diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml index acd7cdbf7..ebca8de2f 100644 --- a/deployment/chainloop/Chart.yaml +++ b/deployment/chainloop/Chart.yaml @@ -4,7 +4,7 @@ description: Chainloop is an open source software supply chain control plane, a type: application # Bump the patch (not minor, not major) version on each change in the Chart Source code -version: 1.18.0 +version: 1.18.1 # Do not update appVersion, this is handled automatically by the release process appVersion: v0.19.1 diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md index 16202f09a..3d67aa19c 100644 --- a/deployment/chainloop/README.md +++ b/deployment/chainloop/README.md @@ -159,6 +159,19 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ ## How to guides +### CAS upload speeds are slow, what can I do? + +Chainloop uses gRPC streaming to perform artifact uploads. This method is susceptible to being very slow on high latency scenarios. [#375](https://github.com/chainloop-dev/chainloop/issues/375) + +To improve upload speeds, you need to increase [http2 flow control buffer](https://httpwg.org/specs/rfc7540.html#DisableFlowControl). This can be done in NGINX by setting the following annotation in the ingress resource. + +``` +# Improve upload speed by adding client buffering used by http2 control-flows +nginx.ingress.kubernetes.io/client-body-buffer-size: "3M" +``` + +Note: For other reverse proxies, you'll need to find the equivalent configuration. + ### Generate a ECDSA key-pair An ECDSA key-pair is required to perform authentication between the control-plane and the Artifact CAS diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml index 93add3428..a8656311f 100644 --- a/deployment/chainloop/values.yaml +++ b/deployment/chainloop/values.yaml @@ -634,6 +634,9 @@ cas: ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol ## Tell Nginx Ingress Controller to expect gRPC traffic nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + # Improve upload speed by adding client buffering used by http2 control-flows + # https://github.com/chainloop-dev/chainloop/issues/375 + nginx.ingress.kubernetes.io/client-body-buffer-size: "3M" ## @param cas.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`