Sourcegraph 5.3 gRPC Configuration Guide
Overview
As part of our continuous effort to enhance performance and reliability, in Sourcegraph 5.3 we’ve fully transitioned to using gRPC as the primary communication method for our internal services.
This guide will help you understand this change and its implications for your setup.
Quick Overview
- What’s changing? In Sourcegraph
5.3, we've transitioned to gRPC for internal communication between Sourcegraph services. - Why? gRPC, a high-performance Remote Procedure Call (RPC) framework by Google, brings about several benefits like a more efficient serialization format, faster speeds, and a better development experience.
- Is any action needed? If you don’t have restrictions on Sourcegraph’s internal (service to service) traffic, you shouldn't need to take any action—the change should be invisible. If you do have restrictions, some firewall or security configurations may be necessary. See the "Who needs to Act" section for more details.
- Can I disable gRPC if something goes wrong? In Sourcegraph
5.3.X, gRPC can no longer be disabled. However, if you run into an issue it is possible to downgrade to Sourcegraph5.2.X, which includes a toggle to enable/disable gRPC while you troubleshoot the issue. Contact our customer support team for more information.
gRPC: A Brief Intro
gRPC is an open-source RPC framework developed by Google. Compared to REST, gRPC is faster, more efficient, has built-in backwards compatibility support, and offers a superior development experience.
Key Changes
1. Internal Service Communication
For Sourcegraph version 5.3.X onwards, our microservices like repo-updater and gitserver will use mainly gRPC instead of REST for their internal traffic. This affects only communication between our services. Interactions you have with Sourcegraph's UI and external APIs remain unchanged.
2. Rollout Plan
| Version | gRPC Status |
|---|---|
5.2.X (Released on October 4th, 2023) | On by default but can be disabled via a feature flag. |
5.3.X (Releasing Feburary 15th, 2024) | Fully integrated and can't be turned off. Able to temporarily downgrade to 5.2.X if there are any issues. |
Preparing for the Change
Who Needs to Act?
Our use of gRPC only affects traffic between our microservices (e.x. searcher ↔ gitserver). Traffic between the Sourcegraph Web UI and the rest of the application is unaffected (e.x. sourcegraph.example.com ↔ frontend’s GraphQL API).
If Sourcegraph's internal traffic faces no security restrictions in your environment, no action is required.
However, if you’ve applied security measures or have firewall restrictions on this traffic, adjustments might be needed to accommodate gRPC communication. The following is a more technical description of the protocol that can help you configure your security settings:
gRPC Technical Details
-
Protocol Description: gRPC runs on-top of HTTP/2 (which, in turn, runs on top of TCP. It transfers (binary-encoded, not human-readable plain-text) Protocol Buffer payloads. Our current gRPC implementation does not use any encryption.
-
List of services: The following services will now speak mainly gRPC in addition to their previous traffic:
-
The following aspects about Sourcegraph’s networking configuration aren’t changing:
- Ports: all Sourcegraph services will use the same ports as they were in the 5.1.X release.
- External traffic: gRPC only affects how Sourcegraph’s microservices communicate amongst themselves - no new external traffic is sent via gRPC.
- Service dependencies: each Sourcegraph service will communicate with the same set of services regardless of whether gRPC is enabled.
- Example:
searcherwill still need to communicate withgitserverto fetch repository data. Whether gRPC is enabled doesn’t matter.
- Example:
Sourcegraph 5.2.X only: enabling / disabling GRPC
In the 5.2.x release, you are able to use the following methods to enable / disable gRPC if a problem occurs.
5.3.X release, these options are removed and gRPC is always enabled. However, if you run into an issue it is possible to downgrade to Sourcegraph 5.2.X and use the configuration below to temporarily disable gRPC while you troubleshoot the issue. Contact our customer support team for more assistance with downgrading.All services besides zoekt-indexserver
Disabling gRPC on any service that is not zoekt-indexserver can be done by one of these options:
Option 1: disable via site-configuration
Set the enableGRPC experimental feature to false in the site configuration file:
JSON{ "experimentalFeatures": { "enableGRPC": false // disabled } }
Option 2: disable via environment variables
Set the environment variable SG_FEATURE_FLAG_GRPC="false" for every service.
zoekt-indexserver service: disable via environment variable
Set the environment variable GRPC_ENABLED="false" on the zoekt-indexserver container. (See https://github.com/sourcegraph/deploy-sourcegraph-cloud/blob/18e5f9e450878705b7a99ee7c3bcf74c3fb68514/base/indexed-search/indexed-search.StatefulSet.yaml#L105-L106 for an example:
YAML- name: zoekt-indexserver env: - name: GRPC_ENABLED value: 'false' image: docker.io/sourcegraph/search-indexer:{CURRENT_VERSION_NO_V}
zoekt-indexserver can’t read from Sourcegraph’s site configuration, so we can only use environment variables to communicate this setting.
If any issues arise with gRPC, admins have the option to disable it in version 5.2.X. This will be phased out in 5.3.X.
Monitoring gRPC
To ensure the smooth operation of gRPC, we offer:
-
gRPC Grafana Dashboards: For every gRPC service, we provide dedicated dashboards. These boards present request and error rates for every method, aiding in performance tracking. See our dashboard documentation.
-
Internal Error Reporter: For certain errors specifically from gRPC libraries or configurations, we've integrated an "internal error" reporter. Logs prefixed with
grpc.internal.error.reportersignal issues with our gRPC execution and should be reported to customer support for more assistance.
Need Help?
For any queries or concerns, reach out to our customer support team. We’re here to assist!