istio-proxy closing long running TCP connection after 1 hour

If you use istio version higher than 1.7 you might try use envoy filter to make it work. There is answer and example on github provided by @ryant1986.

We ran into the same problem on 1.7, but we noticed that the ISTIO_META_IDLE_TIMEOUT setting was only getting picked up on the OUTBOUND side of things, not the INBOUND. By adding an additional filter that applied to the INBOUND side of the request, we were able to successfully increase the timeout (we used 24 hours)

apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:  name: listener-timeout-tcp  namespace: istio-systemspec:  configPatches:  - applyTo: NETWORK_FILTER    match:      context: SIDECAR_INBOUND      listener:        filterChain:          filter:            name: envoy.filters.network.tcp_proxy    patch:      operation: MERGE      value:        name: envoy.filters.network.tcp_proxy        typed_config:          '@type': type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy          idle_timeout: 24h

We also created a similar filter to apply to the passthrough cluster (so that timeouts still apply to external traffic that we don't have service entries for), since the config wasn't being picked up there either.

for ingress gateway, we use env.ISTIO_META_IDLE_TIMEOUT to set the idle-timeout for TCP or HTTP protocol.for sidecar, you can use the similar envoyfilter (listener-timeout-tcp) to configure INBOUND direction or OUTBOUND direction.