diff --git a/cmd/mimir/config-descriptor.json b/cmd/mimir/config-descriptor.json index c1c2f79030..b61be4d6be 100644 --- a/cmd/mimir/config-descriptor.json +++ b/cmd/mimir/config-descriptor.json @@ -20392,6 +20392,279 @@ "fieldFlag": "common.cluster-validation-label", "fieldType": "string", "fieldCategory": "experimental" + }, + { + "kind": "block", + "name": "grpc_client", + "required": false, + "desc": "", + "blockEntries": [ + { + "kind": "field", + "name": "max_recv_msg_size", + "required": false, + "desc": "gRPC client max receive message size (bytes).", + "fieldValue": null, + "fieldDefaultValue": 104857600, + "fieldFlag": "common.grpc-client.grpc-max-recv-msg-size", + "fieldType": "int", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "max_send_msg_size", + "required": false, + "desc": "gRPC client max send message size (bytes).", + "fieldValue": null, + "fieldDefaultValue": 104857600, + "fieldFlag": "common.grpc-client.grpc-max-send-msg-size", + "fieldType": "int", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "grpc_compression", + "required": false, + "desc": "Use compression when sending messages. Supported values are: 'gzip', 'snappy' and '' (disable compression)", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.grpc-compression", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "rate_limit", + "required": false, + "desc": "Rate limit for gRPC client; 0 means disabled.", + "fieldValue": null, + "fieldDefaultValue": 0, + "fieldFlag": "common.grpc-client.grpc-client-rate-limit", + "fieldType": "float", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "rate_limit_burst", + "required": false, + "desc": "Rate limit burst for gRPC client.", + "fieldValue": null, + "fieldDefaultValue": 0, + "fieldFlag": "common.grpc-client.grpc-client-rate-limit-burst", + "fieldType": "int", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "backoff_on_ratelimits", + "required": false, + "desc": "Enable backoff and retry when we hit rate limits.", + "fieldValue": null, + "fieldDefaultValue": false, + "fieldFlag": "common.grpc-client.backoff-on-ratelimits", + "fieldType": "boolean", + "fieldCategory": "advanced" + }, + { + "kind": "block", + "name": "backoff_config", + "required": false, + "desc": "", + "blockEntries": [ + { + "kind": "field", + "name": "min_period", + "required": false, + "desc": "Minimum delay when backing off.", + "fieldValue": null, + "fieldDefaultValue": 100000000, + "fieldFlag": "common.grpc-client.backoff-min-period", + "fieldType": "duration", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "max_period", + "required": false, + "desc": "Maximum delay when backing off.", + "fieldValue": null, + "fieldDefaultValue": 10000000000, + "fieldFlag": "common.grpc-client.backoff-max-period", + "fieldType": "duration", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "max_retries", + "required": false, + "desc": "Number of times to backoff and retry before failing.", + "fieldValue": null, + "fieldDefaultValue": 10, + "fieldFlag": "common.grpc-client.backoff-retries", + "fieldType": "int", + "fieldCategory": "advanced" + } + ], + "fieldValue": null, + "fieldDefaultValue": null + }, + { + "kind": "field", + "name": "initial_stream_window_size", + "required": false, + "desc": "Initial stream window size. Values less than the default are not supported and are ignored. Setting this to a value other than the default disables the BDP estimator.", + "fieldValue": null, + "fieldDefaultValue": null, + "fieldFlag": "common.grpc-client.initial-stream-window-size", + "fieldType": "int", + "fieldCategory": "experimental" + }, + { + "kind": "field", + "name": "initial_connection_window_size", + "required": false, + "desc": "Initial connection window size. Values less than the default are not supported and are ignored. Setting this to a value other than the default disables the BDP estimator.", + "fieldValue": null, + "fieldDefaultValue": null, + "fieldFlag": "common.grpc-client.initial-connection-window-size", + "fieldType": "int", + "fieldCategory": "experimental" + }, + { + "kind": "field", + "name": "tls_enabled", + "required": false, + "desc": "Enable TLS in the gRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used.", + "fieldValue": null, + "fieldDefaultValue": false, + "fieldFlag": "common.grpc-client.tls-enabled", + "fieldType": "boolean", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_cert_path", + "required": false, + "desc": "Path to the client certificate, which will be used for authenticating with the server. Also requires the key path to be configured.", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-cert-path", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_key_path", + "required": false, + "desc": "Path to the key for the client certificate. Also requires the client certificate to be configured.", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-key-path", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_ca_path", + "required": false, + "desc": "Path to the CA certificates to validate server certificate against. If not set, the host's root CA certificates are used.", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-ca-path", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_server_name", + "required": false, + "desc": "Override the expected name on the server certificate.", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-server-name", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_insecure_skip_verify", + "required": false, + "desc": "Skip validating server certificate.", + "fieldValue": null, + "fieldDefaultValue": false, + "fieldFlag": "common.grpc-client.tls-insecure-skip-verify", + "fieldType": "boolean", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_cipher_suites", + "required": false, + "desc": "Override the default cipher suite list (separated by commas). Allowed values:\n\nSecure Ciphers:\n- TLS_AES_128_GCM_SHA256\n- TLS_AES_256_GCM_SHA384\n- TLS_CHACHA20_POLY1305_SHA256\n- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\n- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n\nInsecure Ciphers:\n- TLS_RSA_WITH_RC4_128_SHA\n- TLS_RSA_WITH_3DES_EDE_CBC_SHA\n- TLS_RSA_WITH_AES_128_CBC_SHA\n- TLS_RSA_WITH_AES_256_CBC_SHA\n- TLS_RSA_WITH_AES_128_CBC_SHA256\n- TLS_RSA_WITH_AES_128_GCM_SHA256\n- TLS_RSA_WITH_AES_256_GCM_SHA384\n- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA\n- TLS_ECDHE_RSA_WITH_RC4_128_SHA\n- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA\n- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\n", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-cipher-suites", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "tls_min_version", + "required": false, + "desc": "Override the default minimum TLS version. Allowed values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.tls-min-version", + "fieldType": "string", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "connect_timeout", + "required": false, + "desc": "The maximum amount of time to establish a connection. A value of 0 means default gRPC client connect timeout and backoff.", + "fieldValue": null, + "fieldDefaultValue": 5000000000, + "fieldFlag": "common.grpc-client.connect-timeout", + "fieldType": "duration", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "connect_backoff_base_delay", + "required": false, + "desc": "Initial backoff delay after first connection failure. Only relevant if ConnectTimeout \u003e 0.", + "fieldValue": null, + "fieldDefaultValue": 1000000000, + "fieldFlag": "common.grpc-client.connect-backoff-base-delay", + "fieldType": "duration", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "connect_backoff_max_delay", + "required": false, + "desc": "Maximum backoff delay when establishing a connection. Only relevant if ConnectTimeout \u003e 0.", + "fieldValue": null, + "fieldDefaultValue": 5000000000, + "fieldFlag": "common.grpc-client.connect-backoff-max-delay", + "fieldType": "duration", + "fieldCategory": "advanced" + }, + { + "kind": "field", + "name": "cluster_validation_label", + "required": false, + "desc": "Optionally define gRPC client's cluster validation label.", + "fieldValue": null, + "fieldDefaultValue": "", + "fieldFlag": "common.grpc-client.cluster-validation-label", + "fieldType": "string", + "fieldCategory": "experimental" + } + ], + "fieldValue": null, + "fieldDefaultValue": null } ], "fieldValue": null, diff --git a/cmd/mimir/help-all.txt.tmpl b/cmd/mimir/help-all.txt.tmpl index a157ac173b..109425e982 100644 --- a/cmd/mimir/help-all.txt.tmpl +++ b/cmd/mimir/help-all.txt.tmpl @@ -991,6 +991,52 @@ Usage of ./cmd/mimir/mimir: TSDB WAL segments files max size (bytes). (default 134217728) -common.cluster-validation-label string [experimental] Optionally define gRPC client's cluster validation label. + -common.grpc-client.backoff-max-period duration + Maximum delay when backing off. (default 10s) + -common.grpc-client.backoff-min-period duration + Minimum delay when backing off. (default 100ms) + -common.grpc-client.backoff-on-ratelimits + Enable backoff and retry when we hit rate limits. + -common.grpc-client.backoff-retries int + Number of times to backoff and retry before failing. (default 10) + -common.grpc-client.cluster-validation-label string + [experimental] Optionally define gRPC client's cluster validation label. + -common.grpc-client.connect-backoff-base-delay duration + Initial backoff delay after first connection failure. Only relevant if ConnectTimeout > 0. (default 1s) + -common.grpc-client.connect-backoff-max-delay duration + Maximum backoff delay when establishing a connection. Only relevant if ConnectTimeout > 0. (default 5s) + -common.grpc-client.connect-timeout duration + The maximum amount of time to establish a connection. A value of 0 means default gRPC client connect timeout and backoff. (default 5s) + -common.grpc-client.grpc-client-rate-limit float + Rate limit for gRPC client; 0 means disabled. + -common.grpc-client.grpc-client-rate-limit-burst int + Rate limit burst for gRPC client. + -common.grpc-client.grpc-compression string + Use compression when sending messages. Supported values are: 'gzip', 'snappy' and '' (disable compression) + -common.grpc-client.grpc-max-recv-msg-size int + gRPC client max receive message size (bytes). (default 104857600) + -common.grpc-client.grpc-max-send-msg-size int + gRPC client max send message size (bytes). (default 104857600) + -common.grpc-client.initial-connection-window-size value + [experimental] Initial connection window size. Values less than the default are not supported and are ignored. Setting this to a value other than the default disables the BDP estimator. (default 63KiB1023B) + -common.grpc-client.initial-stream-window-size value + [experimental] Initial stream window size. Values less than the default are not supported and are ignored. Setting this to a value other than the default disables the BDP estimator. (default 63KiB1023B) + -common.grpc-client.tls-ca-path string + Path to the CA certificates to validate server certificate against. If not set, the host's root CA certificates are used. + -common.grpc-client.tls-cert-path string + Path to the client certificate, which will be used for authenticating with the server. Also requires the key path to be configured. + -common.grpc-client.tls-cipher-suites string + Override the default cipher suite list (separated by commas). + -common.grpc-client.tls-enabled + Enable TLS in the gRPC client. This flag needs to be enabled when any other TLS flag is set. If set to false, insecure connection to gRPC server will be used. + -common.grpc-client.tls-insecure-skip-verify + Skip validating server certificate. + -common.grpc-client.tls-key-path string + Path to the key for the client certificate. Also requires the client certificate to be configured. + -common.grpc-client.tls-min-version string + Override the default minimum TLS version. Allowed values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13 + -common.grpc-client.tls-server-name string + Override the expected name on the server certificate. -common.storage.azure.account-key string Azure storage account key. If unset, Azure managed identities will be used for authentication instead. -common.storage.azure.account-name string diff --git a/docs/sources/mimir/configure/configuration-parameters/index.md b/docs/sources/mimir/configure/configuration-parameters/index.md index 1d4fda36dc..e2e7c95f42 100644 --- a/docs/sources/mimir/configure/configuration-parameters/index.md +++ b/docs/sources/mimir/configure/configuration-parameters/index.md @@ -514,6 +514,144 @@ storage: # (experimental) Optionally define gRPC client's cluster validation label. # CLI flag: -common.cluster-validation-label [cluster_validation_label: | default = ""] + +grpc_client: + # (advanced) gRPC client max receive message size (bytes). + # CLI flag: -common.grpc-client.grpc-max-recv-msg-size + [max_recv_msg_size: | default = 104857600] + + # (advanced) gRPC client max send message size (bytes). + # CLI flag: -common.grpc-client.grpc-max-send-msg-size + [max_send_msg_size: | default = 104857600] + + # (advanced) Use compression when sending messages. Supported values are: + # 'gzip', 'snappy' and '' (disable compression) + # CLI flag: -common.grpc-client.grpc-compression + [grpc_compression: | default = ""] + + # (advanced) Rate limit for gRPC client; 0 means disabled. + # CLI flag: -common.grpc-client.grpc-client-rate-limit + [rate_limit: | default = 0] + + # (advanced) Rate limit burst for gRPC client. + # CLI flag: -common.grpc-client.grpc-client-rate-limit-burst + [rate_limit_burst: | default = 0] + + # (advanced) Enable backoff and retry when we hit rate limits. + # CLI flag: -common.grpc-client.backoff-on-ratelimits + [backoff_on_ratelimits: | default = false] + + backoff_config: + # (advanced) Minimum delay when backing off. + # CLI flag: -common.grpc-client.backoff-min-period + [min_period: | default = 100ms] + + # (advanced) Maximum delay when backing off. + # CLI flag: -common.grpc-client.backoff-max-period + [max_period: | default = 10s] + + # (advanced) Number of times to backoff and retry before failing. + # CLI flag: -common.grpc-client.backoff-retries + [max_retries: | default = 10] + + # (experimental) Initial stream window size. Values less than the default are + # not supported and are ignored. Setting this to a value other than the + # default disables the BDP estimator. + # CLI flag: -common.grpc-client.initial-stream-window-size + [initial_stream_window_size: | default = 63KiB1023B] + + # (experimental) Initial connection window size. Values less than the default + # are not supported and are ignored. Setting this to a value other than the + # default disables the BDP estimator. + # CLI flag: -common.grpc-client.initial-connection-window-size + [initial_connection_window_size: | default = 63KiB1023B] + + # (advanced) Enable TLS in the gRPC client. This flag needs to be enabled when + # any other TLS flag is set. If set to false, insecure connection to gRPC + # server will be used. + # CLI flag: -common.grpc-client.tls-enabled + [tls_enabled: | default = false] + + # (advanced) Path to the client certificate, which will be used for + # authenticating with the server. Also requires the key path to be configured. + # CLI flag: -common.grpc-client.tls-cert-path + [tls_cert_path: | default = ""] + + # (advanced) Path to the key for the client certificate. Also requires the + # client certificate to be configured. + # CLI flag: -common.grpc-client.tls-key-path + [tls_key_path: | default = ""] + + # (advanced) Path to the CA certificates to validate server certificate + # against. If not set, the host's root CA certificates are used. + # CLI flag: -common.grpc-client.tls-ca-path + [tls_ca_path: | default = ""] + + # (advanced) Override the expected name on the server certificate. + # CLI flag: -common.grpc-client.tls-server-name + [tls_server_name: | default = ""] + + # (advanced) Skip validating server certificate. + # CLI flag: -common.grpc-client.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # (advanced) Override the default cipher suite list (separated by commas). + # Allowed values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -common.grpc-client.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # (advanced) Override the default minimum TLS version. Allowed values: + # VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -common.grpc-client.tls-min-version + [tls_min_version: | default = ""] + + # (advanced) The maximum amount of time to establish a connection. A value of + # 0 means default gRPC client connect timeout and backoff. + # CLI flag: -common.grpc-client.connect-timeout + [connect_timeout: | default = 5s] + + # (advanced) Initial backoff delay after first connection failure. Only + # relevant if ConnectTimeout > 0. + # CLI flag: -common.grpc-client.connect-backoff-base-delay + [connect_backoff_base_delay: | default = 1s] + + # (advanced) Maximum backoff delay when establishing a connection. Only + # relevant if ConnectTimeout > 0. + # CLI flag: -common.grpc-client.connect-backoff-max-delay + [connect_backoff_max_delay: | default = 5s] + + # (experimental) Optionally define gRPC client's cluster validation label. + # CLI flag: -common.grpc-client.cluster-validation-label + [cluster_validation_label: | default = ""] ``` ### server @@ -2784,15 +2922,149 @@ The `ingester_client` block configures how the distributors connect to the inges ```yaml # Configures the gRPC client used to communicate with ingesters from # distributors, queriers and rulers. -# The CLI flags prefix for this block configuration is: ingester.client -[grpc_client_config: ] +grpc_client_config: + # (advanced) gRPC client max receive message size (bytes). + # CLI flag: -ingester.client.grpc-max-recv-msg-size + [max_recv_msg_size: | default = 104857600] + + # (advanced) gRPC client max send message size (bytes). + # CLI flag: -ingester.client.grpc-max-send-msg-size + [max_send_msg_size: | default = 104857600] + + # (advanced) Use compression when sending messages. Supported values are: + # 'gzip', 'snappy', 's2' and '' (disable compression) + # CLI flag: -ingester.client.grpc-compression + [grpc_compression: | default = ""] + + # (advanced) Rate limit for gRPC client; 0 means disabled. + # CLI flag: -ingester.client.grpc-client-rate-limit + [rate_limit: | default = 0] + + # (advanced) Rate limit burst for gRPC client. + # CLI flag: -ingester.client.grpc-client-rate-limit-burst + [rate_limit_burst: | default = 0] + + # (advanced) Enable backoff and retry when we hit rate limits. + # CLI flag: -ingester.client.backoff-on-ratelimits + [backoff_on_ratelimits: | default = false] + + backoff_config: + # (advanced) Minimum delay when backing off. + # CLI flag: -ingester.client.backoff-min-period + [min_period: | default = 100ms] + + # (advanced) Maximum delay when backing off. + # CLI flag: -ingester.client.backoff-max-period + [max_period: | default = 10s] + + # (advanced) Number of times to backoff and retry before failing. + # CLI flag: -ingester.client.backoff-retries + [max_retries: | default = 10] + + # (experimental) Initial stream window size. Values less than the default are + # not supported and are ignored. Setting this to a value other than the + # default disables the BDP estimator. + # CLI flag: -ingester.client.initial-stream-window-size + [initial_stream_window_size: | default = 63KiB1023B] + + # (experimental) Initial connection window size. Values less than the default + # are not supported and are ignored. Setting this to a value other than the + # default disables the BDP estimator. + # CLI flag: -ingester.client.initial-connection-window-size + [initial_connection_window_size: | default = 63KiB1023B] + + # (advanced) Enable TLS in the gRPC client. This flag needs to be enabled when + # any other TLS flag is set. If set to false, insecure connection to gRPC + # server will be used. + # CLI flag: -ingester.client.tls-enabled + [tls_enabled: | default = false] + + # (advanced) Path to the client certificate, which will be used for + # authenticating with the server. Also requires the key path to be configured. + # CLI flag: -ingester.client.tls-cert-path + [tls_cert_path: | default = ""] + + # (advanced) Path to the key for the client certificate. Also requires the + # client certificate to be configured. + # CLI flag: -ingester.client.tls-key-path + [tls_key_path: | default = ""] + + # (advanced) Path to the CA certificates to validate server certificate + # against. If not set, the host's root CA certificates are used. + # CLI flag: -ingester.client.tls-ca-path + [tls_ca_path: | default = ""] + + # (advanced) Override the expected name on the server certificate. + # CLI flag: -ingester.client.tls-server-name + [tls_server_name: | default = ""] + + # (advanced) Skip validating server certificate. + # CLI flag: -ingester.client.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # (advanced) Override the default cipher suite list (separated by commas). + # Allowed values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -ingester.client.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # (advanced) Override the default minimum TLS version. Allowed values: + # VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -ingester.client.tls-min-version + [tls_min_version: | default = ""] + + # (advanced) The maximum amount of time to establish a connection. A value of + # 0 means default gRPC client connect timeout and backoff. + # CLI flag: -ingester.client.connect-timeout + [connect_timeout: | default = 5s] + + # (advanced) Initial backoff delay after first connection failure. Only + # relevant if ConnectTimeout > 0. + # CLI flag: -ingester.client.connect-backoff-base-delay + [connect_backoff_base_delay: | default = 1s] + + # (advanced) Maximum backoff delay when establishing a connection. Only + # relevant if ConnectTimeout > 0. + # CLI flag: -ingester.client.connect-backoff-max-delay + [connect_backoff_max_delay: | default = 5s] + + # (experimental) Optionally define gRPC client's cluster validation label. + # CLI flag: -ingester.client.cluster-validation-label + [cluster_validation_label: | default = ""] ``` ### grpc_client The `grpc_client` block configures the gRPC client used to communicate between two Mimir components. The supported CLI flags `` used to reference this configuration block are: -- `ingester.client` - `querier.frontend-client` - `querier.scheduler-client` - `query-frontend.grpc-client-config` diff --git a/integration/ingester_test.go b/integration/ingester_test.go index 8c3bf9480e..da387fddc2 100644 --- a/integration/ingester_test.go +++ b/integration/ingester_test.go @@ -847,9 +847,9 @@ func TestInvalidClusterValidationLabel(t *testing.T) { defer s.Close() baseFlags := map[string]string{ - "-distributor.ingestion-tenant-shard-size": "0", - "-ingester.ring.heartbeat-period": "1s", - "-common.cluster-validation-label": testCase.distributorClusterLabel, + "-distributor.ingestion-tenant-shard-size": "0", + "-ingester.ring.heartbeat-period": "1s", + "-common.grpc-client.cluster-validation-label": testCase.distributorClusterLabel, } flags := mergeFlags( diff --git a/pkg/ingester/client/client.go b/pkg/ingester/client/client.go index f561a8b7e4..f570625ba1 100644 --- a/pkg/ingester/client/client.go +++ b/pkg/ingester/client/client.go @@ -15,6 +15,8 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/health/grpc_health_v1" + "github.com/grafana/mimir/pkg/util" + "github.com/grafana/mimir/pkg/mimirpb" querierapi "github.com/grafana/mimir/pkg/querier/api" "github.com/grafana/mimir/pkg/util/grpcencoding/s2" @@ -70,13 +72,17 @@ func (c *closableHealthAndIngesterClient) Close() error { // Config is the configuration struct for the ingester client type Config struct { - GRPCClientConfig grpcclient.Config `yaml:"grpc_client_config" doc:"description=Configures the gRPC client used to communicate with ingesters from distributors, queriers and rulers."` + GRPCClientConfig util.GRPCClientConfig `yaml:"grpc_client_config" doc:"description=Configures the gRPC client used to communicate with ingesters from distributors, queriers and rulers."` } // RegisterFlags registers configuration settings used by the ingester client config. func (cfg *Config) RegisterFlags(f *flag.FlagSet) { + cfg.RegisterFlagsWithPrefix("ingester.client", f) +} + +func (cfg *Config) RegisterFlagsWithPrefix(prefix string, f *flag.FlagSet) { cfg.GRPCClientConfig.CustomCompressors = []string{s2.Name} - cfg.GRPCClientConfig.RegisterFlagsWithPrefix("ingester.client", f) + cfg.GRPCClientConfig.RegisterFlagsWithPrefix(prefix, f) } func (cfg *Config) Validate() error { diff --git a/pkg/mimir/mimir.go b/pkg/mimir/mimir.go index f27f847319..927d2b0050 100644 --- a/pkg/mimir/mimir.go +++ b/pkg/mimir/mimir.go @@ -21,7 +21,6 @@ import ( "github.com/go-kit/log/level" "github.com/gorilla/mux" "github.com/grafana/dskit/flagext" - "github.com/grafana/dskit/grpcclient" "github.com/grafana/dskit/grpcutil" "github.com/grafana/dskit/kv/memberlist" "github.com/grafana/dskit/modules" @@ -224,7 +223,7 @@ func (c *Config) CommonConfigInheritance() CommonConfigInheritance { "ruler_storage": &c.RulerStorage.StorageBackendConfig, "alertmanager_storage": &c.AlertmanagerStorage.StorageBackendConfig, }, - ClusterValidationLabel: map[string]*grpcclient.Config{ + GRPCClient: map[string]*util.GRPCClientConfig{ "ingester_client": &c.IngesterClient.GRPCClientConfig, }, } @@ -603,10 +602,15 @@ func UnmarshalCommonYAML(value *yaml.Node, inheriters ...CommonConfigInheriter) for name, loc := range inheritance.Storage { specificStorageLocations[name] = loc } + specificGRPCClientLocations := specificLocationsUnmarshaler{} + for name, loc := range inheritance.GRPCClient { + specificGRPCClientLocations[name] = loc + } common := configWithCustomCommonUnmarshaler{ Common: &commonConfigUnmarshaler{ - Storage: &specificStorageLocations, + Storage: &specificStorageLocations, + GrpcClient: &specificGRPCClientLocations, }, } @@ -630,28 +634,10 @@ func InheritCommonFlagValues(log log.Logger, fs *flag.FlagSet, common CommonConf return fmt.Errorf("can't inherit common flags for %q: %w", desc, err) } } - if common.ClusterValidationLabel == "" { - // Nothing to inherit because origin was not set. - continue - } - for _, grpcClientConfig := range inheritance.ClusterValidationLabel { - if grpcClientConfig == nil { - continue - } - if grpcClientConfig.ClusterValidationLabel != "" { - // Can't inherit because destination was set. - continue - } - if common.ClusterValidationLabel == grpcClientConfig.ClusterValidationLabel { - // Already the same, no need to touch. - continue + for desc, loc := range inheritance.GRPCClient { + if err := inheritFlags(log, common.GRPCClient.RegisteredFlags, loc.RegisteredFlags, setFlags); err != nil { + return fmt.Errorf("can't inherit common flags for %q: %w", desc, err) } - level.Debug(log).Log( - "msg", "Inheriting flag value", - "flag_name", "cluster_value_label", "origin_value", common.ClusterValidationLabel, - "destination_value", grpcClientConfig.ClusterValidationLabel, - ) - grpcClientConfig.ClusterValidationLabel = common.ClusterValidationLabel } } @@ -690,19 +676,19 @@ func inheritFlags(log log.Logger, orig util.RegisteredFlags, dest util.Registere } type CommonConfig struct { - Storage bucket.StorageBackendConfig `yaml:"storage"` - ClusterValidationLabel string `yaml:"cluster_validation_label" category:"experimental"` + Storage bucket.StorageBackendConfig `yaml:"storage"` + GRPCClient util.GRPCClientConfig `yaml:"grpc_client" category:"experimental"` } type CommonConfigInheritance struct { - Storage map[string]*bucket.StorageBackendConfig - ClusterValidationLabel map[string]*grpcclient.Config + Storage map[string]*bucket.StorageBackendConfig + GRPCClient map[string]*util.GRPCClientConfig } // RegisterFlags registers flag. func (c *CommonConfig) RegisterFlags(f *flag.FlagSet) { c.Storage.RegisterFlagsWithPrefix("common.storage.", f) - f.StringVar(&c.ClusterValidationLabel, "common.cluster-validation-label", "", "Optionally define gRPC client's cluster validation label.") + c.GRPCClient.RegisterFlagsWithPrefix("common.grpc-client", f) } // configWithCustomCommonUnmarshaler unmarshals config with custom unmarshaler for the `common` field. @@ -717,7 +703,8 @@ type configWithCustomCommonUnmarshaler struct { // commonConfigUnmarshaler will unmarshal each field of the common config into specific locations. type commonConfigUnmarshaler struct { - Storage *specificLocationsUnmarshaler `yaml:"storage"` + Storage *specificLocationsUnmarshaler `yaml:"storage"` + GrpcClient *specificLocationsUnmarshaler `yaml:"grpc_client"` } // specificLocationsUnmarshaler will unmarshal yaml into specific locations. diff --git a/pkg/mimir/mimir_config_test.go b/pkg/mimir/mimir_config_test.go index 2ad90cb816..26e31078ff 100644 --- a/pkg/mimir/mimir_config_test.go +++ b/pkg/mimir/mimir_config_test.go @@ -10,6 +10,10 @@ import ( "github.com/stretchr/testify/require" "gopkg.in/yaml.v3" + ingester_client "github.com/grafana/mimir/pkg/ingester/client" + + "github.com/grafana/mimir/pkg/util" + "github.com/grafana/mimir/pkg/mimir" "github.com/grafana/mimir/pkg/storage/bucket" ) @@ -20,17 +24,24 @@ func TestCommonConfigCanBeExtended(t *testing.T) { fs := flag.NewFlagSet("test", flag.PanicOnError) cfg.RegisterFlags(fs, log.NewNopLogger()) - args := []string{"-common.storage.backend", "s3", "-common.cluster-validation-label", "cluster"} + args := []string{ + "-common.storage.backend", "s3", + "-common.grpc-client.grpc-max-recv-msg-size", "1000000", + "-common.grpc-client.cluster-validation-label", "cluster", + } require.NoError(t, fs.Parse(args)) require.NoError(t, mimir.InheritCommonFlagValues(log.NewNopLogger(), fs, cfg.MimirConfig.Common, &cfg.MimirConfig, &cfg)) // Values should be properly inherited. require.Equal(t, "s3", cfg.CustomStorage.Backend) - require.Equal(t, "cluster", cfg.MimirConfig.IngesterClient.GRPCClientConfig.ClusterValidationLabel) + require.Equal(t, 1000000, cfg.CustomIngesterClient.GRPCClientConfig.MaxRecvMsgSize) + require.Equal(t, "cluster", cfg.CustomIngesterClient.GRPCClientConfig.ClusterValidationLabel) // Mimir's inheritance should still work. require.Equal(t, "s3", cfg.MimirConfig.BlocksStorage.Bucket.Backend) + require.Equal(t, 1000000, cfg.MimirConfig.IngesterClient.GRPCClientConfig.MaxRecvMsgSize) + require.Equal(t, "cluster", cfg.MimirConfig.IngesterClient.GRPCClientConfig.ClusterValidationLabel) }) t.Run("yaml inheritance", func(t *testing.T) { @@ -38,7 +49,9 @@ func TestCommonConfigCanBeExtended(t *testing.T) { common: storage: backend: s3 - cluster_validation_label: cluster + grpc_client: + max_recv_msg_size: 1000000 + cluster_validation_label: cluster ` var cfg customExtendedConfig @@ -50,21 +63,26 @@ common: // Values should be properly inherited. require.Equal(t, "s3", cfg.CustomStorage.Backend) - require.Equal(t, "cluster", cfg.MimirConfig.IngesterClient.GRPCClientConfig.ClusterValidationLabel) + require.Equal(t, 1000000, cfg.CustomIngesterClient.GRPCClientConfig.MaxRecvMsgSize) + require.Equal(t, "cluster", cfg.CustomIngesterClient.GRPCClientConfig.ClusterValidationLabel) // Mimir's inheritance should still work. require.Equal(t, "s3", cfg.MimirConfig.BlocksStorage.Bucket.Backend) + require.Equal(t, 1000000, cfg.MimirConfig.IngesterClient.GRPCClientConfig.MaxRecvMsgSize) + require.Equal(t, "cluster", cfg.MimirConfig.IngesterClient.GRPCClientConfig.ClusterValidationLabel) }) } type customExtendedConfig struct { - MimirConfig mimir.Config `yaml:",inline"` - CustomStorage bucket.Config `yaml:"custom_storage"` + MimirConfig mimir.Config `yaml:",inline"` + CustomStorage bucket.Config `yaml:"custom_storage"` + CustomIngesterClient ingester_client.Config `yaml:"custom_ingester_client"` } func (c *customExtendedConfig) RegisterFlags(f *flag.FlagSet, logger log.Logger) { c.MimirConfig.RegisterFlags(f, logger) c.CustomStorage.RegisterFlagsWithPrefix("custom-storage", f) + c.CustomIngesterClient.RegisterFlagsWithPrefix("custom-ingester-client", f) } func (c *customExtendedConfig) CommonConfigInheritance() mimir.CommonConfigInheritance { @@ -72,6 +90,9 @@ func (c *customExtendedConfig) CommonConfigInheritance() mimir.CommonConfigInher Storage: map[string]*bucket.StorageBackendConfig{ "custom": &c.CustomStorage.StorageBackendConfig, }, + GRPCClient: map[string]*util.GRPCClientConfig{ + "custom_grpc_client": &c.CustomIngesterClient.GRPCClientConfig, + }, } } @@ -88,6 +109,10 @@ func TestMimirConfigCanBeInlined(t *testing.T) { const commonYAMLConfig = ` custom_storage: backend: s3 +custom_ingester_client: + grpc_client_config: + max_recv_msg_size: 1000000 + cluster_validation_label: cluster ` var cfg customExtendedConfig @@ -99,4 +124,6 @@ custom_storage: // Value should be properly set. require.Equal(t, "s3", cfg.CustomStorage.Backend) + require.Equal(t, 1000000, cfg.CustomIngesterClient.GRPCClientConfig.MaxRecvMsgSize) + require.Equal(t, "cluster", cfg.CustomIngesterClient.GRPCClientConfig.ClusterValidationLabel) } diff --git a/pkg/util/grpcconfig.go b/pkg/util/grpcconfig.go new file mode 100644 index 0000000000..7ac13cbf49 --- /dev/null +++ b/pkg/util/grpcconfig.go @@ -0,0 +1,26 @@ +package util + +import ( + "flag" + + "github.com/grafana/dskit/grpcclient" +) + +type GRPCClientConfig struct { + grpcclient.Config `yaml:",inline"` + RegisteredFlags RegisteredFlags `yaml:"-"` +} + +func (cfg *GRPCClientConfig) Validate() error { + return cfg.Config.Validate() +} + +func (cfg *GRPCClientConfig) RegisterFlags(f *flag.FlagSet) { + cfg.RegisterFlagsWithPrefix("", f) +} + +func (cfg *GRPCClientConfig) RegisterFlagsWithPrefix(prefix string, f *flag.FlagSet) { + cfg.RegisteredFlags = TrackRegisteredFlags(prefix, f, func(prefix string, f *flag.FlagSet) { + cfg.Config.RegisterFlagsWithPrefix(prefix, f) + }) +}