Joseph Schorr
ef167ab7e3
Rate limit the catalog endpoint by auth token and IP address
2018-06-05 18:24:31 -04:00
Jimmy Zelinskie
e542de7e65
nginx: temporarily disable catalog for production
2018-06-05 16:06:10 -04:00
josephschorr
7722721396
Merge pull request #3064 from quay/joseph.schorr/QUAY-928/fix-worker-count
...
Fix worker count to use CPU affinity correctly and be properly bounded
2018-05-07 20:45:26 +03:00
Joseph Schorr
b26a131085
Fix worker count to use CPU affinity correctly and be properly bounded
...
We were using the `cpu_count`, which doesn't respect container affinity. Now, we use `cpu_affinity` and also bound to make sure we don't start a million workers
Fixes https://jira.coreos.com/browse/QUAY-928
2018-05-03 11:57:20 +03:00
Joseph Schorr
e20295f573
Fix Kubernetes config provider for recent changes in Kub API
...
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API
Fixes https://jira.coreos.com/browse/QUAY-911
2018-04-22 17:22:28 +03:00
Joseph Schorr
ab0172d2fd
Switch Quay to using an in-container memcached for data model caching
2018-02-27 16:55:22 -05:00
Joseph Schorr
8bc55a5676
Make namespace deletion asynchronous
...
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.
Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Joseph Schorr
d45161b120
Add a worker to automatically GC expired app specific tokens
...
Fixes https://jira.coreos.com/browse/QUAY-822
2018-02-12 14:56:01 -05:00
josephschorr
ccef3bffe9
Merge pull request #2978 from coreos-inc/joseph.schorr/QS-117/gunicorn-worker-count
...
Make gunicorn worker count scale automatically and be configurable
2018-02-02 13:46:17 -05:00
Joseph Schorr
da9b05fa4a
Remove syslog check lines from all services
2018-02-02 13:38:25 -05:00
Joseph Schorr
0f49d787eb
Fix syslog for updated phusion base image
...
Syslog is now started outside of the normal init process
2018-02-02 10:52:18 -05:00
Joseph Schorr
4cd3d110db
Make gunicorn worker count scale automatically and be configurable
...
Fixes https://jira.coreos.com/browse/QS-117
2018-02-02 10:34:19 -05:00
Joseph Schorr
9f996a8745
Change worker processes to be auto set based on CPU count
...
Fixes https://jira.coreos.com/browse/QS-109
2018-01-10 11:10:57 -05:00
Joseph Schorr
6de96ee8a5
Fix the custom cert install process to install to the new certifi location, in addition to the old location
...
Also updates our requirements around requests
2017-12-15 17:26:44 -05:00
Jimmy Zelinskie
e36bf25a5e
nginx: rate limit 1r/s
...
This reduces our rate limiting down to to 1 request per second.
2017-12-13 13:15:32 -05:00
josephschorr
3bef21253d
Merge pull request #2695 from coreos-inc/oidc-internal-auth
...
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
05b4a7d457
Add worker to update ipresolver data files every few hours
2017-09-28 14:40:59 -04:00
Joseph Schorr
ed897c7cb0
Change OIDC engine to not be federated
...
We don't need linking, just the ability to perform lookup
2017-09-12 12:26:41 -04:00
Joseph Schorr
bd67eaf856
Make SSL more resilient and cached
2017-09-05 18:02:07 -04:00
Alec Merdler
ae9bd8b727
Merge pull request #2837 from alecmerdler/QUAY-755
...
Fix 502 Error Page
2017-07-28 12:30:02 -04:00
Alec Merdler
fb7df1e568
fixed 502 route in Nginx config
2017-07-27 14:45:18 -04:00
Jake Moshenko
572eeca8f5
Split the runit services into interactive and batch categories.
2017-07-27 14:30:45 -04:00
Joseph Schorr
be62ede87c
Pass DB connection pooling arg
2017-07-27 14:22:44 -04:00
Joseph Schorr
f79542fefb
Enable connection pooling in the registry
2017-07-27 14:00:23 -04:00
josephschorr
78652de3ee
Merge pull request #2766 from coreos-inc/joseph.schorr/QUAY-634/buildlogsarchiver-data-interface
...
Change buildlogsarchiver to use a data model interface
2017-07-19 16:40:05 -04:00
josephschorr
9bd4cee029
Merge pull request #2765 from coreos-inc/joseph.schorr/QUAY-629/globalprom-data-interface
...
Switch globalpromstats worker to use a data interface
2017-07-19 16:39:36 -04:00
Erica
6576965647
Merge pull request #2780 from coreos-inc/FIX-teamsync-logger
...
fix(init/service/teamsyncworker/log/run): log correct worker
2017-07-12 23:38:44 -04:00
josephschorr
fdb21aa5dc
Merge pull request #2777 from coreos-inc/joseph.schorr/QUAY-618/notificationworker-data-interface
...
Change notificationworker to use data interface
2017-07-13 00:23:15 +03:00
josephschorr
2206c81a95
Merge pull request #2776 from coreos-inc/joseph.schorr/QUAY-652/servicekeyworker-data-interface
...
Change service key worker to use a data interface
2017-07-13 00:22:49 +03:00
EvB
67abfe7483
fix(init/service/teamsyncworker/log/run): log correct worker
2017-07-12 13:52:22 -04:00
Joseph Schorr
fbfd78532c
Move notification worker to its own package
2017-07-12 17:35:09 +03:00
Joseph Schorr
3b496e2759
Move serverkeyworker into its own package
2017-07-12 15:57:02 +03:00
Joseph Schorr
e2cf2d6f2b
Move teamsyncworker into its own package
2017-07-12 15:53:01 +03:00
josephschorr
dc6c6b30fc
Merge pull request #2768 from coreos-inc/joseph.schorr/QUAY-653/blobuploadcleanupworker-data-interface
...
Change blobuploadcleanupworker to use a data interface
2017-07-12 00:32:09 +03:00
Evan Cordell
8d07bbc7af
Remove volumes
2017-07-11 10:54:56 -04:00
Joseph Schorr
b87415129f
Move blobuploadcleanupworker into its own package
2017-07-11 15:38:10 +03:00
Joseph Schorr
22f088d90a
Move buildlogsarchiver worker to its own package
2017-07-11 14:42:18 +03:00
Joseph Schorr
265520d071
Move globalpromstats worker into its own package
2017-07-11 13:52:15 +03:00
Evan Cordell
dacb0131a5
symlink all files from /conf/stack into QUAYCONF/stack
2017-07-10 22:34:21 -04:00
Antoine Legrand
cdb3722c17
Use $QUAYPATH and $QUAYDIR in conf and init files
2017-07-05 16:23:54 +02:00
josephschorr
a96555511b
Merge pull request #2743 from coreos-inc/joseph.schorr/QUAY-663/gcworker-interface
...
Change GC worker to use new data interface style
2017-06-29 20:54:04 +03:00
Joseph Schorr
76c9339453
Rename GC worker package to gc
2017-06-29 09:37:32 +03:00
Joseph Schorr
38f1752a2d
Move gcworker into its own package
2017-06-28 15:04:10 +03:00
Joseph Schorr
1ddb09ac11
Change security worker to use data interface
2017-06-28 14:50:52 +03:00
Antoine Legrand
3bd2148abd
gunicorn-conf: add quay directory to syspath
2017-06-08 20:50:42 +02:00
Antoine Legrand
3c99928a27
Add log JSON formatter
2017-06-07 00:02:52 +02:00
Evan Cordell
653cd997a1
fixes install of certs
2017-05-25 18:06:20 -04:00
Evan Cordell
20da91d879
Add tests for providers and update install script
2017-05-23 15:43:21 -04:00
Evan Cordell
0c05958739
Update cert install scripts to read prefixed names
2017-05-23 13:59:09 -04:00
Joseph Schorr
bf51ec20e8
Disable gzip on HEAD requests in v2
endpoints
...
nginx's gzip module will ignore the content-length header on the HEAD request and try to gzip the body.... but there is no body, so it simply writes no header at all.
Code to turn this off was based off of https://trac.nginx.org/nginx/ticket/261
2017-05-03 18:27:45 -04:00