DEV-2297 tune opik nginx and add throttling feature (can be added wit…

…h values)
comet-ml · Sep 10, 2024 · b0706b4 · b0706b4
1 parent 5fcf615
commit b0706b4
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 0 deletions.
diff --git a/deployment/helm_chart/opik/templates/configmap-frontend-nginx.yaml b/deployment/helm_chart/opik/templates/configmap-frontend-nginx.yaml
@@ -16,6 +16,22 @@ data:
     gzip_min_length 256;
     gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript;
     client_max_body_size 50M;
+    absolute_redirect off;
+    real_ip_header      X-Forwarded-For;
+    real_ip_recursive   on;
+    set_real_ip_from    10.0.0.0/8;
+    rewrite_log on;
+    limit_req_log_level info;
+    limit_req_status 429;
+    map_hash_bucket_size 256;
+  {{- if .Values.component.frontend.awsResolver }}
+    resolver 169.254.169.253 valid=10s;
+  {{- end }}
+    resolver_timeout 3s;
+    server_tokens off;
+    proxy_socket_keepalive on;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
 
     upstream backend {
       server {{ include "opik.name" $ }}-backend:{{ (.Values.component.backend.service.ports | first).port }};
@@ -28,6 +44,24 @@ data:
     }
     {{- end }}
 
+    {{- range .Values.component.frontend.maps }}
+    map {{ .source }} ${{ .variable }} {
+      {{- range $k,$v := .rules }}
+      {{ $k }} {{ $v | squote }};
+      {{- end}}
+    }
+    {{- end }}
+
+    {{- range $name,$limit := .Values.component.frontend.throttling }}
+    limit_req_zone {{ $limit.variable }} zone={{ $limit.zone | default $name }}:{{ $limit.size | default "1m" }} rate={{ $limit.rate | default "10r/m" }};
+    {{- end }}
+
+    {{- range $name,$format := .Values.component.frontend.logFormats }}
+    log_format {{ $name }} {{ $format }};
+    {{- end }}
+
+    access_log /dev/stdout {{ .Values.component.frontend.logFormat | default "main" -}};
+
     server {
         listen {{ (.Values.component.frontend.service.ports | first).targetPort }} default_server;
         server_name localhost;
@@ -79,6 +113,14 @@ data:
             }
             {{- end }}
         }
+    {{- range $k, $v := .Values.component.frontend.throttling }}
+        {{- if $v.location }}
+        location {{ $v.location }} {
+            limit_req           zone={{ $k }} burst={{ $v.burst | default 10 }}{{ $v.nodelay | default false | ternary " nodelay" ""}};
+            try_files /dev/null {{ $v.backend | default "@api" }};
+        }
+        {{ end }}
+    {{- end }}
 
     }
 
diff --git a/deployment/helm_chart/opik/values.yaml b/deployment/helm_chart/opik/values.yaml
@@ -101,6 +101,48 @@ component:
 
     ingress:
       enabled: false
+    # throttled locations
+    throttling: {}
+    # map variables for use with throttling and other places
+    maps: []
+    # use internal aws resolvr on vpc
+    awsResolver: false
+    logFormat: logger-json
+    logFormats:
+      "logger-json": >-
+        escape=json '{
+        "address": "$remote_addr",
+        "host": "$host",
+        "hostname": "$hostname",
+        "http_host": "$http_host",
+        "http_referer": "$http_referer",
+        "limit_req_status": "$limit_req_status",
+        "method": "$request_method",
+        "remote_user": "$remote_user",
+        "request_length": $request_length,
+        "request_time": $request_time,
+        "request": "$request",
+        "resp_body_size": $body_bytes_sent,
+        "response": $status,
+        "source": "nginx",
+        "time_local": "$time_local",
+        "time": $msec,
+        "upstream_addr": "$upstream_addr",
+        "upstream_connect_time": "$upstream_connect_time",
+        "upstream_header_time": "$upstream_header_time",
+        "upstream_response_time": "$upstream_response_time",
+        "upstream_status": "$upstream_status",
+        "uri": "$request_uri",
+        "user_agent": "$http_user_agent",
+        "x_forwarded_for": "$http_x_forwarded_for"
+        }'
+      main: >-
+        '$remote_addr - $remote_user [$time_local] "$request"
+        $status $body_bytes_sent "$http_referer"
+        "$http_user_agent" "$http_x_forwarded_for" $msec
+        rl=$request_length rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"
+        upstream_addr=$upstream_addr upstream_status="$upstream_status"
+        $host'
 
 mysql:
   enabled: true