grpcproxy: make grpc keep alive related options configurable (#11711)

Currently grpc-proxy doesn't config keep alive related options, so it
will use the default values provided by the underlay gprc library. If
clients uses a keep alive ping interval smaller than server's default
minTime, connections between server and clients will be closed and
reopened frequently.
This commit is contained in:
mlmhl
2020-04-18 12:20:03 +08:00
committed by GitHub
parent 0908a8bd10
commit 0461b3fa51
5 changed files with 55 additions and 16 deletions

View File

@@ -3,12 +3,12 @@
CFSSL = @env PATH=$(GOPATH)/bin:$(PATH) cfssl
JSON = env PATH=$(GOPATH)/bin:$(PATH) cfssljson
all: cfssl ca req
all: ca req
cfssl:
go get -u -tags nopkcs11 github.com/cloudflare/cfssl/cmd/cfssl
go get -u github.com/cloudflare/cfssl/cmd/cfssljson
go get -u github.com/mattn/goreman
HTTPS_PROXY=127.0.0.1:12639 go get -u -tags nopkcs11 github.com/cloudflare/cfssl/cmd/cfssl
HTTPS_PROXY=127.0.0.1:12639 go get -u github.com/cloudflare/cfssl/cmd/cfssljson
HTTPS_PROXY=127.0.0.1:12639 go get -u github.com/mattn/goreman
ca:
mkdir -p certs
@@ -19,22 +19,32 @@ req:
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/etcd1
config/req-csr.json | $(JSON) -bare certs/9.145.89.120
$(CFSSL) gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/etcd2
config/req-csr.json | $(JSON) -bare certs/9.145.89.173
$(CFSSL) gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/etcd3
config/req-csr.json | $(JSON) -bare certs/9.145.89.225
$(CFSSL) gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/proxy1
config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.120
$(CFSSL) gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.173
$(CFSSL) gencert \
-ca certs/ca.pem \
-ca-key certs/ca-key.pem \
-config config/ca-config.json \
config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.225
clean:
rm -rf certs

View File

@@ -7,7 +7,7 @@
"server auth",
"client auth"
],
"expiry": "8760h"
"expiry": "876000h"
}
}
}

View File

@@ -1,8 +1,8 @@
{
"CN": "Autogenerated CA",
"key": {
"algo": "ecdsa",
"size": 384
"algo": "rsa",
"size": 2048
},
"names": [
{

View File

@@ -1,11 +1,15 @@
{
"CN": "etcd",
"hosts": [
"localhost"
"localhost",
"127.0.0.1",
"9.145.89.120",
"9.145.89.173",
"9.145.89.225"
],
"key": {
"algo": "ecdsa",
"size": 384
"algo": "rsa",
"size": 2048
},
"names": [
{