3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 15:29:48 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/config/runtime_flags.go
Caleb Doxsey c2115dc1e4
envoy: set concurrency to GOMAXPROCS (#5721) 
## Summary
Explicitly set the `concurrency` option for envoy to match `GOMAXPROCS`.
In v1.25 the default behavior of `GOMAXPROCS` will change:

> On Linux, the runtime considers the CPU bandwidth limit of the cgroup
containing the process, if any. If the CPU bandwidth limit is lower than
the number of logical CPUs available, GOMAXPROCS will default to the
lower limit. In container runtime systems like Kubernetes, cgroup CPU
bandwidth limits generally correspond to the “CPU limit” option.

However we use
[github.com/uber-go/automaxprocs](https://github.com/uber-go/automaxprocs)
so we already have this behavior.

This behavior is enabled by default but can be disabled by setting the
runtime flag `set_envoy_concurrency_to_go_max_procs` to false.

This change will be backported to v0.30 and v0.29, though with v0.29 the
default will be off so as not to change the current behavior.

I also looked into the `--cpuset-threads` option, but it only applies
when cpusets are used explicitly and most containers use
`cpu.cfs_quota_us` or `cpu.max` instead.

## Related issues
-
[ENG-2549](https://linear.app/pomerium/issue/ENG-2549/core-set-cpuset-threads-envoy-option-to-detected-cpu-quota)

## User Explanation

<!-- How would you explain this change to the user? If this
change doesn't create any user-facing changes, you can leave
this blank. If filled out, add the `docs` label -->

## Checklist

- [x] reference any related issues
- [ ] updated unit tests
- [ ] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review
2025-07-11 11:44:52 -06:00

63 lines
2.6 KiB
Go
Raw Blame History

package config
import "maps"
var (
// RuntimeFlagConfigHotReload enables the hot-reloading mechanism for the config file
// and any other files referenced within it
RuntimeFlagConfigHotReload = runtimeFlag("config_hot_reload", true)
// RuntimeFlagEnvoyResourceManager enables Envoy overload settings based on
// process cgroup limits (Linux only).
RuntimeFlagEnvoyResourceManager = runtimeFlag("envoy_resource_manager", true)
// RuntimeFlagGRPCDatabrokerKeepalive enables gRPC keepalive to the databroker service
RuntimeFlagGRPCDatabrokerKeepalive = runtimeFlag("grpc_databroker_keepalive", false)
// RuntimeFlagMatchAnyIncomingPort enables ignoring the incoming port when matching routes
RuntimeFlagMatchAnyIncomingPort = runtimeFlag("match_any_incoming_port", true)
// RuntimeFlagPomeriumJWTEndpoint enables the /.pomerium/jwt endpoint, for retrieving
// signed user info claims from an upstream single-page web application. This endpoint
// is deprecated pending removal in a future release, but this flag allows a temporary
// opt-out from the deprecation.
RuntimeFlagPomeriumJWTEndpoint = runtimeFlag("pomerium_jwt_endpoint", false)
// RuntimeFlagAddExtraMetricsLabels enables adding extra labels to metrics (host and installation id)
RuntimeFlagAddExtraMetricsLabels = runtimeFlag("add_extra_metrics_labels", true)
// RuntimeFlagAuthorizeUseSyncedData enables synced data for querying the databroker for
// certain types of data.
RuntimeFlagAuthorizeUseSyncedData = runtimeFlag("authorize_use_synced_data", true)
// RuntimeFlagMCP enables the MCP services for the authorize service
RuntimeFlagMCP = runtimeFlag("mcp", false)
// RuntimeFlagSSHRoutesPortal enables the SSH routes portal
RuntimeFlagSSHRoutesPortal = runtimeFlag("ssh_routes_portal", false)
// RuntimeFlagSSHAllowDirectTcpip allows downstream clients to open 'direct-tcpip'
// channels (jump host mode)
RuntimeFlagSSHAllowDirectTcpip = runtimeFlag("ssh_allow_direct_tcpip", false)
// RuntimeFlagSetEnvoyConcurrencyToGoMaxProcs sets the envoy concurrency option to GOMAXPROCS.
RuntimeFlagSetEnvoyConcurrencyToGoMaxProcs = runtimeFlag("set_envoy_concurrency_to_go_max_procs", true)
)
// RuntimeFlag is a runtime flag that can flip on/off certain features
type RuntimeFlag string
// RuntimeFlags is a map of runtime flags
type RuntimeFlags map[RuntimeFlag]bool
func runtimeFlag(txt string, def bool) RuntimeFlag {
key := RuntimeFlag(txt)
defaultRuntimeFlags[key] = def
return key
}
var defaultRuntimeFlags = map[RuntimeFlag]bool{}
func DefaultRuntimeFlags() RuntimeFlags {
return maps.Clone(defaultRuntimeFlags)
}
Reference in a new issue View git blame Copy permalink