mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2025-12-23 06:15:42 +00:00
Code Issues Releases Wiki Activity

Update proxy resources, increase ssl handshake timeout (#2819)

Browse Source
This commit is contained in:
Pavlo Tkach
2025-09-05 14:09:55 -04:00
committed by GitHub
parent 77ab80f3dc
commit 6bbd7a2290
9 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jetty/kubernetes/nomulus-frontend.yaml
View File

@@ -99,7 +99,7 @@ spec:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
name: frontend name: frontend
minReplicas: 8 minReplicas: 12
maxReplicas: 16 maxReplicas: 16
metrics: metrics:
- type: Resource - type: Resource

1
networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java
View File

@@ -119,6 +119,7 @@ public class SslClientInitializer<C extends Channel> extends ChannelInitializer<
sslContextBuilder sslContextBuilder
.build() .build()
.newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel)); .newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel));
sslHandler.setHandshakeTimeoutMillis(20000);
// Enable hostname verification. // Enable hostname verification.
SSLEngine sslEngine = sslHandler.engine(); SSLEngine sslEngine = sslHandler.engine();

2
networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
View File

@@ -139,6 +139,8 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
logger.atInfo().log("Available Cipher Suites: %s", sslContext.cipherSuites()); logger.atInfo().log("Available Cipher Suites: %s", sslContext.cipherSuites());
SslHandler sslHandler = sslContext.newHandler(channel.alloc()); SslHandler sslHandler = sslContext.newHandler(channel.alloc());
sslHandler.setHandshakeTimeoutMillis(20000);
if (requireClientCert) { if (requireClientCert) {
Promise<X509Certificate> clientCertificatePromise = channel.eventLoop().newPromise(); Promise<X509Certificate> clientCertificatePromise = channel.eventLoop().newPromise();
Future<Channel> unusedFuture = Future<Channel> unusedFuture =

1
proxy/deploy-proxy-for-env.sh
View File

@@ -31,7 +31,6 @@ do
echo "Updating cluster ${parts[0]} in zone ${parts[1]}..." echo "Updating cluster ${parts[0]} in zone ${parts[1]}..."
gcloud container clusters get-credentials "${parts[0]}" \ gcloud container clusters get-credentials "${parts[0]}" \
--project "${project}" --zone "${parts[1]}" --project "${project}" --zone "${parts[1]}"
kubectl apply -f "./kubernetes/proxy-limit-range.yaml" --force
sed s/GCP_PROJECT/${project}/g "./kubernetes/proxy-deployment-${environment}.yaml" | \ sed s/GCP_PROJECT/${project}/g "./kubernetes/proxy-deployment-${environment}.yaml" | \
kubectl apply -f - kubectl apply -f -
kubectl apply -f "./kubernetes/proxy-service.yaml" --force kubectl apply -f "./kubernetes/proxy-service.yaml" --force

7
proxy/kubernetes/proxy-deployment-production-canary.yaml
View File

@@ -33,6 +33,13 @@ spec:
port: health-check port: health-check
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 20 periodSeconds: 20
resources:
requests:
cpu: "400m"
memory: "350Mi"
limits:
cpu: "600m"
memory: "512Mi"
imagePullPolicy: Always imagePullPolicy: Always
args: ["--env", "production_canary"] args: ["--env", "production_canary"]
env: env:

7
proxy/kubernetes/proxy-deployment-production.yaml
View File

@@ -33,6 +33,13 @@ spec:
port: health-check port: health-check
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 20 periodSeconds: 20
resources:
requests:
cpu: "400m"
memory: "350Mi"
limits:
cpu: "600m"
memory: "512Mi"
imagePullPolicy: Always imagePullPolicy: Always
args: ["--env", "production"] args: ["--env", "production"]
env: env:

7
proxy/kubernetes/proxy-deployment-sandbox-canary.yaml
View File

@@ -33,6 +33,13 @@ spec:
port: health-check port: health-check
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 20 periodSeconds: 20
resources:
requests:
cpu: "400m"
memory: "350Mi"
limits:
cpu: "600m"
memory: "512Mi"
imagePullPolicy: Always imagePullPolicy: Always
args: ["--env", "sandbox_canary", "--log"] args: ["--env", "sandbox_canary", "--log"]
env: env:

7
proxy/kubernetes/proxy-deployment-sandbox.yaml
View File

@@ -33,6 +33,13 @@ spec:
port: health-check port: health-check
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 20 periodSeconds: 20
resources:
requests:
cpu: "400m"
memory: "350Mi"
limits:
cpu: "600m"
memory: "512Mi"
imagePullPolicy: Always imagePullPolicy: Always
args: ["--env", "sandbox", "--log"] args: ["--env", "sandbox", "--log"]
env: env:

14
proxy/kubernetes/proxy-limit-range.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: LimitRange
metadata:
name: resource-limits
namespace: default
spec:
limits:
- type: Container
default:
cpu: "600m"
memory: "512Mi"
defaultRequest:
cpu: "400m"
memory: "350Mi"