From 30ce22ae31b09ff5eb2723d93e6d43cc026cd0c5 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Mon, 9 Oct 2023 15:35:05 +0200 Subject: [PATCH] fix(cas): improve upload speeds Signed-off-by: Miguel Martinez Trivino --- deployment/chainloop/Chart.yaml | 2 +- deployment/chainloop/README.md | 13 +++++++++++++ deployment/chainloop/values.yaml | 3 +++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml index acd7cdbf7..ebca8de2f 100644 --- a/deployment/chainloop/Chart.yaml +++ b/deployment/chainloop/Chart.yaml @@ -4,7 +4,7 @@ description: Chainloop is an open source software supply chain control plane, a type: application # Bump the patch (not minor, not major) version on each change in the Chart Source code -version: 1.18.0 +version: 1.18.1 # Do not update appVersion, this is handled automatically by the release process appVersion: v0.19.1 diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md index 16202f09a..3d67aa19c 100644 --- a/deployment/chainloop/README.md +++ b/deployment/chainloop/README.md @@ -159,6 +159,19 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ ## How to guides +### CAS upload speeds are slow, what can I do? + +Chainloop uses gRPC streaming to perform artifact uploads. This method is susceptible to being very slow on high latency scenarios. [#375](https://github.com/chainloop-dev/chainloop/issues/375) + +To improve upload speeds, you need to increase [http2 flow control buffer](https://httpwg.org/specs/rfc7540.html#DisableFlowControl). This can be done in NGINX by setting the following annotation in the ingress resource. + +``` +# Improve upload speed by adding client buffering used by http2 control-flows +nginx.ingress.kubernetes.io/client-body-buffer-size: "3M" +``` + +Note: For other reverse proxies, you'll need to find the equivalent configuration. + ### Generate a ECDSA key-pair An ECDSA key-pair is required to perform authentication between the control-plane and the Artifact CAS diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml index 93add3428..a8656311f 100644 --- a/deployment/chainloop/values.yaml +++ b/deployment/chainloop/values.yaml @@ -634,6 +634,9 @@ cas: ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol ## Tell Nginx Ingress Controller to expect gRPC traffic nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + # Improve upload speed by adding client buffering used by http2 control-flows + # https://github.com/chainloop-dev/chainloop/issues/375 + nginx.ingress.kubernetes.io/client-body-buffer-size: "3M" ## @param cas.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`