From 6361a630c4553d80dd9d21bb12f7c3034c8113b4 Mon Sep 17 00:00:00 2001 From: Vlad Bologa Date: Fri, 13 Oct 2023 19:49:01 +0200 Subject: [PATCH] ROX-20122: set gRPC max concurrent streams to 100 (#1287) --- api/grpc/grpc.go | 14 +++++++++++++- pkg/env/list.go | 8 ++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/api/grpc/grpc.go b/api/grpc/grpc.go index 48d7b54ab..53c169089 100644 --- a/api/grpc/grpc.go +++ b/api/grpc/grpc.go @@ -13,6 +13,7 @@ import ( grpcprometheus "github.com/grpc-ecosystem/go-grpc-prometheus" "github.com/grpc-ecosystem/grpc-gateway/runtime" log "github.com/sirupsen/logrus" + "github.com/stackrox/scanner/pkg/env" "github.com/stackrox/scanner/pkg/mtls" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" @@ -26,6 +27,14 @@ func init() { grpcprometheus.EnableHandlingTimeHistogram() } +func maxGrpcConcurrentStreams() uint32 { + if env.MaxGrpcConcurrentStreams.Int() <= 0 { + return env.DefaultMaxGrpcConcurrentStreams + } + + return uint32(env.MaxGrpcConcurrentStreams.Int()) +} + // NewAPI creates a new gRPC API instantiation func NewAPI(opts ...ConfigOpts) API { var config Config @@ -60,7 +69,10 @@ func (a *apiImpl) connectToLocalEndpoint() (*grpc.ClientConn, error) { } func (a *apiImpl) Start() { - grpcServer := grpc.NewServer(grpc.ChainUnaryInterceptor(a.config.UnaryInterceptors...)) + grpcServer := grpc.NewServer( + grpc.ChainUnaryInterceptor(a.config.UnaryInterceptors...), + grpc.MaxConcurrentStreams(maxGrpcConcurrentStreams()), + ) for _, serv := range a.apiServices { serv.RegisterServiceServer(grpcServer) } diff --git a/pkg/env/list.go b/pkg/env/list.go index 416fa6c95..0bef5feb1 100644 --- a/pkg/env/list.go +++ b/pkg/env/list.go @@ -2,6 +2,11 @@ package env import "time" +const ( + // DefaultMaxGrpcConcurrentStreams is the minimum value for concurrent streams recommended by the HTTP/2 spec + DefaultMaxGrpcConcurrentStreams = 100 +) + var ( // LanguageVulns enables language vulnerabilities. LanguageVulns = RegisterBooleanSetting("ROX_LANGUAGE_VULNS", true, AllowWithoutRox()) @@ -38,4 +43,7 @@ var ( // ActiveVulnMgmt is the same flag in Central that determines if active vulnerability management should be // enabled and executables should be pulled from the database ActiveVulnMgmt = RegisterBooleanSetting("ROX_ACTIVE_VULN_MGMT", false) + + // MaxGrpcConcurrentStreams configures the maximum number of HTTP/2 streams to use with gRPC + MaxGrpcConcurrentStreams = RegisterIntegerSetting("ROX_GRPC_MAX_CONCURRENT_STREAMS", DefaultMaxGrpcConcurrentStreams) )