grpcproxy: make grpc keep alive related options configurable (#11711)

Currently grpc-proxy doesn't config keep alive related options, so it will use the default values provided by the underlay gprc library. If clients uses a keep alive ping interval smaller than server's default minTime, connections between server and clients will be closed and reopened frequently.
2024-09-27 06:25:44 +00:00 · 2020-04-18 12:20:03 +08:00
parent 0908a8bd10
commit 0461b3fa51
5 changed files with 55 additions and 16 deletions
--- a/hack/tls-setup/Makefile
+++ b/hack/tls-setup/Makefile
@@ -3,12 +3,12 @@
 CFSSL	= @env PATH=$(GOPATH)/bin:$(PATH) cfssl
 JSON	= env PATH=$(GOPATH)/bin:$(PATH) cfssljson

-all: cfssl ca req
+all:  ca req

 cfssl:
-	go get -u -tags nopkcs11 github.com/cloudflare/cfssl/cmd/cfssl
-	go get -u github.com/cloudflare/cfssl/cmd/cfssljson
-	go get -u github.com/mattn/goreman
+	HTTPS_PROXY=127.0.0.1:12639 go get -u -tags nopkcs11 github.com/cloudflare/cfssl/cmd/cfssl
+	HTTPS_PROXY=127.0.0.1:12639 go get -u github.com/cloudflare/cfssl/cmd/cfssljson
+	HTTPS_PROXY=127.0.0.1:12639 go get -u github.com/mattn/goreman

 ca:
 	mkdir -p certs
@@ -19,22 +19,32 @@ req:
 	  -ca certs/ca.pem \
 	  -ca-key certs/ca-key.pem \
 	  -config config/ca-config.json \
-	  config/req-csr.json | $(JSON) -bare certs/etcd1
+	  config/req-csr.json | $(JSON) -bare certs/9.145.89.120
 	$(CFSSL) gencert \
 	  -ca certs/ca.pem \
 	  -ca-key certs/ca-key.pem \
 	  -config config/ca-config.json \
-	  config/req-csr.json | $(JSON) -bare certs/etcd2
+	  config/req-csr.json | $(JSON) -bare certs/9.145.89.173
 	$(CFSSL) gencert \
 	  -ca certs/ca.pem \
 	  -ca-key certs/ca-key.pem \
 	  -config config/ca-config.json \
-	  config/req-csr.json | $(JSON) -bare certs/etcd3
+	  config/req-csr.json | $(JSON) -bare certs/9.145.89.225
 	$(CFSSL) gencert \
 	  -ca certs/ca.pem \
 	  -ca-key certs/ca-key.pem \
 	  -config config/ca-config.json \
-	  config/req-csr.json | $(JSON) -bare certs/proxy1
+	  config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.120
+	$(CFSSL) gencert \
+	  -ca certs/ca.pem \
+	  -ca-key certs/ca-key.pem \
+	  -config config/ca-config.json \
+	  config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.173
+	$(CFSSL) gencert \
+	  -ca certs/ca.pem \
+	  -ca-key certs/ca-key.pem \
+	  -config config/ca-config.json \
+	  config/req-csr.json | $(JSON) -bare certs/peer-9.145.89.225

 clean:
 	rm -rf certs
--- a/hack/tls-setup/config/ca-config.json
+++ b/hack/tls-setup/config/ca-config.json
@@ -7,7 +7,7 @@
          "server auth",
          "client auth"
        ],
-        "expiry": "8760h"
+        "expiry": "876000h"
    }
  }
 }
--- a/hack/tls-setup/config/ca-csr.json
+++ b/hack/tls-setup/config/ca-csr.json
@@ -1,8 +1,8 @@
 {
  "CN": "Autogenerated CA",
  "key": {
-    "algo": "ecdsa",
-    "size": 384
+    "algo": "rsa",
+    "size": 2048
  },
  "names": [
    {
--- a/hack/tls-setup/config/req-csr.json
+++ b/hack/tls-setup/config/req-csr.json
@@ -1,11 +1,15 @@
 {
  "CN": "etcd",
  "hosts": [
-    "localhost"
+    "localhost",
+    "127.0.0.1",
+    "9.145.89.120",
+    "9.145.89.173",
+    "9.145.89.225"
  ],
  "key": {
-    "algo": "ecdsa",
-    "size": 384
+    "algo": "rsa",
+    "size": 2048
  },
  "names": [
    {