Comments (13)
Any thoughts on this please? Would you prefer me to propose a code change?
from bb-storage.
Hey! Sorry for letting you wait.
I'm fine with supporting use cases like these. I think the cleanest way to support this is to factor out the keypair string fields we have in our config files to a separate Protobuf message. We can then use a oneof
in there to choose between providing the key material inline, vs. using other frameworks.
Instead of using stuff like spiffe-helper, I'm also fine with integrating https://github.com/spiffe/go-spiffe/tree/main/v2. That way you don't need to run all sorts of sidecars just to get TLS working.
from bb-storage.
My turn to apologize to you!
So actually an even better approach (for me anyway!) would be to upgrade to grpc 1.38.0 and then allow use of xds, like this: https://cloud.google.com/traffic-director/docs/security-proxyless-setup. That still requires a bit of changes inside buildbarn - specifically, all the servers will have to do this (https://github.com/grpc/grpc-go/blob/master/examples/features/xds/server/main.go#L82) - but it means that all the certificate specification and discovery and so forth becomes someone else's problem. Wdyt?
from bb-storage.
Oh, that would be pretty sweet. Feel free to submit a PR to add a gRPC configuration for enabling xDS!
from bb-storage.
from bb-storage.
Nothing is ever simple...
grpc/grpc-go#4601
from bb-storage.
Hey @Jonpez2!
Would a change like this be of any use to you?
https://github.com/buildbarn/bb-storage/compare/eschouten/20210719-service-registrar
This would allow you to write something like this in pkg/grpc/server.go:
var s interface {
grpc.ServiceRegistrar
GetServiceInfo() map[string]grpc.ServiceInfo
Serve(net.Listener) error
}
if useXDS {
s = xds.NewGRPCServer(...)
} else {
s = grpc.NewServer(...)
}
// The rest of the code that registers services and calls .Serve() can go here.
Just let me know and I'll merge this.
from bb-storage.
from bb-storage.
Great! Merged!
It looks like the construct is sufficient for you to achieve what you want, as long as you take the following into account:
- You need to upgrade gRPC to a version that includes grpc/grpc-go@145f12a, as reflection.Register() won't work otherwise.
- grpc_prometheus.Register() needs to be adjusted similarly. Looks like we can just cherry-pick grpc-ecosystem/go-grpc-prometheus#102 for that.
from bb-storage.
from bb-storage.
It looks like v2 hasn't been released yet, so it wouldn't make a lot of sense to invest in that right now. I'd say, just put that PR that I linked above into the already existing patches/com_github_grpc_ecosystem_go_grpc_prometheus/
directory.
from bb-storage.
ok!
from bb-storage.
Considering that this issue hasn't received any updates for >1y, I'm going to close it. It should be easier nowadays to get xDS support added, especially with the preparations discussed above. Happy to receive contributions going forward!
from bb-storage.
Related Issues (20)
- Revisit deprecation of GCS storage backend HOT 12
- Documentation needed for allowing cache access from different types of bazel clients HOT 1
- Missing shell in bb-storage docker image HOT 1
- Support for compression from buildbarn HOT 5
- Panic in local blockstore write HOT 3
- Doc Update: ISCC / AC storages are only compatible with local replicator HOT 1
- gRPC Client Certificate Refresh Interval is not respected
- Filesystem errors in bb-storage are recorded as "Unknown" in prometheus
- Feature request: Support RSA signed JWTs
- Feature request: Support JWKS for specifying JWT public keys HOT 4
- Failed to fetch file errors in "builds without the bytes" builds in a sharded setup HOT 7
- Failed to create authorization header parser for JWT authentication policy: Unsupported public key type HOT 3
- Cannot open raw block device provisioned by kubernetes when running as non root user HOT 3
- Support connection draining in kubernetes environments HOT 2
- Tunable LogLevels? HOT 3
- Is there any detailed description about config? HOT 6
- Creating buildbarn storage image doesn't work on bazel 7 HOT 2
- JWT: support ALB token format HOT 5
- Load server CA certificates from files for client configuration
- Publish images with arm64 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bb-storage.