explain why Content-Encoding=gzip, add Content-Encoding to key pair mode

jetstack · Oct 17, 2024 · 22def46 · 22def46
1 parent 27cf43e
commit 22def46
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go
@@ -272,9 +272,18 @@ func (c *VenafiCloudClient) Post(path string, body io.Reader) (*http.Response, e
 		return nil, err
 	}
 
+	// We have noticed that NGINX, which is Venafi Control Plane's API gateway,
+	// has a limit on the request body size we can send (client_max_body_size).
+	// On large clusters, the agent may exceed this limit, triggering the error
+	// "413 Request Entity Too Large". Although this limit has been raised to
+	// 1GB, NGINX still buffers the requests that the agent sends because
+	// proxy_request_buffering isn't set to off. To reduce the strain on NGINX'
+	// memory and disk, to avoid further 413s, and to avoid reaching the maximum
+	// request body size of customer's proxies, we have decided to enable GZIP
+	// compression. Ref: https://venafi.atlassian.net/browse/VC-36434.
+	req.Header.Set("Content-Encoding", "gzip")
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Content-Encoding", "gzip")
 
 	if len(token.accessToken) > 0 {
 		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.accessToken))

diff --git a/pkg/client/client_venconn.go b/pkg/client/client_venconn.go
@@ -174,6 +174,16 @@ func (c *VenConnClient) PostDataReadingsWithOptions(readings []*api.DataReading,
 		return err
 	}
 
+	// We have noticed that NGINX, which is Venafi Control Plane's API gateway,
+	// has a limit on the request body size we can send (client_max_body_size).
+	// On large clusters, the agent may exceed this limit, triggering the error
+	// "413 Request Entity Too Large". Although this limit has been raised to
+	// 1GB, NGINX still buffers the requests that the agent sends because
+	// proxy_request_buffering isn't set to off. To reduce the strain on NGINX'
+	// memory and disk, to avoid further 413s, and to avoid reaching the maximum
+	// request body size of customer's proxies, we have decided to enable GZIP
+	// compression. Ref: https://venafi.atlassian.net/browse/VC-36434.
+	req.Header.Set("Content-Encoding", "gzip")
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion))
 

diff --git a/pkg/client/client_venconn_test.go b/pkg/client/client_venconn_test.go
@@ -233,6 +233,7 @@ func run_TestVenConnClient_PostDataReadingsWithOptions(restcfg *rest.Config, kcl
 			// Let's make sure we didn't forget to add the arbitrary "/no"
 			// (uploader_id) path segment to /v1/tlspk/upload/clusterdata.
 			assert.Equal(t, "/v1/tlspk/upload/clusterdata/no", r.URL.Path)
+			assert.Equal(t, "gzip", r.Header.Get("Content-Encoding"))
 		})
 
 		certPool := x509.NewCertPool()