If discovery service storage is not enabled, we were still wrongly registering it as prometheus metrics collector, because the nil check was done against the interface. It had to be done on the concrete type instead.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
After switch to Go's http/server, the peer address comes wrapped, so use
a different method to unwrap it.
The tests haven't caught that, as they were using gRPC's server, so
switch tests to use same approach as production, ans enable HTTP/2 over
TLS, as otherwise h2c is a mess, and it doesn't abort connections
properly for test purposes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support certificate reload on the fly.
Slice version to just `vX.Y` in the metrics.
Bump IP-based limits.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When importing clusters from a file, grow the used buffer to the correct size of the next cluster, so that it does not panic when unmarshaling it.
Handle panics on the storage's save & load, so that it will never crash the discovery service when it fails.
Additionally:
- fix the slice growing logic when exporting clusters so that we avoid over-growing the slices for the affiliates and the endpoints.
- modify the storage tests to use the real state instead of a mock, replace the assertions to ignore the order accordingly.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
As Discovery Service handles lots of connections with relatively low
traffic on each connection, lower the buffer size and re-use the
read/write buffers.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This should lower memory consumption because HashTrieMap doesn't use any and doesn't have double maps.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
On a best-effort basis, store the state on the disk periodically and on shutdown & restore it from the disk on startup.
Additionally, bump Go version, deps & rekres.
Closessiderolabs/discovery-service#54.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Update removing multiple old middlewares, rework
the way data is passed through the context, logging fields, etc.
Fix minimum keepalive interval enforcement.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
No real functional changes, some small cleanups, using generic
functions, refactoring some code.
Use the actual address instead of string for the IP rate limiter
(smaller map key).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows to launch discovery service with a flag like
`--redirect-endpoint=example.com:443`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
enforce rate limits and a maximum burst size per IP address
Signed-off-by: Philipp Sauter <sauterp@protonmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
- Added additional interceptors function to log the address
- Tests to cover the client IP address case
Signed-off-by: Rohit Dandamudi <rohit.dandamudi@siderolabs.com>
Do not store versions like `v0.14.0-alpha.0-7-gf7d9f211-dirty` to avoid
a combinatorial explosion in Prometheus.
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@talos-systems.com>
This addresses a pretty race case when cluster GC runs while the cluster
just got created without any affiliates, but with a subscription.
Client first watches cluster state, then adds an affiliate, so there
might be a case when GC runs and sees a fresh cluster without any
affiliates and GCes it.
This also fixes test instability.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
I somehow assumes AES block size is equal to key size (32 bytes), but
that is not the fact. AES block size is always 16 bytes, so for IPv6
endpoints (and longer endpoints in general) we have to encrypt every
block.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6
This wrapper handles protobuf marshaling, encryption, etc. on the client
data so that service doesn't have a way to see the data.
Client handles data refresh on TTL, updates, discovery of other
affiliates, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5
Batch watch responses in a single batch so that client can quickly know
that initial snapshot got delivered.
Bump go.mod deps.
Implement more limits.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
