Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: batch and use a WaitGroup for loadCerts #4

Merged
merged 16 commits into from
Aug 25, 2023
Merged

feat: batch and use a WaitGroup for loadCerts #4

merged 16 commits into from
Aug 25, 2023

Conversation

wbollock
Copy link
Collaborator

This is a large batch of changes, but most of them help the main goal, which was to significantly help performance of loadCerts on large Vault installations (180,000 certificates) through concurrency, fan-out, and batching.

I saw anywhere from 7x to 30x performance improvements, especially on remote exporter installations.

I did include some technically unrelated fixes but think they're fine to bunch together.

There are mostly atomic commits but significant changes include:

  • 5fbe79d - added histogram metrics x509_load_certs_duration_seconds_bucket and x509_watch_certs_duration_seconds_bucket to have a better understanding of performance
  • abf36aa - fixed forever increasing expired cert count metric
  • 5ee3b38 - fixed metric resetting on new watch cert runs
  • 1d6b1d2 - use batching and wait groups to significantly speed up Vault
  • 85eb9dc - new --batch-size-percent float CLI argument (default 1%)

@wbollock
feat: instrument loadCerts/PromWatchCerts duration
5fbe79d 
This will make it easier to see the impact of performance fixes on these
endpoints and help debug slow vault pki exporter runs
@wbollock
fix: reset expired cert count
abf36aa 
This prevents `x509_expired_cert_count` from creeping up despite certs
not continuing to expire
@wbollock
fix: don't reset metrics
5ee3b38 
There's no reason to reset the gauges and this hurts the exporter by
clearing all metrics between runs leading to empty scrapes and stale
time series
@wbollock
feat: batch and use a WaitGroup for loadCerts
1d6b1d2 
This is meant to increase the efficiency of loadCerts by batching them
and using a WaitGroup to further utilize goRoutines with these lookups.
It's a ton of API requests especially per certificate so I hope this
will speed things up.
@wbollock
chore: mutex
3f9724b
@wbollock
fix: protect against null pointer better
12a55d9 
Adds a lot more checks to protect against bad or incomplete requests
@wbollock
fix: use err value
5949f86
@wbollock
ref: batch size percent CLI configuration
85eb9dc 
this makes the loadCert batch size configuration via the
`--batch-size-percent` variable with a default value of 1%. I found that
to be pretty good on my large Vault installation
@wbollock
docs: add batch-size-percent information
2b30f5c 
And some other cleanup
@wbollock
chore: update comments and error
624a310
@wbollock
chore: update go to 1.21.0
f1654c5 
updates go to 1.21.0 and all dependecies
@wbollock
fix: only run docker image action on push
c583463 
no need to push docker images on every PR
wbh1
wbh1 reviewed Aug 25, 2023
View reviewed changes
cmd/main.go Outdated Show resolved Hide resolved
pkg/vault-mon/pki.go Outdated Show resolved Hide resolved
pkg/vault-mon/prometheus.go Outdated Show resolved Hide resolved
wbollock and others added 4 commits August 25, 2023 10:05
@wbollock
docs: clarify batch-size-percent units
7c0e9b4
@wbollock
ref: scope loadCertsDuration to pki package
0b3720f 
so we don't have to pass around the reference
@wbollock @wbh1
chore: consistent declaring
53fe83c 
Co-authored-by: Will Hegedus <will@wbhegedus.me>
@wbollock
Merge branch 'fix/metric_expiry_' of github.com:wbollock/vault-pki-ex…
4a30f85 
…porter into fix/metric_expiry_
@wbollock wbollock requested a review from wbh1 August 25, 2023 14:33
@wbollock wbollock merged commit 532ed38 into linode-obs:master Aug 25, 2023
@wbollock wbollock deleted the fix/metric_expiry_ branch August 25, 2023 16:15
@wbollock wbollock restored the fix/metric_expiry_ branch August 25, 2023 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wbh1 wbh1 wbh1 approved these changes

@dennisme dennisme Awaiting requested review from dennisme

@bwcarp bwcarp Awaiting requested review from bwcarp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wbollock @dennisme @wbh1