Compare commits
2 Commits
f35384c0f3
...
bf15732935
Author | SHA1 | Date |
---|---|---|
wpetit | bf15732935 | |
wpetit | 8317ac5b9a |
|
@ -24,6 +24,7 @@
|
|||
- [(FR) - Ajouter une authentification OpenID Connect](./fr/tutorials/add-oidc-authn-layer.md)
|
||||
- [(FR) - Amorçage d'un serveur Bouncer via la configuration](./fr/tutorials/bootstrapping.md)
|
||||
- [(FR) - Intégration avec Kubernetes](./fr/tutorials/kubernetes-integration.md)
|
||||
- [(FR) - Profilage](./fr/tutorials/profiling.md)
|
||||
|
||||
### Développement
|
||||
|
||||
|
|
|
@ -1,10 +1,24 @@
|
|||
# Étudier les performances de Bouncer
|
||||
|
||||
## In situ
|
||||
|
||||
Il est possible d'activer via la configuration de Bouncer de endpoints capable de générer des fichiers de profil au format [`pprof`](https://github.com/google/pprof). Par défaut, le point d'entrée est `.bouncer/profiling` (l'activation et la personnalisation de ce point d'entrée sont modifiables via la [configuration](../../../misc/packaging/common/config.yml)).
|
||||
|
||||
**Exemple:** Visualiser l'utilisation mémoire de Bouncer
|
||||
|
||||
```bash
|
||||
go tool pprof -web http://<bouncer_proxy>/.bouncer/profiling/heap
|
||||
```
|
||||
|
||||
L'ensemble des profils disponibles sont visibles à l'adresse `http://<bouncer_proxy>/.bouncer/profiling`.
|
||||
|
||||
## En développement
|
||||
|
||||
Le package `./internal` est dédié à l'étude des performances de Bouncer. Il contient une suite de benchmarks simulant de proxies avec différentes configurations de layers afin d'évaluer les points d'engorgement sur le traitement des requêtes.
|
||||
|
||||
Voir le répertoire `./internal/bench/testdata/proxies` pour voir les différentes configurations de cas.
|
||||
|
||||
## Lancer les benchmarks
|
||||
### Lancer les benchmarks
|
||||
|
||||
Le plus simple est d'utiliser la commande `make bench` qui exécutera séquentiellement tous les benchmarks. Il est également possible de lancer un benchmark spécifique via la commande suivante:
|
||||
|
||||
|
@ -19,7 +33,7 @@ Par exemple:
|
|||
go test -bench='BenchmarkProxies/basic-auth' -run='^$' ./internal/bench
|
||||
```
|
||||
|
||||
## Visualiser les profils d'exécution
|
||||
### Visualiser les profils d'exécution
|
||||
|
||||
Vous pouvez visualiser les profils d'exécution via la commande suivante:
|
||||
|
||||
|
@ -35,7 +49,7 @@ Par exemple:
|
|||
go tool pprof -web ./internal/bench/testdata/proxies/basic-auth.prof
|
||||
```
|
||||
|
||||
## Comparer les évolutions
|
||||
### Comparer les évolutions
|
||||
|
||||
```bash
|
||||
# Lancer un premier benchmark
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/pprof"
|
||||
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/auth"
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/auth/jwt"
|
||||
|
@ -155,6 +156,34 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
|
|||
})
|
||||
}
|
||||
|
||||
if s.serverConfig.Profiling.Enabled {
|
||||
profiling := s.serverConfig.Profiling
|
||||
logger.Info(ctx, "enabling profiling", logger.F("endpoint", profiling.Endpoint))
|
||||
|
||||
router.Group(func(r chi.Router) {
|
||||
if profiling.BasicAuth != nil {
|
||||
logger.Info(ctx, "enabling authentication on metrics endpoint")
|
||||
|
||||
r.Use(middleware.BasicAuth(
|
||||
"profiling",
|
||||
profiling.BasicAuth.CredentialsMap(),
|
||||
))
|
||||
}
|
||||
|
||||
r.Route(string(profiling.Endpoint), func(r chi.Router) {
|
||||
r.HandleFunc("/", pprof.Index)
|
||||
r.HandleFunc("/cmdline", pprof.Cmdline)
|
||||
r.HandleFunc("/profile", pprof.Profile)
|
||||
r.HandleFunc("/symbol", pprof.Symbol)
|
||||
r.HandleFunc("/trace", pprof.Trace)
|
||||
r.HandleFunc("/{name}", func(w http.ResponseWriter, r *http.Request) {
|
||||
name := chi.URLParam(r, "name")
|
||||
pprof.Handler(name).ServeHTTP(w, r)
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
router.Route("/api/v1", func(r chi.Router) {
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(auth.Middleware(
|
||||
|
|
|
@ -35,12 +35,15 @@ func RunCommand() *cli.Command {
|
|||
logger.SetLevel(logger.Level(conf.Logger.Level))
|
||||
|
||||
projectVersion := ctx.String("projectVersion")
|
||||
flushSentry, err := setup.SetupSentry(ctx.Context, conf.Admin.Sentry, projectVersion)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not initialize sentry client")
|
||||
}
|
||||
|
||||
defer flushSentry()
|
||||
if conf.Proxy.Sentry.DSN != "" {
|
||||
flushSentry, err := setup.SetupSentry(ctx.Context, conf.Proxy.Sentry, projectVersion)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not initialize sentry client")
|
||||
}
|
||||
|
||||
defer flushSentry()
|
||||
}
|
||||
|
||||
integrations, err := setup.SetupIntegrations(ctx.Context, conf)
|
||||
if err != nil {
|
||||
|
|
|
@ -30,12 +30,15 @@ func RunCommand() *cli.Command {
|
|||
logger.SetLevel(logger.Level(conf.Logger.Level))
|
||||
|
||||
projectVersion := ctx.String("projectVersion")
|
||||
flushSentry, err := setup.SetupSentry(ctx.Context, conf.Proxy.Sentry, projectVersion)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not initialize sentry client")
|
||||
}
|
||||
|
||||
defer flushSentry()
|
||||
if conf.Proxy.Sentry.DSN != "" {
|
||||
flushSentry, err := setup.SetupSentry(ctx.Context, conf.Proxy.Sentry, projectVersion)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not initialize sentry client")
|
||||
}
|
||||
|
||||
defer flushSentry()
|
||||
}
|
||||
|
||||
layers, err := setup.GetLayers(ctx.Context, conf)
|
||||
if err != nil {
|
||||
|
|
|
@ -1,20 +1,22 @@
|
|||
package config
|
||||
|
||||
type AdminServerConfig struct {
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
CORS CORSConfig `yaml:"cors"`
|
||||
Auth AuthConfig `yaml:"auth"`
|
||||
Metrics MetricsConfig `yaml:"metrics"`
|
||||
Sentry SentryConfig `yaml:"sentry"`
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
CORS CORSConfig `yaml:"cors"`
|
||||
Auth AuthConfig `yaml:"auth"`
|
||||
Metrics MetricsConfig `yaml:"metrics"`
|
||||
Profiling ProfilingConfig `yaml:"profiling"`
|
||||
Sentry SentryConfig `yaml:"sentry"`
|
||||
}
|
||||
|
||||
func NewDefaultAdminServerConfig() AdminServerConfig {
|
||||
return AdminServerConfig{
|
||||
HTTP: NewHTTPConfig("127.0.0.1", 8081),
|
||||
CORS: NewDefaultCORSConfig(),
|
||||
Auth: NewDefaultAuthConfig(),
|
||||
Metrics: NewDefaultMetricsConfig(),
|
||||
Sentry: NewDefaultSentryConfig(),
|
||||
HTTP: NewHTTPConfig("127.0.0.1", 8081),
|
||||
CORS: NewDefaultCORSConfig(),
|
||||
Auth: NewDefaultAuthConfig(),
|
||||
Metrics: NewDefaultMetricsConfig(),
|
||||
Sentry: NewDefaultSentryConfig(),
|
||||
Profiling: NewDefaultProfilingConfig(),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
package config
|
||||
|
||||
type ProfilingConfig struct {
|
||||
Enabled InterpolatedBool `yaml:"enabled"`
|
||||
Endpoint InterpolatedString `yaml:"endpoint"`
|
||||
BasicAuth *BasicAuthConfig `yaml:"basicAuth"`
|
||||
}
|
||||
|
||||
func NewDefaultProfilingConfig() ProfilingConfig {
|
||||
return ProfilingConfig{
|
||||
Enabled: true,
|
||||
Endpoint: "/.bouncer/profiling",
|
||||
BasicAuth: nil,
|
||||
}
|
||||
}
|
|
@ -10,6 +10,7 @@ type ProxyServerConfig struct {
|
|||
Debug InterpolatedBool `yaml:"debug"`
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
Metrics MetricsConfig `yaml:"metrics"`
|
||||
Profiling ProfilingConfig `yaml:"profiling"`
|
||||
Transport TransportConfig `yaml:"transport"`
|
||||
Dial DialConfig `yaml:"dial"`
|
||||
Sentry SentryConfig `yaml:"sentry"`
|
||||
|
@ -27,6 +28,7 @@ func NewDefaultProxyServerConfig() ProxyServerConfig {
|
|||
Sentry: NewDefaultSentryConfig(),
|
||||
Cache: NewDefaultCacheConfig(),
|
||||
Templates: NewDefaultTemplatesConfig(),
|
||||
Profiling: NewDefaultProfilingConfig(),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -28,10 +28,10 @@ func NewDefaultSentryConfig() SentryConfig {
|
|||
Debug: false,
|
||||
FlushTimeout: NewInterpolatedDuration(2 * time.Second),
|
||||
AttachStacktrace: true,
|
||||
SampleRate: 1,
|
||||
SampleRate: 0.2,
|
||||
EnableTracing: true,
|
||||
TracesSampleRate: 0.2,
|
||||
ProfilesSampleRate: 1,
|
||||
ProfilesSampleRate: 0.2,
|
||||
IgnoreErrors: []string{},
|
||||
SendDefaultPII: false,
|
||||
ServerName: "",
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
"net/http/pprof"
|
||||
"net/url"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
|
@ -146,6 +147,34 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
|
|||
})
|
||||
}
|
||||
|
||||
if s.serverConfig.Profiling.Enabled {
|
||||
profiling := s.serverConfig.Profiling
|
||||
logger.Info(ctx, "enabling profiling", logger.F("endpoint", profiling.Endpoint))
|
||||
|
||||
router.Group(func(r chi.Router) {
|
||||
if profiling.BasicAuth != nil {
|
||||
logger.Info(ctx, "enabling authentication on metrics endpoint")
|
||||
|
||||
r.Use(middleware.BasicAuth(
|
||||
"profiling",
|
||||
profiling.BasicAuth.CredentialsMap(),
|
||||
))
|
||||
}
|
||||
|
||||
r.Route(string(profiling.Endpoint), func(r chi.Router) {
|
||||
r.HandleFunc("/", pprof.Index)
|
||||
r.HandleFunc("/cmdline", pprof.Cmdline)
|
||||
r.HandleFunc("/profile", pprof.Profile)
|
||||
r.HandleFunc("/symbol", pprof.Symbol)
|
||||
r.HandleFunc("/trace", pprof.Trace)
|
||||
r.HandleFunc("/{name}", func(w http.ResponseWriter, r *http.Request) {
|
||||
name := chi.URLParam(r, "name")
|
||||
pprof.Handler(name).ServeHTTP(w, r)
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
router.Group(func(r chi.Router) {
|
||||
r.Use(director.Middleware())
|
||||
|
||||
|
|
|
@ -49,6 +49,19 @@ admin:
|
|||
# Mettre à null pour désactiver l'authentification
|
||||
basicAuth: null
|
||||
|
||||
# Profiling
|
||||
profiling:
|
||||
# Activer ou désactiver les endpoints de profiling
|
||||
enabled: true
|
||||
# Route de publication des endpoints de profiling
|
||||
endpoint: /.bouncer/profiling
|
||||
# Authentification "basic auth" sur les endpoints
|
||||
# de profiling
|
||||
# Mettre à null pour désactiver l'authentification
|
||||
basicAuth:
|
||||
credentials:
|
||||
prof: iling
|
||||
|
||||
# Configuration de l'intégration Sentry
|
||||
# Voir https://pkg.go.dev/github.com/getsentry/sentry-go?utm_source=godoc#ClientOptions
|
||||
sentry:
|
||||
|
@ -59,7 +72,7 @@ admin:
|
|||
sampleRate: 1
|
||||
enableTracing: true
|
||||
tracesSampleRate: 0.2
|
||||
profilesSampleRate: 1
|
||||
profilesSampleRate: 0.2
|
||||
ignoreErrors: []
|
||||
sendDefaultPII: false
|
||||
serverName: ""
|
||||
|
@ -99,6 +112,19 @@ proxy:
|
|||
credentials:
|
||||
prom: etheus
|
||||
|
||||
# Profiling
|
||||
profiling:
|
||||
# Activer ou désactiver les endpoints de profiling
|
||||
enabled: true
|
||||
# Route de publication des endpoints de profiling
|
||||
endpoint: /.bouncer/profiling
|
||||
# Authentification "basic auth" sur les endpoints
|
||||
# de profiling
|
||||
# Mettre à null pour désactiver l'authentification
|
||||
basicAuth:
|
||||
credentials:
|
||||
prof: iling
|
||||
|
||||
# Configuration de la mise en cache
|
||||
# locale des données proxy/layers
|
||||
cache:
|
||||
|
|
Loading…
Reference in New Issue