vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
9105 commits 2 branches 62 tags 205 MiB
Commit graph

292 commits

Author SHA1 Message Date
Joseph Schorr
a1caefcabe
Merge pull request #3331 from thomasmckay/1286-nginx-names 
1286 - increase nginx server name length
 2019-01-15 15:30:35 -05:00
Kenny Lee Sin Cheong
bae3a47ee2
v1 registry flags for nginx server blocks (#3307) 2019-01-15 15:22:59 -05:00
Tom McKay
628bf07979 1286 - increase nginx server name length 2019-01-15 12:39:05 -05:00
Joseph Schorr
8a212728a3 Implement a worker for batch exporting of usage logs 
This will allow customers to request their usage logs for a repository or an entire namespace, and we can export the logs in a manner that doesn't absolutely destroy the database, with every step along the way timed.
 2018-12-18 15:33:03 -05:00
Joseph Schorr
eb7591183d Add a tag backfill worker to fully backfill the new-style Tag's in the background 2018-12-10 15:36:25 -05:00
Joseph Schorr
57e93a82c9 Remove manifest backfill worker 2018-12-10 15:36:25 -05:00
Joseph Schorr
aeceea0f97 Add a worker for backfilling labels on manifests that have already been backfilled 2018-09-26 14:55:14 -04:00
Joseph Schorr
d71201ac50 Forgot that we use proxy protocol for production, so we need a new block for v1.quay.io 2018-09-06 13:59:21 -04:00
Joseph Schorr
2439cc6327 Remove v1-staging from server_name 2018-09-06 13:50:19 -04:00
Joseph Schorr
109bda3a6a Add nginx configuration to serve our older SSL certificate from v1.quay.io and v1-staging.quay.io 
This will allow us to upgrade our cluster to the new SSL certificate, while still serving the older one for older clients
 2018-09-05 13:05:47 -04:00
Sam Chow
d58930095f Fix certs install script (again) 2018-08-23 13:33:57 -04:00
Sam Chow
ff294d6c52 Add init script to download extra ca certs 2018-08-17 15:42:42 -04:00
Joseph Schorr
f2d50b3f8e Add run commands for backfill worker 2018-08-13 14:56:32 -04:00
Brad Ison
662daf1351
Add config for nginx vhost-traffic-status module 2018-07-25 12:57:13 -04:00
Sam Chow
45853deef1
Merge pull request #3162 from quay/fix-config-app-certs-install 
Override config directory in certs install script in config app
 2018-07-18 17:23:50 -04:00
Joseph Schorr
2f297ab4fe Increase the rate limit on the API 2018-07-18 15:44:20 -04:00
Joseph Schorr
91e7b4264e Increase burst rate on API rate limit to allow security scan info to be loaded 2018-07-18 15:23:58 -04:00
Sam Chow
860703c2b2 Override config directory in certs install script in config app 2018-07-18 14:21:25 -04:00
Sam Chow
51ae1e03d4 Change cert install script to read from config dir 
Temporarily breaks the config app certs install, which will be fixed
later.
 2018-07-18 14:01:07 -04:00
Sam Chow
9024419896 Modify ldap validator to just check user existence 
Remove auth user check from updating config app config

remove duplicate certs install script
 2018-07-11 16:49:13 -04:00
Joseph Schorr
33a8099f35 Temporarily double the request limit. We'll start ratcheting it down over time. 2018-06-20 14:31:51 -04:00
Joseph Schorr
1d94e4d605 Audit out endpoints and ensure everything has a defined rate limit (even if quite large) 
For registry operations, these were the numbers found at time the PR was written:

download_blob 108 per second across fleet
v2_auth 180 per second across fleet
catalog 1 per second across fleet
fetch_manifest 205 per second across fleet
list_all_tags 150 per second across fleet

With an average fleet size of 25. As a result, we went with a registry limit of 10r/s (10 * 25 = 250 requests) to bound even the most prolific puller.

Fixes https://jira.coreos.com/browse/QUAY-976
 2018-06-20 13:36:24 -04:00
Joseph Schorr
ef167ab7e3 Rate limit the catalog endpoint by auth token and IP address 2018-06-05 18:24:31 -04:00
Jimmy Zelinskie
e542de7e65 nginx: temporarily disable catalog for production 2018-06-05 16:06:10 -04:00
josephschorr
7722721396
Merge pull request #3064 from quay/joseph.schorr/QUAY-928/fix-worker-count 
Fix worker count to  use CPU affinity correctly and be properly bounded
 2018-05-07 20:45:26 +03:00
Joseph Schorr
b26a131085 Fix worker count to use CPU affinity correctly and be properly bounded 
We were using the `cpu_count`, which doesn't respect container affinity. Now, we use `cpu_affinity` and also bound to make sure we don't start a million workers

Fixes https://jira.coreos.com/browse/QUAY-928
 2018-05-03 11:57:20 +03:00
Joseph Schorr
e20295f573 Fix Kubernetes config provider for recent changes in Kub API 
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API

Fixes https://jira.coreos.com/browse/QUAY-911
 2018-04-22 17:22:28 +03:00
Joseph Schorr
ab0172d2fd Switch Quay to using an in-container memcached for data model caching 2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous 
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
 2018-02-27 13:12:51 -05:00
Joseph Schorr
d45161b120 Add a worker to automatically GC expired app specific tokens 
Fixes https://jira.coreos.com/browse/QUAY-822
 2018-02-12 14:56:01 -05:00
josephschorr
ccef3bffe9
Merge pull request #2978 from coreos-inc/joseph.schorr/QS-117/gunicorn-worker-count 
Make gunicorn worker count scale automatically and be configurable
 2018-02-02 13:46:17 -05:00
Joseph Schorr
da9b05fa4a Remove syslog check lines from all services 2018-02-02 13:38:25 -05:00
Joseph Schorr
0f49d787eb Fix syslog for updated phusion base image 
Syslog is now started outside of the normal init process
 2018-02-02 10:52:18 -05:00
Joseph Schorr
4cd3d110db Make gunicorn worker count scale automatically and be configurable 
Fixes https://jira.coreos.com/browse/QS-117
 2018-02-02 10:34:19 -05:00
Joseph Schorr
9f996a8745 Change worker processes to be auto set based on CPU count 
Fixes https://jira.coreos.com/browse/QS-109
 2018-01-10 11:10:57 -05:00
Joseph Schorr
6de96ee8a5 Fix the custom cert install process to install to the new certifi location, in addition to the old location 
Also updates our requirements around requests
 2017-12-15 17:26:44 -05:00
Jimmy Zelinskie
e36bf25a5e nginx: rate limit 1r/s 
This reduces our rate limiting down to to 1 request per second.
 2017-12-13 13:15:32 -05:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
05b4a7d457 Add worker to update ipresolver data files every few hours 2017-09-28 14:40:59 -04:00
Joseph Schorr
ed897c7cb0 Change OIDC engine to not be federated 
We don't need linking, just the ability to perform lookup
 2017-09-12 12:26:41 -04:00
Joseph Schorr
bd67eaf856 Make SSL more resilient and cached 2017-09-05 18:02:07 -04:00
Alec Merdler
ae9bd8b727 Merge pull request #2837 from alecmerdler/QUAY-755 
Fix 502 Error Page
 2017-07-28 12:30:02 -04:00
Alec Merdler
fb7df1e568 fixed 502 route in Nginx config 2017-07-27 14:45:18 -04:00
Jake Moshenko
572eeca8f5 Split the runit services into interactive and batch categories. 2017-07-27 14:30:45 -04:00
Joseph Schorr
be62ede87c Pass DB connection pooling arg 2017-07-27 14:22:44 -04:00
Joseph Schorr
f79542fefb Enable connection pooling in the registry 2017-07-27 14:00:23 -04:00
josephschorr
78652de3ee Merge pull request #2766 from coreos-inc/joseph.schorr/QUAY-634/buildlogsarchiver-data-interface 
Change buildlogsarchiver to use a data model interface
 2017-07-19 16:40:05 -04:00
josephschorr
9bd4cee029 Merge pull request #2765 from coreos-inc/joseph.schorr/QUAY-629/globalprom-data-interface 
Switch globalpromstats worker to use a data interface
 2017-07-19 16:39:36 -04:00
Erica
6576965647 Merge pull request #2780 from coreos-inc/FIX-teamsync-logger 
fix(init/service/teamsyncworker/log/run): log correct worker
 2017-07-12 23:38:44 -04:00
josephschorr
fdb21aa5dc Merge pull request #2777 from coreos-inc/joseph.schorr/QUAY-618/notificationworker-data-interface 
Change notificationworker to use data interface
 2017-07-13 00:23:15 +03:00