Users may experience intermittent connectivity failures for services fronted by Contour. Symptoms include:

• Intermittent connection resets at the container or application level.
• Log patterns indicating (Connection reset by peer) errors.
• Failures occur occasionally (e.g., once every few hours) and are only reproducible when traffic traverses the Contour/Envoy path.

2.x

The default Envoy connection-idle-timeout may be shorter than the keep-alive or idle settings of the downstream client or upstream application. When Envoy closes an idle connection that the client still believes is active, subsequent request attempts result in a reset.

Adjust the connection-idle-timeout within the Contour configuration to ensure connections are managed consistently.

1. Identify the Contour namespace (typically projectcontour or tanzu-system-ingress).

2. Edit the Contour ConfigMap:

   kubectl edit cm contour -n <namespace>

3. Locate the contour.yaml data section and append or update the timeouts block:

   data:
     contour.yaml: |
       timeouts:
         connection-idle-timeout: 60s

4. Save the changes. Contour will automatically detect the update and push the configuration to the Envoy fleet. 

    

This setting maps to Envoy’s common_http_protocol_options.idle_timeout.

If the issue persists, verify that the upstream application idle timeouts are not set significantly lower than the Envoy value.