Joseph Schorr
8a212728a3
Implement a worker for batch exporting of usage logs
...
This will allow customers to request their usage logs for a repository or an entire namespace, and we can export the logs in a manner that doesn't absolutely destroy the database, with every step along the way timed.
2018-12-18 15:33:03 -05:00
Joseph Schorr
eb7591183d
Add a tag backfill worker to fully backfill the new-style Tag's in the background
2018-12-10 15:36:25 -05:00
Joseph Schorr
57e93a82c9
Remove manifest backfill worker
2018-12-10 15:36:25 -05:00
Joseph Schorr
aeceea0f97
Add a worker for backfilling labels on manifests that have already been backfilled
2018-09-26 14:55:14 -04:00
Joseph Schorr
d71201ac50
Forgot that we use proxy protocol for production, so we need a new block for v1.quay.io
2018-09-06 13:59:21 -04:00
Joseph Schorr
2439cc6327
Remove v1-staging from server_name
2018-09-06 13:50:19 -04:00
Joseph Schorr
109bda3a6a
Add nginx configuration to serve our older SSL certificate from v1.quay.io and v1-staging.quay.io
...
This will allow us to upgrade our cluster to the new SSL certificate, while still serving the older one for older clients
2018-09-05 13:05:47 -04:00
Sam Chow
d58930095f
Fix certs install script (again)
2018-08-23 13:33:57 -04:00
Sam Chow
ff294d6c52
Add init script to download extra ca certs
2018-08-17 15:42:42 -04:00
Joseph Schorr
f2d50b3f8e
Add run commands for backfill worker
2018-08-13 14:56:32 -04:00
Brad Ison
662daf1351
Add config for nginx vhost-traffic-status module
2018-07-25 12:57:13 -04:00
Sam Chow
45853deef1
Merge pull request #3162 from quay/fix-config-app-certs-install
...
Override config directory in certs install script in config app
2018-07-18 17:23:50 -04:00
Joseph Schorr
2f297ab4fe
Increase the rate limit on the API
2018-07-18 15:44:20 -04:00
Joseph Schorr
91e7b4264e
Increase burst rate on API rate limit to allow security scan info to be loaded
2018-07-18 15:23:58 -04:00
Sam Chow
860703c2b2
Override config directory in certs install script in config app
2018-07-18 14:21:25 -04:00
Sam Chow
51ae1e03d4
Change cert install script to read from config dir
...
Temporarily breaks the config app certs install, which will be fixed
later.
2018-07-18 14:01:07 -04:00
Sam Chow
9024419896
Modify ldap validator to just check user existence
...
Remove auth user check from updating config app config
remove duplicate certs install script
2018-07-11 16:49:13 -04:00
Joseph Schorr
33a8099f35
Temporarily double the request limit. We'll start ratcheting it down over time.
2018-06-20 14:31:51 -04:00
Joseph Schorr
1d94e4d605
Audit out endpoints and ensure everything has a defined rate limit (even if quite large)
...
For registry operations, these were the numbers found at time the PR was written:
download_blob 108 per second across fleet
v2_auth 180 per second across fleet
catalog 1 per second across fleet
fetch_manifest 205 per second across fleet
list_all_tags 150 per second across fleet
With an average fleet size of 25. As a result, we went with a registry limit of 10r/s (10 * 25 = 250 requests) to bound even the most prolific puller.
Fixes https://jira.coreos.com/browse/QUAY-976
2018-06-20 13:36:24 -04:00
Joseph Schorr
ef167ab7e3
Rate limit the catalog endpoint by auth token and IP address
2018-06-05 18:24:31 -04:00
Jimmy Zelinskie
e542de7e65
nginx: temporarily disable catalog for production
2018-06-05 16:06:10 -04:00
josephschorr
7722721396
Merge pull request #3064 from quay/joseph.schorr/QUAY-928/fix-worker-count
...
Fix worker count to use CPU affinity correctly and be properly bounded
2018-05-07 20:45:26 +03:00
Joseph Schorr
b26a131085
Fix worker count to use CPU affinity correctly and be properly bounded
...
We were using the `cpu_count`, which doesn't respect container affinity. Now, we use `cpu_affinity` and also bound to make sure we don't start a million workers
Fixes https://jira.coreos.com/browse/QUAY-928
2018-05-03 11:57:20 +03:00
Joseph Schorr
e20295f573
Fix Kubernetes config provider for recent changes in Kub API
...
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API
Fixes https://jira.coreos.com/browse/QUAY-911
2018-04-22 17:22:28 +03:00
Joseph Schorr
ab0172d2fd
Switch Quay to using an in-container memcached for data model caching
2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676
Make namespace deletion asynchronous
...
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.
Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Joseph Schorr
d45161b120
Add a worker to automatically GC expired app specific tokens
...
Fixes https://jira.coreos.com/browse/QUAY-822
2018-02-12 14:56:01 -05:00
josephschorr
ccef3bffe9
Merge pull request #2978 from coreos-inc/joseph.schorr/QS-117/gunicorn-worker-count
...
Make gunicorn worker count scale automatically and be configurable
2018-02-02 13:46:17 -05:00
Joseph Schorr
da9b05fa4a
Remove syslog check lines from all services
2018-02-02 13:38:25 -05:00
Joseph Schorr
0f49d787eb
Fix syslog for updated phusion base image
...
Syslog is now started outside of the normal init process
2018-02-02 10:52:18 -05:00
Joseph Schorr
4cd3d110db
Make gunicorn worker count scale automatically and be configurable
...
Fixes https://jira.coreos.com/browse/QS-117
2018-02-02 10:34:19 -05:00
Joseph Schorr
9f996a8745
Change worker processes to be auto set based on CPU count
...
Fixes https://jira.coreos.com/browse/QS-109
2018-01-10 11:10:57 -05:00
Joseph Schorr
6de96ee8a5
Fix the custom cert install process to install to the new certifi location, in addition to the old location
...
Also updates our requirements around requests
2017-12-15 17:26:44 -05:00
Jimmy Zelinskie
e36bf25a5e
nginx: rate limit 1r/s
...
This reduces our rate limiting down to to 1 request per second.
2017-12-13 13:15:32 -05:00
josephschorr
3bef21253d
Merge pull request #2695 from coreos-inc/oidc-internal-auth
...
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
05b4a7d457
Add worker to update ipresolver data files every few hours
2017-09-28 14:40:59 -04:00
Joseph Schorr
ed897c7cb0
Change OIDC engine to not be federated
...
We don't need linking, just the ability to perform lookup
2017-09-12 12:26:41 -04:00
Joseph Schorr
bd67eaf856
Make SSL more resilient and cached
2017-09-05 18:02:07 -04:00
Alec Merdler
ae9bd8b727
Merge pull request #2837 from alecmerdler/QUAY-755
...
Fix 502 Error Page
2017-07-28 12:30:02 -04:00
Alec Merdler
fb7df1e568
fixed 502 route in Nginx config
2017-07-27 14:45:18 -04:00
Jake Moshenko
572eeca8f5
Split the runit services into interactive and batch categories.
2017-07-27 14:30:45 -04:00
Joseph Schorr
be62ede87c
Pass DB connection pooling arg
2017-07-27 14:22:44 -04:00
Joseph Schorr
f79542fefb
Enable connection pooling in the registry
2017-07-27 14:00:23 -04:00
josephschorr
78652de3ee
Merge pull request #2766 from coreos-inc/joseph.schorr/QUAY-634/buildlogsarchiver-data-interface
...
Change buildlogsarchiver to use a data model interface
2017-07-19 16:40:05 -04:00
josephschorr
9bd4cee029
Merge pull request #2765 from coreos-inc/joseph.schorr/QUAY-629/globalprom-data-interface
...
Switch globalpromstats worker to use a data interface
2017-07-19 16:39:36 -04:00
Erica
6576965647
Merge pull request #2780 from coreos-inc/FIX-teamsync-logger
...
fix(init/service/teamsyncworker/log/run): log correct worker
2017-07-12 23:38:44 -04:00
josephschorr
fdb21aa5dc
Merge pull request #2777 from coreos-inc/joseph.schorr/QUAY-618/notificationworker-data-interface
...
Change notificationworker to use data interface
2017-07-13 00:23:15 +03:00
josephschorr
2206c81a95
Merge pull request #2776 from coreos-inc/joseph.schorr/QUAY-652/servicekeyworker-data-interface
...
Change service key worker to use a data interface
2017-07-13 00:22:49 +03:00
EvB
67abfe7483
fix(init/service/teamsyncworker/log/run): log correct worker
2017-07-12 13:52:22 -04:00
Joseph Schorr
fbfd78532c
Move notification worker to its own package
2017-07-12 17:35:09 +03:00