff --git a/charts/kubezero-istio/templates/envoyfilter.yaml b/charts/kubezero-istio/templates/envoyfilter.yaml
new file mode 100644
index 0000000..3351376
--- /dev/null
+++ b/charts/kubezero-istio/templates/envoyfilter.yaml
@@ -0,0 +1,68 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: ingressgateway-listener-tcp-keepalive
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: ingressgateway
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        socket_options:
+          # SOL_SOCKET = 1
+          # SO_KEEPALIVE = 9
+          - level: 1
+            name: 9
+            int_value: 1
+            state: STATE_LISTENING
+          # IPPROTO_TCP = 6
+          # TCP_KEEPIDLE = 4
+          - level: 6
+            name: 4
+            int_value: 60
+            state: STATE_LISTENING
+          # TCP_KEEPINTVL = 5
+          - level: 6
+            name: 5
+            int_value: 60
+            state: STATE_LISTENING
+
+{{- if .Values.ingress.private.enabled }}
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: private-ingressgateway-listener-tcp-keepalive
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: private-ingressgateway
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        socket_options:
+          # SOL_SOCKET = 1
+          # SO_KEEPALIVE = 9
+          - level: 1
+            name: 9
+            int_value: 1
+            state: STATE_LISTENING
+          # IPPROTO_TCP = 6
+          # TCP_KEEPIDLE = 4
+          - level: 6
+            name: 4
+            int_value: 60
+            state: STATE_LISTENING
+          # TCP_KEEPINTVL = 5
+          - level: 6
+            name: 5
+            int_value: 60
+            state: STATE_LISTENING
+{{- end }}