Skip to content

Enable connection limiting for free tier #12585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 18, 2022
Merged

Enable connection limiting for free tier #12585

merged 1 commit into from
Sep 18, 2022

Conversation

Furisto
Copy link
Member

@Furisto Furisto commented Sep 1, 2022
edited
Loading

Description

This instructs ws-manager to limit the rate of network connections for non paying customers. Note that this currently only audits (i.e. it records packets that would have been dropped but does not actually drop them). We will use this to refine the limits.

Related Issue(s)

Fixes #13041

How to test

  • User on free tier

    • Make yourself admin in the preview environment
    • Ensure that you are on the free open source plan
    • Start a workspace
    • The workspace should have the gitpod.io/netConnLimitPerMinute annotation
    • The other parts of this have already been covered by other PRs. If you want to be sure, check the logs of ws-daemon (it should contain will limit network connections. You can also ssh into the node and then enter the network namespace of the pod with nsenter -t pid -n. nft list ruleset should show you a bunch of rules in that namespace.

  • Paying customer

    • Ensure that you are on the professional open source plan
    • Start a workspace
    • The workspace should not have the gitpod.io/netConnLimitPerMinute annotation
    • The other parts should be missing as well

Release Notes

None

Werft options:

  • /werft with-preview

@Furisto Furisto force-pushed the fo/netlimit-annotation branch from eb31572 to cc971a7 Compare September 16, 2022 11:25
@Furisto Furisto linked an issue Sep 16, 2022 that may be closed by this pull request
Limit network connections of users on the free tier #13041
Closed
@Furisto
Copy link
Member Author

Furisto commented Sep 16, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run with-payment

👍 started the job as gitpod-build-fo-netlimit-annotation.7
(with .werft/ from main)

@Furisto Furisto marked this pull request as ready for review September 16, 2022 13:25
@Furisto Furisto requested a review from a team September 16, 2022 13:25
@github-actions github-actions bot added the team: webapp Issue belongs to the WebApp team label Sep 16, 2022
@Furisto Furisto force-pushed the fo/netlimit-annotation branch from cc971a7 to c5ac861 Compare September 16, 2022 14:00
@Furisto
Copy link
Member Author

Furisto commented Sep 16, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run with-payment

👍 started the job as gitpod-build-fo-netlimit-annotation.9
(with .werft/ from main)

@Furisto
Copy link
Member Author

Furisto commented Sep 16, 2022

@geropl PTAL

geropl
geropl reviewed Sep 16, 2022
View reviewed changes
components/server/src/workspace/workspace-starter.ts Outdated
const wsConnectionLimitingEnabled = await getExperimentsClientForBackend().getValueAsync(
"workspace_connection_limiting",
false,
{ user },
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the additional turn-around, but: I think It make sense to also sent teams. We already fetch it below (line 878) so we can just pull it up. 👍

geropl
geropl approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works as advertised ✔️

/hold because I think it's worth addressing this comment, but leave it up to you to decide.

@Furisto Furisto force-pushed the fo/netlimit-annotation branch from c5ac861 to 4f27800 Compare September 18, 2022 12:53
@Furisto
Copy link
Member Author

Furisto commented Sep 18, 2022

/unhold

@roboquat roboquat merged commit 1eb228e into main Sep 18, 2022
@roboquat roboquat deleted the fo/netlimit-annotation branch September 18, 2022 13:58
@Furisto Furisto self-assigned this Sep 18, 2022
@roboquat roboquat added deployed: webapp Meta team change is running in production deployed Change is completely running in production labels Sep 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geropl geropl geropl approved these changes

Assignees

@Furisto Furisto

Labels
deployed: webapp Meta team change is running in production deployed Change is completely running in production feature: connection-limiting release-note-none size/S team: webapp Issue belongs to the WebApp team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Limit network connections of users on the free tier
3 participants
@Furisto @geropl @roboquat