-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROX-20122: set gRPC max concurrent streams to 100 #1287
Conversation
Images are ready for the commit at c923de3. To use the images, use the tag |
/test e2e-tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we make the 100
configurable via an env variable? So that we have a workaround in the event this causes issues.
@dcaravel Yes we could make it configurable. BTW since I'm not familiar with Scanner, do you know what the e2e failures are about? Can it be something that this PR caused? |
No not caused by this PR. TL;DR; our tests rely on external data / vuln feeds, when those feeds change our tests may break (like what your seeing) - I'll fix this particular failure in a different PR. |
FYI, #1288 has been merged, if bring in those changes here e2e tests should pass. |
Created #1289 so we can accept integer env vars |
also, I'm thinking we call it ROX_MAX_CONCURRENT_STREAMS. We should coordinate with whatever may be done for the stackrox repo, though |
604d1b2
to
1685e2d
Compare
@RTann I called it |
/test unit-tests |
1685e2d
to
678ead4
Compare
api/grpc/grpc.go
Outdated
) | ||
|
||
func maxGrpcConcurrentStreams() uint32 { | ||
if maxGrpcConcurrentStreamsSetting.Int() < 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though the gRPC library defaults this to math.MaxUint
when 0, the HTTP/2 library defaults it to at least 100 when 0. Can we also default it to 100?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you suggesting that I change < 0
to<= 0
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I missed that. I should do it also in stackrox.
api/grpc/grpc.go
Outdated
) | ||
|
||
func init() { | ||
grpcprometheus.EnableHandlingTimeHistogram() | ||
} | ||
|
||
var ( | ||
maxGrpcConcurrentStreamsSetting = env.RegisterIntegerSetting("ROX_GRPC_MAX_CONCURRENT_STREAMS", defaultGrpcMaxConcurrentStreams) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's put this in pkg/env/list.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
As part of the mitigation for cve-2023-44487, some projects have decided to reduce MaxConcurrentStreams to 100 (this is the minimum recommended value in the HTTP/2 standard - default is 250).
This PR applies this change to the Scanner gRPC server.