After switch to Go's http/server, the peer address comes wrapped, so use
a different method to unwrap it.
The tests haven't caught that, as they were using gRPC's server, so
switch tests to use same approach as production, ans enable HTTP/2 over
TLS, as otherwise h2c is a mess, and it doesn't abort connections
properly for test purposes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support certificate reload on the fly.
Slice version to just `vX.Y` in the metrics.
Bump IP-based limits.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
As Discovery Service handles lots of connections with relatively low
traffic on each connection, lower the buffer size and re-use the
read/write buffers.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
On a best-effort basis, store the state on the disk periodically and on shutdown & restore it from the disk on startup.
Additionally, bump Go version, deps & rekres.
Closessiderolabs/discovery-service#54.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Update removing multiple old middlewares, rework
the way data is passed through the context, logging fields, etc.
Fix minimum keepalive interval enforcement.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
No real functional changes, some small cleanups, using generic
functions, refactoring some code.
Use the actual address instead of string for the IP rate limiter
(smaller map key).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows to launch discovery service with a flag like
`--redirect-endpoint=example.com:443`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
enforce rate limits and a maximum burst size per IP address
Signed-off-by: Philipp Sauter <sauterp@protonmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
- Added additional interceptors function to log the address
- Tests to cover the client IP address case
Signed-off-by: Rohit Dandamudi <rohit.dandamudi@siderolabs.com>
Do not store versions like `v0.14.0-alpha.0-7-gf7d9f211-dirty` to avoid
a combinatorial explosion in Prometheus.
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@talos-systems.com>
Fixes#6
This wrapper handles protobuf marshaling, encryption, etc. on the client
data so that service doesn't have a way to see the data.
Client handles data refresh on TTL, updates, discovery of other
affiliates, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5
Batch watch responses in a single batch so that client can quickly know
that initial snapshot got delivered.
Bump go.mod deps.
Implement more limits.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
