From 22def464afb6f5d80f5b8aa68ad0fe058c6d37dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Valais?= Date: Thu, 17 Oct 2024 16:10:11 +0200 Subject: [PATCH] explain why Content-Encoding=gzip, add Content-Encoding to key pair mode --- pkg/client/client_venafi_cloud.go | 11 ++++++++++- pkg/client/client_venconn.go | 10 ++++++++++ pkg/client/client_venconn_test.go | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go index 0738f420..e4028493 100644 --- a/pkg/client/client_venafi_cloud.go +++ b/pkg/client/client_venafi_cloud.go @@ -272,9 +272,18 @@ func (c *VenafiCloudClient) Post(path string, body io.Reader) (*http.Response, e return nil, err } + // We have noticed that NGINX, which is Venafi Control Plane's API gateway, + // has a limit on the request body size we can send (client_max_body_size). + // On large clusters, the agent may exceed this limit, triggering the error + // "413 Request Entity Too Large". Although this limit has been raised to + // 1GB, NGINX still buffers the requests that the agent sends because + // proxy_request_buffering isn't set to off. To reduce the strain on NGINX' + // memory and disk, to avoid further 413s, and to avoid reaching the maximum + // request body size of customer's proxies, we have decided to enable GZIP + // compression. Ref: https://venafi.atlassian.net/browse/VC-36434. + req.Header.Set("Content-Encoding", "gzip") req.Header.Set("Accept", "application/json") req.Header.Set("Content-Type", "application/json") - req.Header.Set("Content-Encoding", "gzip") if len(token.accessToken) > 0 { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.accessToken)) diff --git a/pkg/client/client_venconn.go b/pkg/client/client_venconn.go index c2d335ad..9665749b 100644 --- a/pkg/client/client_venconn.go +++ b/pkg/client/client_venconn.go @@ -174,6 +174,16 @@ func (c *VenConnClient) PostDataReadingsWithOptions(readings []*api.DataReading, return err } + // We have noticed that NGINX, which is Venafi Control Plane's API gateway, + // has a limit on the request body size we can send (client_max_body_size). + // On large clusters, the agent may exceed this limit, triggering the error + // "413 Request Entity Too Large". Although this limit has been raised to + // 1GB, NGINX still buffers the requests that the agent sends because + // proxy_request_buffering isn't set to off. To reduce the strain on NGINX' + // memory and disk, to avoid further 413s, and to avoid reaching the maximum + // request body size of customer's proxies, we have decided to enable GZIP + // compression. Ref: https://venafi.atlassian.net/browse/VC-36434. + req.Header.Set("Content-Encoding", "gzip") req.Header.Set("Content-Type", "application/json") req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) diff --git a/pkg/client/client_venconn_test.go b/pkg/client/client_venconn_test.go index f765f1ad..df75a8c5 100644 --- a/pkg/client/client_venconn_test.go +++ b/pkg/client/client_venconn_test.go @@ -233,6 +233,7 @@ func run_TestVenConnClient_PostDataReadingsWithOptions(restcfg *rest.Config, kcl // Let's make sure we didn't forget to add the arbitrary "/no" // (uploader_id) path segment to /v1/tlspk/upload/clusterdata. assert.Equal(t, "/v1/tlspk/upload/clusterdata/no", r.URL.Path) + assert.Equal(t, "gzip", r.Header.Get("Content-Encoding")) }) certPool := x509.NewCertPool()