Automatically set GOMAXPROCS to match Linux container CPU quota (#16)

* Automatically set GOMAXPROCS to match Linux container CPU quota via uber-go/automaxprocs

.golangci.yml

@@ -13,6 +13,7 @@ linters:
     - goconst
     # - prealloc
     - revive
+    - stylecheck
     - unconvert
     # - unparam
 

CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## 0.11.0
+
+- Key changes:
+  - Automatically set `GOMAXPROCS` to match Linux container CPU quota via [uber-go/automaxprocs](https://github.com/uber-go/automaxprocs). Enabled by default, can be turned off via `SET_GOMAXPROCS: false`.
+
 ## 0.10.0
 
 - Key changes:

README.md

@@ -40,6 +40,7 @@ Docker images are published on [ghcr.io/weisdd/lfgw](https://github.com/weisdd/l
 |                      | `ASSUMED_ROLES`             | `false`       | In environments, where OIDC-role names match names of namespaces, ACLs can be constructed on the fly (e.g. `["role1", "role2"]` will give access to metrics from namespaces `role1` and `role2`). The roles specified in `acl.yaml` are still considered and get merged with assumed roles. Role names may contain regular expressions, including the admin definition `.*`. |
 |                      | `ENABLE_DEDUPLICATION`      | `true`        | Whether to enable deduplication, which leaves some of the requests unmodified if they match the target policy. Examples can be found in the "acl.yaml syntax" section. |
 |                      | `OPTIMIZE_EXPRESSIONS`      | `true`        | Whether to automatically optimize expressions for non-full access requests. [More details](https://pkg.go.dev/github.com/VictoriaMetrics/metricsql#Optimize) |
+|                      | `SET_GOMAXPROCS`            | `true`        | Automatically set `GOMAXPROCS` to match Linux container CPU quota. |
 |                      |                             |               |                                                              |
 | **Logging**          |                             |               |                                                              |
 |                      | `DEBUG`                     | `false`       | Whether to print out debug log messages.                     |

cmd/lfgw/acl.go

@@ -163,7 +163,7 @@ func (app *application) rolesToRawACL(roles []string) (string, error) {
 		} else {
 			// NOTE: Strictly speaking, it's getACL who is expected to pass a filtered list of roles in case Assumed roles are disabled. The error check below is not necessary, is left as an additional safeguard for now and might get removed in the future.
 			if !app.AssumedRoles {
-				return "", fmt.Errorf("Some of the roles are unknown and assumed roles are not enabled")
+				return "", fmt.Errorf("some of the roles are unknown and assumed roles are not enabled")
 			}
 			// NOTE: Role names are not linted, so they may contain regular expressions, including the admin definition: .*
 			rawACLs = append(rawACLs, role)
@@ -172,7 +172,7 @@ func (app *application) rolesToRawACL(roles []string) (string, error) {
 
 	rawACL := strings.Join(rawACLs, ", ")
 	if rawACL == "" {
-		return "", fmt.Errorf("Constructed empty rawACL")
+		return "", fmt.Errorf("constructed empty rawACL")
 	}
 
 	return rawACL, nil

cmd/lfgw/main.go

@@ -6,12 +6,14 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"os"
+	"runtime"
 	"time"
 
 	"github.com/caarlos0/env/v6"
 	oidc "github.com/coreos/go-oidc/v3/oidc"
 	"github.com/rs/zerolog"
 	zlog "github.com/rs/zerolog/log"
+	"go.uber.org/automaxprocs/maxprocs"
 )
 
 // Define an application struct to hold the application-wide dependencies for the
@@ -30,7 +32,8 @@ type application struct {
 	OptimizeExpressions     bool          `env:"OPTIMIZE_EXPRESSIONS" envDefault:"true"`
 	EnableDeduplication     bool          `env:"ENABLE_DEDUPLICATION" envDefault:"true"`
 	SafeMode                bool          `env:"SAFE_MODE" envDefault:"true"`
-	SetProxyHeaders         bool          `env:"SET_PROXY_HEADERS" envDefefault:"false"`
+	SetProxyHeaders         bool          `env:"SET_PROXY_HEADERS" envDefault:"false"`
+	SetGomaxProcs           bool          `env:"SET_GOMAXPROCS" envDefault:"true"`
 	ACLPath                 string        `env:"ACL_PATH" envDefault:"./acl.yaml"`
 	AssumedRoles            bool          `env:"ASSUMED_ROLES" envDefault:"false"`
 	OIDCRealmURL            string        `env:"OIDC_REALM_URL,required"`
@@ -75,6 +78,17 @@ func main() {
 		zerolog.SetGlobalLevel(zerolog.DebugLevel)
 	}
 
+	if app.SetGomaxProcs {
+		undo, err := maxprocs.Set()
+		defer undo()
+		if err != nil {
+			app.logger.Error().Caller().
+				Msgf("failed to set GOMAXPROCS: %v", err)
+		}
+	}
+	app.logger.Info().Caller().
+		Msgf("Runtime settings: GOMAXPROCS = %d", runtime.GOMAXPROCS(0))
+
 	if app.AssumedRoles {
 		app.logger.Info().Caller().
 			Msg("Assumed roles mode is on")

go.mod

@@ -10,11 +10,12 @@ require (
 	github.com/gorilla/mux v1.8.0
 	github.com/rs/zerolog v1.26.1
 	github.com/stretchr/testify v1.7.1
+	go.uber.org/automaxprocs v1.5.1
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )
 
 require (
-	github.com/davecgh/go-spew v1.1.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.4.3 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rs/xid v1.3.0 // indirect

go.sum

@@ -48,8 +48,9 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw=
 github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -122,6 +123,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
@@ -146,6 +148,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.uber.org/automaxprocs v1.5.1 h1:e1YG66Lrk73dn4qhg8WFSvhF0JuFQF0ERIp4rpuV8Qk=
+go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=