diff --git a/manager/job/preheat.go b/manager/job/preheat.go index 98f715615f4..2a34c865ddd 100644 --- a/manager/job/preheat.go +++ b/manager/job/preheat.go @@ -65,6 +65,14 @@ const ( PreheatFileType PreheatType = "file" ) +// defaultHTTPTransport is the default http transport. +var defaultHTTPTransport = &http.Transport{ + MaxIdleConns: 400, + MaxIdleConnsPerHost: 20, + MaxConnsPerHost: 50, + IdleConnTimeout: 120 * time.Second, +} + // accessURLPattern is the pattern of access url. var accessURLPattern, _ = regexp.Compile("^(.*)://(.*)/v2/(.*)/manifests/(.*)") @@ -77,20 +85,34 @@ type Preheat interface { // preheat is an implementation of Preheat. type preheat struct { job *internaljob.Job - registryTimeout time.Duration - rootCAs *x509.CertPool certificateChain [][]byte insecureSkipVerify bool + httpClient *http.Client } // newPreheat creates a new Preheat. func newPreheat(job *internaljob.Job, registryTimeout time.Duration, rootCAs *x509.CertPool, insecureSkipVerify bool) (Preheat, error) { - var certificateChain [][]byte + p := &preheat{ + job: job, + insecureSkipVerify: insecureSkipVerify, + httpClient: &http.Client{ + Timeout: registryTimeout, + Transport: &http.Transport{ + DialContext: nethttp.NewSafeDialer().DialContext, + TLSClientConfig: &tls.Config{RootCAs: rootCAs, InsecureSkipVerify: insecureSkipVerify}, + MaxIdleConns: defaultHTTPTransport.MaxIdleConns, + MaxIdleConnsPerHost: defaultHTTPTransport.MaxIdleConnsPerHost, + MaxConnsPerHost: defaultHTTPTransport.MaxConnsPerHost, + IdleConnTimeout: defaultHTTPTransport.IdleConnTimeout, + }, + }, + } + if rootCAs != nil { - certificateChain = rootCAs.Subjects() + p.certificateChain = rootCAs.Subjects() } - return &preheat{job, registryTimeout, rootCAs, certificateChain, insecureSkipVerify}, nil + return p, nil } // CreatePreheat creates a preheat job. @@ -192,13 +214,7 @@ func (p *preheat) getImageLayers(ctx context.Context, args types.PreheatArgs) ([ } opts := []imageAuthClientOption{ - withHTTPClient(&http.Client{ - Timeout: p.registryTimeout, - Transport: &http.Transport{ - DialContext: nethttp.NewSafeDialer().DialContext, - TLSClientConfig: &tls.Config{RootCAs: p.rootCAs, InsecureSkipVerify: p.insecureSkipVerify}, - }, - }), + withHTTPClient(p.httpClient), withBasicAuth(args.Username, args.Password), } // Background: @@ -395,8 +411,11 @@ type imageAuthClient struct { // newImageAuthClient creates a new imageAuthClient. func newImageAuthClient(image *preheatImage, opts ...imageAuthClientOption) (*imageAuthClient, error) { + httpClient := http.DefaultClient + httpClient.Transport = defaultHTTPTransport + d := &imageAuthClient{ - httpClient: http.DefaultClient, + httpClient: httpClient, interceptorTokenHandler: newInterceptorTokenHandler(), }