remote: disable http2 for transports by default #799
Conversation
Image pushes are seemingly bottlenecked on http2 flow control that isn't tunable at the moment. Found through moby/buildkit#1420.
pkg/v1/remote/options.go
Outdated
|
|
||
| "github.com/google/go-containerregistry/pkg/authn" | ||
| "github.com/google/go-containerregistry/pkg/logs" | ||
| v1 "github.com/google/go-containerregistry/pkg/v1" | ||
| "github.com/google/go-containerregistry/pkg/v1/remote/transport" | ||
| ) | ||
|
|
||
| // DefaultTransport is a an extension of the default net/http DefaultTransport with http2 disabled. | ||
| // According to moby/buildkit#1420, net/http lack of tunable flow control prevents full throughput on push. | ||
| var DefaultTransport = &http.Transport{ |
There was a problem hiding this comment.
I'm hesitant to just expose this as a global. In buildkit it looks like they create a new one of these whenever it's needed, so I'm worried that this isn't safe to reuse.
There was a problem hiding this comment.
Yeah, I found that odd since the net/http one is a statically defined like here. Happy to switch it up.
There was a problem hiding this comment.
Let's add a DefaultTransport function to pkg/internal that returns a new one of these (like they do in buildkit) and use that instead of this global. I don't want to commit to exposing this as a public API, and I assume they're constructing a new one each time for a good reason.
There was a problem hiding this comment.
I guess that won't work for cmd/crane/cmd/root.go but I think it's fine to just copy a private implementation into that package for now.
There was a problem hiding this comment.
Cool, added to both cmd/crane and pkg/internal/net (honestly not sure what to call it, I didn't want to shadow pkg/v1/remote/transport).
There was a problem hiding this comment.
honestly not sure what to call it
net's fine -- internal names don't matter to much.
`crane` has a copy for now.
|
Tests are failing unexpectedly, idk if it's related to jason's recent change @imjasonh |
|
Nope, it's related to my change. I don't feel great about 88e4334, but I'm unsure if gcrane deserves a deeper refactor to support arbitrary options. |
|
With the move to Duplicate code to copy the default transport to pusher.go is pretty minimal, but just figured I'd bring it up. Maybe worth a |
Codecov Report
@@ Coverage Diff @@
## master #799 +/- ##
=======================================
Coverage 75.60% 75.60%
=======================================
Files 102 102
Lines 4185 4185
=======================================
Hits 3164 3164
Misses 566 566
Partials 455 455
Continue to review full report at Codecov.
|
Oh yeah what a pain. Have you confirmed at all if this is a quay-specific thing? If so we can just ignore gcrane and google transport stuff (for now?).
I would prefer this if adding
I'm in a weird spot where I don't entirely understand the problem being fixed or even the solution. This seems like something that a golang release might eventually fix, so I'm really reluctant to add a public API to do something that will hopefully be rendered unnecessary in the future. Ideally there'd be a separate "betterhttp.DefaultTransport" thing that we could import to fix various issues with http.DefaultTransport that handled different golang versions, but I haven't come across one... tl;dr I am selfish and don't want to maintain things I don't understand, so I'd prefer just copying this around everywhere even though it's probably more burdensome in aggregate :) |
Yeah, doesn't appear to be the case for gcr.io.
Yeah, I'm in a similar boat. My current understanding is that http2 requires that the server tell the client when and how much buffer size is available to accept the image data and if the server does not advertise adequate buffer size the upload can be throttled on the bidirectional communication. Apparently the initial might be configurable on the client, but not in golang. So gcr advertises 360k (byte?) buffers where quay only has 16k: For what it's worth, we have a workaround internally for pushing to quay and I can reach out to their support team and see if this is something for them to adjust. |
|
Given that this seemingly only affects quay, and that you have a workaround, I am somewhat reluctant to merge (most of) this. Others should be able to similarly work around this by just passing an appropriate transport through to I'd be fine with keeping the changes in https://github.com/google/go-containerregistry/pull/799/files#diff-04d49325bf28b04678340481ee8de048890fc2fa5701460121459ada4b0d3081 because anyone using On the other hand, I understand that any consumers of this package will see confusingly slow uploads to quay with no indication that they should be doing this... so I'm kind of torn. Of course I'm biased because I don't use quay, and if this was affecting a google registry I would be more inclined to merge it. Let me know if you hear back from quay support. Ideally, they could just fix this on their end. |
|
They ended up redirecting me back to the public mailing list so if you'd like to follow along: https://groups.google.com/g/quay-sig/c/lnJ4MAj8YZE. I'll put this on pause for now and revisit it if they have an answer in the next few days. Thanks for the help / responding quickly! |
|
Thank you! |
|
FWIW this seems like a reasonable hack to work around this:
|
Image pushes are seemingly bottlenecked on http2 flow control that isn't tunable at the moment. Found through moby/buildkit#1420.
This is causing some slowness pushing images from rules_docker.
Bit of contrived example, but the following Dockerfile pushing to quay.io (and this might actually be quay-specific?):