Add support for h2c to GCP conformance and HTTP/2 to hammer (#243)

cmd/conformance/gcp/main.go

@@ -29,6 +29,8 @@ import (
 	tessera "github.com/transparency-dev/trillian-tessera"
 	"github.com/transparency-dev/trillian-tessera/storage/gcp"
 	"golang.org/x/mod/sumdb/note"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
 	"k8s.io/klog/v2"
 )
 
@@ -93,7 +95,13 @@ func main() {
 		_, _ = w.Write([]byte(fmt.Sprintf("%d", idx)))
 	})
 
-	if err := http.ListenAndServe(*listen, http.DefaultServeMux); err != nil {
+	h2s := &http2.Server{}
+	h1s := &http.Server{
+		Addr:    *listen,
+		Handler: h2c.NewHandler(http.DefaultServeMux, h2s),
+	}
+
+	if err := h1s.ListenAndServe(); err != nil {
 		klog.Exitf("ListenAndServe: %v", err)
 	}
 }

deployment/modules/gcp/cloudbuild/main.tf

@@ -122,7 +122,7 @@ resource "google_cloudbuild_trigger" "docker" {
       id   = "hammer"
       name = "golang"
       script = <<EOT
-      go run ./hammer --log_public_key=$(cat /workspace/verifier.pub) --log_url=https://storage.googleapis.com/trillian-tessera-ci-conformance-bucket/ --write_log_url="$(cat /workspace/conformance_url)" -v=1 --show_ui=false --bearer_token="$(cat /workspace/cb_access)" --bearer_token_write="$(cat /workspace/cb_identity)" --logtostderr --num_writers=1100 --max_write_ops=1024 --leaf_min_size=1024 --leaf_write_goal=50000
+      go run ./hammer --log_public_key=$(cat /workspace/verifier.pub) --log_url=https://storage.googleapis.com/trillian-tessera-ci-conformance-bucket/ --write_log_url="$(cat /workspace/conformance_url)" -v=1 --show_ui=false --bearer_token="$(cat /workspace/cb_access)" --bearer_token_write="$(cat /workspace/cb_identity)" --logtostderr --num_writers=1100 --max_write_ops=1500 --leaf_min_size=1024 --leaf_write_goal=50000 --force_http2
       EOT
       wait_for = ["terraform_outputs", "generate_verifier", "access"]
     }

deployment/modules/gcp/conformance/main.tf

@@ -99,7 +99,7 @@ resource "google_cloud_run_v2_service" "default" {
     timeout = "10s"
 
     scaling {
-      max_instance_count = 4
+      max_instance_count = 3
     }
 
     containers {
@@ -116,13 +116,14 @@ resource "google_cloud_run_v2_service" "default" {
         "--origin=${var.log_origin}",
       ]
       ports {
+        name = "h2c"
         container_port = 8080
       }
 
       resources {
         limits = {
           cpu = "2"
-          memory = "512Mi"
+          memory = "1024Mi"
         }
       }
 

go.mod

@@ -61,7 +61,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/crypto v0.27.0
-	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.22.0 // indirect
 	golang.org/x/sync v0.8.0
 	golang.org/x/sys v0.25.0 // indirect

hammer/hammer.go

@@ -18,6 +18,7 @@ package main
 import (
 	"context"
 	crand "crypto/rand"
+	"crypto/tls"
 	"errors"
 	"flag"
 	"fmt"
@@ -30,6 +31,8 @@ import (
 	movingaverage "github.com/RobinUS2/golang-moving-average"
 	"github.com/transparency-dev/trillian-tessera/client"
 	"golang.org/x/mod/sumdb/note"
+	"golang.org/x/net/http2"
+
 	"k8s.io/klog/v2"
 )
 
@@ -62,6 +65,8 @@ var (
 	bearerToken      = flag.String("bearer_token", "", "The bearer token for auth. For GCP this is the result of `gcloud auth print-access-token`")
 	bearerTokenWrite = flag.String("bearer_token_write", "", "The bearer token for auth to write. For GCP this is the result of `gcloud auth print-identity-token`. If unset will default to --bearer_token.")
 
+	forceHTTP2 = flag.Bool("force_http2", false, "Use HTTP/2 connections *only*")
+
 	hc = &http.Client{
 		Transport: &http.Transport{
 			MaxIdleConns:        256,
@@ -76,6 +81,12 @@ func main() {
 	klog.InitFlags(nil)
 	flag.Parse()
 
+	if *forceHTTP2 {
+		hc.Transport = &http2.Transport{
+			TLSClientConfig: &tls.Config{},
+		}
+	}
+
 	// If bearerTokenWrite is unset, default it to whatever bearerToken has (which may too be unset).
 	if *bearerTokenWrite == "" {
 		*bearerTokenWrite = *bearerToken