Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for HTTP/2 max streams per connection setting #60054

Merged
merged 1 commit into from
Feb 24, 2018
Merged

Fixes for HTTP/2 max streams per connection setting #60054

merged 1 commit into from
Feb 24, 2018

Conversation

MikeSpreitzer
Copy link
Member

@MikeSpreitzer MikeSpreitzer commented Feb 19, 2018
edited by sttts
Loading

What this PR does / why we need it:
This PR makes two changes. One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection. If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250; see https://github.com/golang/net/blob/master/http2/server.go).

The other change is to make the recommended options for an aggregated
api-server set this limit to 1000. The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #60042

Special notes for your reviewer:

Release note:

Introduced `--http2-max-streams-per-connection` command line flag on api-servers and set default to 1000 for aggregated API servers.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 19, 2018
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 19, 2018
@MikeSpreitzer
Copy link
Member Author

All the tests are failing with the following complaint:

W0219 19:28:43.861] 2018/02/19 19:28:43 missing strict dependencies:
W0219 19:28:43.862] 	vendor/k8s.io/apiserver/pkg/server/serve.go: import of golang.org/x/net/http2, which is not a direct dependency

But golang.org/x/net/http2 is in vendor, Godeps/Godeps.json, and staging/src/k8s.io/apiserver/Godeps/Godeps.json. What am I missing?

@MikeSpreitzer
Copy link
Member Author

/test pull-kubernetes-e2e-gce-device-plugin-gpu

@MikeSpreitzer MikeSpreitzer mentioned this pull request Feb 20, 2018
Closed
@MikeSpreitzer
Copy link
Member Author

/assign thockin

@deads2k
Copy link
Contributor

deads2k commented Feb 20, 2018

/approve

lgtm

/assign sttts

@sttts merge at your discretion.

sttts
sttts reviewed Feb 22, 2018
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/options/serving.go Outdated
@@ -83,6 +86,7 @@ func NewSecureServingOptions() *SecureServingOptions {
PairName: "apiserver",
CertDirectory: "apiserver.local.config/certificates",
},
HTTP2MaxStreamsPerConnection: 1000,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are there any side-effects of this? Memory, cpu, ...?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This default here is for every apiserver, and even controller-manager and soon'ish the scheduler. Maybe we should only change Golang's default for kube-apiserver?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course this affects memory, CPU, and network load. I agree it would be better for each program to have its own default. It would be even better if a server could tailor this limit to each individual client. What would you suggest as the API for either of these?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can leave the default at 0 (go default) and override it in kube-aggregator and kube-apiserver.

Copy link
Member Author

@MikeSpreitzer MikeSpreitzer Feb 22, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, the use case that concerns me is an aggregated api-server. One of those today tells the main api-server to limit itself to 250 open streams in its HTTP/2 connection to the aggregated api-server. The pain point was having more than 250 watches open from controllers that connect to the main api-server. Those connections work just fine, it is where the proxy function multiplexes them all into one HTTP/2 connection to the aggregated api-server that the current limit bites. So I will update just the sample-apiserver to override the limit.

@sttts
Copy link
Contributor

sttts commented Feb 22, 2018

This is probably also worth a cherry-pick to 1.9 after it is merged.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 22, 2018
sttts
sttts reviewed Feb 22, 2018
View reviewed changes
staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go Outdated
@@ -52,7 +52,11 @@ func NewWardleServerOptions(out, errOut io.Writer) *WardleServerOptions {
StdOut: out,
StdErr: errOut,
}

if o.RecommendedOptions != nil && o.RecommendedOptions.SecureServing != nil && o.RecommendedOptions.SecureServing.SecureServingOptions != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need to check for any of the nils here.

@MikeSpreitzer MikeSpreitzer force-pushed the issue-60042-field branch 2 times, most recently from 377f893 to f89946f Compare February 22, 2018 21:30
@MikeSpreitzer
Fixes for HTTP/2 max streams per connection setting
201c11f 
This PR makes two changes.  One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection.  If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).

The other change is to make the recommended options for an aggregated
api-server set this limit to 1000.  The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).

Fixes kubernetes#60042
MikeSpreitzer added a commit to MikeSpreitzer/kubernetes that referenced this pull request Feb 23, 2018
@MikeSpreitzer
Release-1.8 edition of kubernetes#60054
cd124cf
@thockin thockin assigned lavalamp and cheftako and unassigned thockin Feb 23, 2018
@thockin
Copy link
Member

thockin commented Feb 23, 2018

I know too little about this area, so punting to others who know it better.

Assign back to me if approval is needed.

@sttts sttts added the kind/bug Categorizes issue or PR as related to a bug. label Feb 23, 2018
@sttts sttts added this to the v1.10 milestone Feb 23, 2018
@sttts sttts added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Feb 23, 2018
@sttts
Copy link
Contributor

sttts commented Feb 23, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2018
@sttts
Copy link
Contributor

sttts commented Feb 23, 2018

/assign @thockin

This has no influence on any kubernetes binary we ship, but only on aggregated API servers building on our libraries. But for the later and any non-trivial use this is crucial.

@thockin
Copy link
Member

thockin commented Feb 23, 2018

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, MikeSpreitzer, sttts, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 23, 2018
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 60054, 60202, 60219, 58090, 60275). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 3c2a0c8 into kubernetes:master Feb 24, 2018
MikeSpreitzer added a commit to MikeSpreitzer/kubernetes that referenced this pull request Feb 26, 2018
@MikeSpreitzer
Cherry pick kubernetes#60054 to release-1.9
e8b04c3
@MikeSpreitzer MikeSpreitzer mentioned this pull request Feb 26, 2018
Closed
@lavalamp lavalamp modified the milestones: v1.10, v1.9 Mar 2, 2018
This was referenced Mar 2, 2018
Merged
Merged
@k8s-github-robot
Copy link

Commit found in the "release-1.9" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

k8s-github-robot pushed a commit that referenced this pull request Mar 28, 2018
Merge pull request #60802 from MikeSpreitzer/automated-cherry-pick-of…
8090bae 
…-#60054-upstream-release-1.8

Automatic merge from submit-queue.

Automated cherry pick of #60054

Cherry pick of #60054 on release-1.8.

#60054: Fixes for HTTP/2 max streams per connection setting
k8s-github-robot pushed a commit that referenced this pull request Apr 12, 2018
Merge pull request #60685 from MikeSpreitzer/automated-cherry-pick-of…
68f0fc4 
…-#60054-upstream-release-1.9

Automatic merge from submit-queue.

Automated cherry pick of #60054

Cherry pick of #60054 on release-1.9.

#60054: Fixes for HTTP/2 max streams per connection setting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sttts sttts sttts left review comments

@deads2k deads2k Awaiting requested review from deads2k

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

Assignees

@lavalamp lavalamp

@sttts sttts

@cheftako cheftako

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.9
8 participants
@MikeSpreitzer @deads2k @sttts @thockin @k8s-ci-robot @k8s-github-robot @lavalamp @cheftako