Skip to content

backport 17.5.x: Update changelog for 17.5.0

Backport !7531 (merged) to 17.5.x versions

====

Copied from the original MR

grpc-go v1.67.0 (https://github.com/grpc/grpc-go/releases/tag/v1.67.0) caused two major problems for Gitaly and Praefect.

First, this version introduced a bug related to window header calculation. This bug makes Gitaly return ResourceExhausted errors occasionally even if the calls were successful.

For more information: #6385 (closed)

Second, clients and servers will now reject TLS connections that don't support ALPN. This restriction deems Gitaly/Praefect not compatible with some certain TCP load-balancers, such as Nginx, if TLS is enabled. The problem will go away if customers place Gitaly/Prafect behind an HTTP/2 or gRPC load balancers. Unfortunately, L7 load-balancers are not compatible with Gitaly/Praefect due to the Sidechannel Protocol. Although this feature could be turned off by turning on the GRPC_ENFORCE_ALPN_ENABLED flag, it's annoying for our customers.

For more information: https://gitlab.com/gitlab-com/request-for-help/-/issues/2127

The first bug was fixed in v1.67.1 and back-ported to v1.66.3. The second bug (or feature?) has not been addressed upstream, yet. Although we are looking forward to a long-term solution so that Sidechannel is replaced by something else such as gRPC buffer pooling (#6560) or pure HTTP/2. It might take a while until an alternative solution lands.

Thus, this commit downgrades grpc-go back to 1.66.3. This version didn't introduce the new APLN enforcement and it contains the back-port of the first bug (https://github.com/grpc/grpc-go/pull/7660 and https://github.com/grpc/grpc-go/pull/7668).

Merge request reports

Loading