featureflags

package
v0.0.0-...-d83be18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 17, 2026 License: Apache-2.0 Imports: 22 Imported by: 27

Documentation

Index

Constants

View Source
const (
	SandboxKind                        ldcontext.Kind = "sandbox"
	SandboxTemplateAttribute           string         = "template-id"
	SandboxKernelVersionAttribute      string         = "kernel-version"
	SandboxFirecrackerVersionAttribute string         = "firecracker-version"
	SandboxEnvdVersionAttribute        string         = "envd-version"
	// SandboxTypeAttribute distinguishes "sandbox" from "build" runs.
	SandboxTypeAttribute string = "sandbox-type"

	TeamKind    ldcontext.Kind = "team"
	UserKind    ldcontext.Kind = "user"
	ClusterKind ldcontext.Kind = "cluster"

	TierKind             ldcontext.Kind = "tier"
	ServiceKind          ldcontext.Kind = "service"
	TemplateKind         ldcontext.Kind = "template"
	VolumeKind           ldcontext.Kind = "volume"
	CompressFileTypeKind ldcontext.Kind = "compress-file-type"
	CompressUseCaseKind  ldcontext.Kind = "compress-use-case"
)

kinds

View Source
const (
	DefaultFirecrackerV1_10Version = "v1.10.1_30cbb07"
	DefaultFirecrackerV1_12Version = "v1.12.1_210cbac"
	DefaultFirecrackerV1_14Version = "v1.14.1_431f1fc"
	DefaultFirecrackerVersion      = DefaultFirecrackerV1_14Version
)

The Firecracker version the last tag + the short SHA (so we can build our dev previews) TODO: The short tag here has only 7 characters — the one from our build pipeline will likely have exactly 8 so this will break.

View Source
const (
	LogsWriteModePrimaryOnly      = "primary_only"
	LogsWriteModePrimaryAndShadow = "primary_and_shadow"
)

Log write routing modes for LogsWriteConfigFlag.

View Source
const (
	DefaultKernelVersion = "vmlinux-6.1.158"
)

Variables

View Source
var (
	SnapshotFeatureFlag                 = NewBoolFlag("use-nfs-for-snapshots", env.IsDevelopment())
	TemplateFeatureFlag                 = NewBoolFlag("use-nfs-for-templates", env.IsDevelopment())
	EnableWriteThroughCacheFlag         = NewBoolFlag("write-to-cache-on-writes", false)
	UseNFSCacheForBuildingTemplatesFlag = NewBoolFlag("use-nfs-for-building-templates", env.IsDevelopment())
	CreateStorageCacheSpansFlag         = NewBoolFlag("create-storage-cache-spans", env.IsDevelopment())
	OrchAcceptsCombinedHostFlag         = NewBoolFlag("orch-accepts-combined-host", false)

	// StorageSoftDeleteCheckFlag enables reading the storage-index soft-delete
	// tombstone on header load (one extra GCS Attrs on cold load). Off = no overhead.
	StorageSoftDeleteCheckFlag = NewBoolFlag("storage-soft-delete-check", false)
	// StorageSoftDeleteEnforceFlag makes a soft-deleted object fail the read
	// (fail closed) instead of only emitting a metric + log. Requires the check flag.
	StorageSoftDeleteEnforceFlag = NewBoolFlag("storage-soft-delete-enforce", false)

	// UseMemFdFlag asks Firecracker to back guest memory with a memfd and
	// pass the fd over the UFFD socket; the orchestrator then mmaps it
	// directly instead of using process_vm_readv on pause.
	UseMemFdFlag = NewBoolFlag("use-memfd", true)

	// MemfdBackgroundCopyFlag streams the memfd into the snapshot cache on
	// a goroutine so Pause returns as soon as the diff metadata is written.
	// Only takes effect when UseMemFdFlag is also on.
	MemfdBackgroundCopyFlag = NewBoolFlag("memfd-background-copy", true)

	// MemfileDiffDedupFlag enables 4 KiB-page dedup of the memfile diff
	// against the base memfile. bestEffort skips uncached blocks; directIO
	// opens the dedup output with O_DIRECT. The remaining keys budget fetch
	// defragmentation of the deduped diff — fetchRunWindowPages is the
	// uncompressed frame/window size served per backing fetch — see
	// orchestrator block.DedupBudget for semantics (0 = disabled/default).
	MemfileDiffDedupFlag = NewJSONFlag("memfile-diff-dedup", ldvalue.FromJSONMarshal(map[string]any{
		"enabled":                        false,
		"bestEffort":                     false,
		"directIO":                       false,
		"maxFetchWindowsPerBlock":        0,
		"maxPromotedParentPagesPerBlock": 0,
		"maxPagesPerPromotedFrame":       0,
		"blockFaultPct":                  0,
		"fetchRunWindowPages":            0,
	}))

	// PeerToPeerChunkTransferFlag enables peer-to-peer chunk routing.
	PeerToPeerChunkTransferFlag = NewBoolFlag("peer-to-peer-chunk-transfer", false)
	// PeerToPeerAsyncCheckpointFlag makes Checkpoint upload fire-and-forget instead
	// of synchronous. Only safe to enable after PeerToPeerChunkTransferFlag is ON.
	PeerToPeerAsyncCheckpointFlag = NewBoolFlag("peer-to-peer-async-checkpoint", false)

	PersistentVolumesFlag            = NewBoolFlag("can-use-persistent-volumes", env.IsDevelopment())
	SandboxLabelBasedSchedulingFlag  = NewBoolFlag("sandbox-label-based-scheduling", false)
	OptimisticResourceAccountingFlag = NewBoolFlag("sandbox-placement-optimistic-resource-accounting", false)
	FreePageReportingFlag            = NewBoolFlag("free-page-reporting", false)
	FreezeUserCgroupFlag             = NewBoolFlag("freeze-user-cgroup", env.IsDevelopment())
	// CollapseEnvdHeapFlag makes the orchestrator ask envd to collapse its own
	// anonymous heap into 2 MiB hugepages just before pause, reducing the number
	// of distinct frames envd faults on resume. Off by default; rolled out via LD.
	CollapseEnvdHeapFlag = NewBoolFlag("collapse-envd-heap", false)

	// CollapseEnvdHeapTimeoutMsFlag bounds the pre-pause POST /collapse call, in
	// milliseconds. Collapsing migrates envd's scattered heap pages into
	// hugepages, which is heavier than the freeze sysfs write, so it gets a
	// larger, independent budget. Collapse is best-effort: a cut-short run still
	// helps, so this can be tuned per rollout without redeploying. The fallback
	// (returned when LD is unavailable or the flag is unset) is the default.
	CollapseEnvdHeapTimeoutMsFlag = NewIntFlag("collapse-envd-heap-timeout-ms", 10000) // 10s in milliseconds

	// VolumeFallbackToUnmatchedNodesFlag allows volume operations to fall back to
	// orchestrator nodes that don't advertise the volume's type label when every
	// labeled node fails with a retryable error. This is a transitional flag for
	// the volume-label migration: once every node is labeled, unlabeled nodes will
	// fail 100% of the time, so this should be turned off and removed afterwards.
	VolumeFallbackToUnmatchedNodesFlag = NewBoolFlag("volume-fallback-to-unmatched-nodes", true)

	// SandboxVolumeLabelBasedSchedulingFlag enables filtering orchestrator nodes
	// based on the volume types required by the sandbox. When enabled, labels
	// like "persistent-volume-type=nfs" are added to the required node labels
	// for sandbox placement.
	SandboxVolumeLabelBasedSchedulingFlag = NewBoolFlag("sandbox-volume-label-based-scheduling", false)

	NetworkTransformRulesFlag = NewBoolFlag("network-transform-rules", env.IsDevelopment())

	BYOPProxyEnabledFlag = NewBoolFlag("byop-proxy-enabled", env.IsDevelopment())

	// V4HeaderForUncompressedFlag forces the V4 header layout on uncompressed
	// uploads. Independent of compress-config: it changes the header format,
	// not whether data is compressed.
	V4HeaderForUncompressedFlag = NewBoolFlag("v4-header-for-uncompressed", false)

	// HeaderV5WriteFlag makes Pause emit V5 headers. When enabled it also
	// supersedes V4HeaderForUncompressedFlag for uncompressed uploads.
	HeaderV5WriteFlag = NewBoolFlag("header-v5-write", false)

	// ResumeOriginNodeRemapFlag enables repointing a snapshot's origin_node_id to
	// the fallback node a resume timed out on. The node's local cache is warming
	// from the in-progress snapshot pull, so pinning the retry to it avoids
	// re-pulling the snapshot onto yet another node.
	ResumeOriginNodeRemapFlag = NewBoolFlag("resume-origin-node-remap", false)

	// ExpirationIndexHealerFlag enables the API's Redis expiration index healer
	// loop, which re-adds sandboxes missing from the global expiration ZSET
	// (a missing member is never seen by the evictor and would live forever).
	// Checked on every heal tick, so it can be toggled without a redeploy.
	// On by default; acts as a kill switch if a heal pass misbehaves.
	ExpirationIndexHealerFlag = NewBoolFlag("expiration-index-healer", true)

	// DisableE2BAccessTokenProvisioningFlag stops POST /access-tokens from issuing
	// new E2B access tokens (sk_e2b_) once enabled. E2B_ACCESS_TOKEN is deprecated
	// in favor of E2B_API_KEY; the CLI now authenticates via Hydra JWTs. Off by
	// default so issuance keeps working until the deprecation cutover.
	DisableE2BAccessTokenProvisioningFlag = NewBoolFlag("disable-e2b-access-token-provisioning", false)

	// DisableE2BAccessTokenAuthFlag stops the API and docker-reverse-proxy
	// (V1 build docker login) from accepting E2B access tokens (sk_e2b_) for
	// authentication once enabled. E2B_ACCESS_TOKEN is deprecated in favor of
	// E2B_API_KEY; existing tokens stop working on the deprecation cutover
	// (Aug 1, 2026). Off by default. Evaluated per-user so rejection can be
	// rolled out gradually via LD targeting.
	DisableE2BAccessTokenAuthFlag = NewBoolFlag("disable-e2b-access-token-auth", false)

	// BuildEnsureFreeDiskSpace grows the rootfs after build steps and before finalize.
	BuildEnsureFreeDiskSpace = NewBoolFlag("build-ensure-free-disk-space", false)
)
View Source
var (
	MaxSandboxesPerNode = NewIntFlag("max-sandboxes-per-node", 200)
	// The LD keys keep the legacy "gcloud-" prefix, but the limits apply to uploads on all storage providers.
	StorageConcurrentUploadLimit  = NewIntFlag("gcloud-concurrent-upload-limit", 8)
	StorageMaxUploadTasks         = NewIntFlag("gcloud-max-tasks", 16)
	ClickhouseBatcherMaxBatchSize = NewIntFlag("clickhouse-batcher-max-batch-size", 100)
	ClickhouseBatcherMaxDelay     = NewIntFlag("clickhouse-batcher-max-delay", 1000) // 1s in milliseconds
	ClickhouseBatcherQueueSize    = NewIntFlag("clickhouse-batcher-queue-size", 1000)
	BestOfKSampleSize             = NewIntFlag("best-of-k-sample-size", 3)                           // Default K=3
	BestOfKMaxOvercommit          = NewIntFlag("best-of-k-max-overcommit", 400)                      // Default R=4 (stored as percentage, max over-commit ratio)
	BestOfKAlpha                  = NewIntFlag("best-of-k-alpha", 50)                                // Default Alpha=0.5 (stored as percentage for int flag, current usage weight)
	EnvdInitTimeoutMilliseconds   = NewIntFlag("envd-init-request-timeout-milliseconds", 50)         // Timeout for envd init request in milliseconds
	EnvdTimeoutMilliseconds       = NewIntFlag("envd-timeout-milliseconds", envdTimeoutFallbackMs()) // Timeout for waiting for envd on resume; falls back to ENVD_TIMEOUT env var (default 10s)
	// GuestSyncTimeoutMs overrides the mandatory pre-pause guest-sync deadline
	// for filesystem-only snapshots, in milliseconds. 0 (default) derives the
	// timeout from guest RAM; a positive value pins it.
	GuestSyncTimeoutMs            = NewIntFlag("guest-sync-timeout-milliseconds", 0)
	MaxCacheWriterConcurrencyFlag = NewIntFlag("max-cache-writer-concurrency", 10)

	// BuildCacheMaxUsagePercentage the maximum percentage of the cache disk storage
	// that can be used before the cache starts evicting items.
	BuildCacheMaxUsagePercentage = NewIntFlag("build-cache-max-usage-percentage", 85)
	BuildProvisionVersion        = NewIntFlag("build-provision-version", 0)

	// NBDConnectionsPerDevice the number of NBD socket connections per device
	NBDConnectionsPerDevice = NewIntFlag("nbd-connections-per-device", 1)

	// NBDAsyncWriteZeroesFlag, when enabled, handles NBD WRITE_ZEROES/TRIM
	// commands in a goroutine instead of inline on the dispatch read loop.
	// Inline handling can stall the read loop via head-of-line blocking on the
	// shared write lock (when a reply writer is blocked on a full socket send
	// buffer), which makes the kernel time out the NBD connection and surfaces
	// as guest I/O errors. Disabled by default.
	NBDAsyncWriteZeroesFlag = NewBoolFlag("nbd-async-write-zeroes", false)

	// MemoryPrefetchMaxFetchWorkers is the maximum number of parallel fetch workers per sandbox for memory prefetching.
	// Fetching is I/O bound so we can have more parallelism.
	MemoryPrefetchMaxFetchWorkers = NewIntFlag("memory-prefetch-max-fetch-workers", 16)

	// MemoryPrefetchMaxCopyWorkers is the maximum number of parallel copy workers per sandbox for memory prefetching.
	// Copy uses uffd syscalls, so we limit parallelism to avoid overwhelming the system.
	MemoryPrefetchMaxCopyWorkers = NewIntFlag("memory-prefetch-max-copy-workers", 8)

	// PauseResumePrefetchHarvestFlag makes the orchestrator, after a pause
	// snapshot is durable, run a throwaway warm resume of the just-written
	// artifact (driven by envd /init, workload frozen, egress denied) to record
	// the resume page-fault trace and turn it into a prefetch mapping. Off by
	// default; the harvest is best-effort and never affects the pause result.
	PauseResumePrefetchHarvestFlag = NewBoolFlag("pause-resume-prefetch-harvest", false)

	// PauseResumePrefetchConsumeFlag controls whether a harvested mapping is
	// persisted into the pause artifact metadata (and therefore replayed on the
	// customer's next resume). When off, the harvest still runs and emits its
	// trace-size metrics but does NOT write the mapping, so resumes are
	// unaffected — letting us validate harvest behaviour with no customer-visible
	// change before enabling prefetch on resume. Off by default.
	PauseResumePrefetchConsumeFlag = NewBoolFlag("pause-resume-prefetch-consume", false)

	// PauseResumePrefetchHarvestTimeoutMsFlag bounds the throwaway harvest resume
	// (slot-hold cap), in milliseconds. The harvest is best-effort: a cut-short
	// run is discarded (the build is simply re-harvested on its next pause), so
	// erring short is cheap. A normal warm harvest completes in a few seconds; the
	// default leaves headroom for a large warm resume to fully drain while keeping
	// the worst-case slot hold modest. Tunable per rollout via LD; the fallback
	// (returned when LD is unavailable or the flag is unset) is the default.
	PauseResumePrefetchHarvestTimeoutMsFlag = NewIntFlag("pause-resume-prefetch-harvest-timeout-ms", 15000) // 15s

	// TCPFirewallMaxConnectionsPerSandbox is the maximum number of concurrent TCP firewall
	// connections allowed per sandbox. Negative means no limit.
	TCPFirewallMaxConnectionsPerSandbox = NewIntFlag("tcpfirewall-max-connections-per-sandbox", -1)

	// SandboxMaxIncomingConnections is the maximum number of concurrent HTTP proxy
	// connections allowed per sandbox. Negative means no limit.
	SandboxMaxIncomingConnections = NewIntFlag("sandbox-max-incoming-connections", -1)

	// BuildBaseRootfsSizeLimitMB is the maximum size of the base rootfs filesystem created from the OCI image, in MB.
	BuildBaseRootfsSizeLimitMB = NewIntFlag("build-base-rootfs-size-limit-mb", 25000)

	// MinAutoResumeTimeoutSeconds is the minimum auto-resume timeout in seconds.
	// This prevents thrashing from very short timeouts.
	MinAutoResumeTimeoutSeconds = NewIntFlag("minimum-autoresume-timeout", 300)

	// BuildReservedDiskSpaceMB is the amount of disk space in MB reserved for root on the guest filesystem.
	// Reserved blocks are only usable by root (uid 0), protecting the guest OS from disk-full conditions.
	BuildReservedDiskSpaceMB = NewIntFlag("build-reserved-disk-space-mb", 256)

	// MaxStartingInstancesPerNode limits concurrent sandbox start/resume operations on a single orchestrator node.
	// Must be > 0.
	MaxStartingInstancesPerNode = NewIntFlag("max-starting-instances-per-node", 3)

	// MaxConcurrentEvictions caps the number of sandbox evictions that can run
	// in parallel per API instance. Excess items remain expired in the store
	// and are picked up by the next eviction tick. Must be > 0; non-positive
	// values are ignored at refresh time.
	MaxConcurrentEvictions = NewIntFlag("max-concurrent-evictions", 256)

	// MaxConcurrentSnapshotUpserts limits concurrent UpsertSnapshot calls (pause + snapshot template paths).
	// 0 or negative disables throttling (unlimited concurrency).
	MaxConcurrentSnapshotUpserts = NewIntFlag("max-concurrent-snapshot-upserts", 0)
	// MaxConcurrentSandboxListQueries limits concurrent GetSnapshotsWithCursor calls in the sandbox list path.
	// 0 or negative disables throttling (unlimited concurrency).
	MaxConcurrentSandboxListQueries = NewIntFlag("max-concurrent-sandbox-list-queries", 0)
	// MaxConcurrentSnapshotBuildQueries limits concurrent GetSnapshotBuilds calls (e.g. sandbox delete).
	// 0 or negative disables throttling (unlimited concurrency).
	MaxConcurrentSnapshotBuildQueries = NewIntFlag("max-concurrent-snapshot-build-queries", 0)

	MinChunkerReadSizeKB = NewIntFlag("min-chunker-read-size-kb", 16)

	// MaxParallelBuildReadSegments limits concurrent backing reads within one fragmented build read.
	// 1 or lower keeps the existing serial path.
	MaxParallelBuildReadSegments = NewIntFlag("max-parallel-build-read-segments", 1)
)
View Source
var (
	BuildFirecrackerVersion     = NewStringFlag("build-firecracker-version", env.GetEnv("DEFAULT_FIRECRACKER_VERSION", DefaultFirecrackerVersion))
	BuildKernelVersion          = NewStringFlag("build-kernel-version", env.GetEnv("DEFAULT_KERNEL_VERSION", DefaultKernelVersion))
	BuildIoEngine               = NewStringFlag("build-io-engine", "Sync")
	DefaultPersistentVolumeType = NewStringFlag("default-persistent-volume-type", "")
	BuildNodeInfo               = NewJSONFlag("preferred-build-node", ldvalue.Null())
	FirecrackerVersions         = NewJSONFlag("firecracker-versions", ldvalue.FromJSONMarshal(FirecrackerVersionMap))

	// ClickhouseReadEndpointFlag selects which ClickHouse DSN to use for reads.
	// "" (empty) → singular CLICKHOUSE_CONNECTION_STRING (self-managed default).
	// "0", "1", ... → index into CLICKHOUSE_CONNECTION_STRINGS
	ClickhouseReadEndpointFlag = NewStringFlag("clickhouse-read-endpoint", "")

	// ClickhouseWriteFanoutFlag: when false, drop writes to alternate
	// ClickHouse endpoints (CLICKHOUSE_CONNECTION_STRINGS). Default DSN
	// is unaffected.
	ClickhouseWriteFanoutFlag = NewBoolFlag("clickhouse-write-fanout", false)
)

BuildIoEngine Sync is used by default as there seems to be a bad interaction between Async and a lot of io operations.

View Source
var BlockDriveThrottleConfig = NewJSONFlag("block-drive-throttle-config", ldvalue.FromJSONMarshal(map[string]any{
	"ops":       map[string]any{"bucketSize": -1, "oneTimeBurst": 0, "refillTimeMs": 1000},
	"bandwidth": map[string]any{"bucketSize": -1, "oneTimeBurst": 0, "refillTimeMs": 1000},
}))

BlockDriveThrottleConfig controls per-sandbox block device (disk) throttling via Firecracker's VMM-level token bucket rate limiters on the rootfs drive. Structure mirrors the Firecracker RateLimiter API: two independent token buckets. Set bucketSize to -1 to disable a bucket.

Ops bucket (IOPS): effective rate = ops.bucketSize * 1000 / ops.refillTimeMs ops/s. Bandwidth bucket (bytes): effective rate = bandwidth.bucketSize * 1000 / bandwidth.refillTimeMs bytes/s.

View Source
var CleanNFSCache = NewJSONFlag("clean-nfs-cache", ldvalue.Null())
View Source
var CompressConfigFlag = NewJSONFlag("compress-config", ldvalue.FromJSONMarshal(map[string]any{
	"compressBuilds":     false,
	"compressionType":    "",
	"compressionLevel":   0,
	"frameSizeKB":        0,
	"minPartSizeMB":      0,
	"frameEncodeWorkers": 0,
	"encoderConcurrency": 0,
}))

CompressConfigFlag controls compression during template builds. When compressBuilds is true, builds upload exclusively compressed data (no uncompressed fallback). When false, exclusively uncompressed with V3 headers (unless V4HeaderForUncompressedFlag is set).

View Source
var FreePageHintingConfig = NewJSONFlag("free-page-hinting-config", ldvalue.Null())

FreePageHintingConfig controls virtio-balloon free-page-hinting. "enabled" configures FreePageHinting=true on the balloon at install time (kernel-side eligibility is targeted separately via the LD context — the race fixed in https://lore.kernel.org/lkml/20240429125100.7393-1-david@redhat.com/ is on the hinting flow, gated by the per-use-case timeouts below). "pause"/"build" are pre-pause drain timeouts in ms keyed by SnapshotUseCase; missing/zero/negative disables the drain for that use case. Example: {"enabled": true, "pause": 500, "build": 0}

View Source
var LogsReadConfigFlag = NewBoolFlag("logs-read-config", false)

LogsReadConfigFlag selects the backend used to read sandbox/build logs. false (default) reads from Loki (unchanged behavior); true reads from the ClickHouse sandbox_logs table.

View Source
var LogsWriteConfigFlag = NewJSONFlag("logs-write-config", ldvalue.Null())

LogsWriteConfigFlag controls where sandbox/external logs are written, so operators can retarget log destinations from LaunchDarkly without a redeploy.

Shape:

{
  "mode": "primary_only" | "primary_and_shadow",
  "primary_url": "http://localhost:30006",
  "shadow_urls": ["http://localhost:4321/logs"],
  "timeout_ms": 2000,
  "max_inflight_shadow_writes": 1024
}

Semantics:

  • null/missing/invalid -> fall back to the legacy collector address only.
  • "primary_only" -> write to primary_url only.
  • "primary_and_shadow" -> write to primary_url; fire-and-forget shadow_urls (shadow failures never affect the primary result).
  • Empty primary_url in a non-disabled mode is invalid -> legacy fallback.
  • shadow_urls must be an array of <= maxLogWriteShadowURLs safe string URLs.
  • timeout_ms <= 0 or too large is clamped to a safe range.
  • max_inflight_shadow_writes <= 0 defaults to defaultMaxInflightShadowWrites.
  • Only http URLs pointing at local/private hosts or allowed internal DNS suffixes are allowed; anything else is rejected and the whole config falls back to legacy.

The fallback collector address is a runtime env value the flag cannot know, so the default is Null() and the code substitutes the legacy address.

View Source
var RateLimitConfigFlag = NewJSONFlag("rate-limit-config", ldvalue.Null())

RateLimitConfigFlag provides per-team rate limit overrides. JSON format:

{
  "/sandboxes/": {"rate": 50, "burst": 100},
  "/sandboxes/:sandboxID/pause": {"rate": 10, "burst": 20}
}

When non-null, values override the code defaults. Target specific teams in LaunchDarkly.

View Source
var ReclaimConfigFlag = NewJSONFlag("guest-pause-reclaim", ldvalue.Null())

ReclaimConfigFlag holds per-step caps in milliseconds for the pre-pause reclaim chain. Missing/zero/negative values disable the step. Example: {"sync":500,"drop_caches":200,"compact_memory":1000,"fstrim":500}

View Source
var TCPFirewallEgressThrottleConfig = NewJSONFlag("tcpfirewall-egress-throttle-config", ldvalue.FromJSONMarshal(map[string]any{
	"ops":       map[string]any{"bucketSize": -1, "oneTimeBurst": 0, "refillTimeMs": 1000},
	"bandwidth": map[string]any{"bucketSize": -1, "oneTimeBurst": 0, "refillTimeMs": 1000},
}))

TCPFirewallEgressThrottleConfig controls per-sandbox egress throttling via Firecracker's VMM-level token bucket rate limiters on the network interface. Structure mirrors the Firecracker RateLimiter API: two independent token buckets. Set bucketSize to -1 to disable a bucket.

Ops bucket (packets): effective rate = ops.bucketSize * 1000 / ops.refillTimeMs ops/s. Bandwidth bucket (bytes): effective rate = bandwidth.bucketSize * 1000 / bandwidth.refillTimeMs bytes/s.

View Source
var TrackedTemplatesForMetrics = NewJSONFlag("tracked-templates-for-metrics", ldvalue.FromJSONMarshal(defaultTrackedTemplates))

TrackedTemplatesForMetrics is a JSON flag that defines which template aliases should be tracked in sandbox start time metrics. Templates not in this list will be grouped under "other" to reduce metric cardinality. JSON format: {"base": true, "code-interpreter-v1": true, ...}

Functions

func AddToContext

func AddToContext(ctx context.Context, contexts ...ldcontext.Context) context.Context

func ClusterContext

func ClusterContext(clusterID uuid.UUID) ldcontext.Context

func CompressFileTypeContext

func CompressFileTypeContext(fileType string) ldcontext.Context

func CompressUseCaseContext

func CompressUseCaseContext(useCase string) ldcontext.Context

func GetFreePageHintingTimeout

func GetFreePageHintingTimeout(ctx context.Context, ff *Client, useCase string, contexts ...ldcontext.Context) time.Duration

GetFreePageHintingTimeout returns the pre-pause FPH drain timeout for the given SnapshotUseCase. Zero means disabled.

func GetTrackedTemplatesSet

func GetTrackedTemplatesSet(ctx context.Context, ff *Client) map[string]struct{}

GetTrackedTemplatesSet fetches the TrackedTemplatesForMetrics flag and returns it as a set for efficient lookup. Only keys with a truthy value are included; keys set to false are ignored.

func IsFreePageHintingEnabled

func IsFreePageHintingEnabled(ctx context.Context, ff *Client, contexts ...ldcontext.Context) bool

IsFreePageHintingEnabled reports whether FPH should be configured on the balloon at install time.

func OverrideBoolFlag

func OverrideBoolFlag(flag BoolFlag, value bool)

OverrideBoolFlag forces a bool flag to a specific value in the offline store. Only takes effect when LAUNCH_DARKLY_API_KEY is not set (i.e. dev/CLI tools).

func OverrideJSONFlag

func OverrideJSONFlag(flag JSONFlag, value ldvalue.Value)

OverrideJSONFlag forces a JSON flag to a specific value in the offline store. Only takes effect when LAUNCH_DARKLY_API_KEY is not set (i.e. dev/CLI tools).

func ResolveFirecrackerVersion

func ResolveFirecrackerVersion(ctx context.Context, ff *Client, buildVersion string) string

ResolveFirecrackerVersion resolves the firecracker version using the FirecrackerVersions feature flag. The buildVersion format is "v1.12.1_210cbac" — we extract "v1.12" as the lookup key.

func SandboxContext

func SandboxContext(sandboxID string) ldcontext.Context

func ServiceContext

func ServiceContext(serviceName string) ldcontext.Context

func TeamContext

func TeamContext(teamID string) ldcontext.Context

func TeamContextWithName

func TeamContextWithName(teamID, teamName string) ldcontext.Context

func TemplateContext

func TemplateContext(templateID string) ldcontext.Context

func TierContext

func TierContext(tierID, tierName string) ldcontext.Context

func UserContext

func UserContext(userID string) ldcontext.Context

func VolumeContext

func VolumeContext(volumeName string) ldcontext.Context

Types

type BlockDriveThrottleConfigValue

type BlockDriveThrottleConfigValue struct {
	Ops       TokenBucketConfig
	Bandwidth TokenBucketConfig
}

BlockDriveThrottleConfigValue holds the parsed values of BlockDriveThrottleConfig.

func GetBlockDriveThrottleConfig

func GetBlockDriveThrottleConfig(ctx context.Context, ff *Client) BlockDriveThrottleConfigValue

GetBlockDriveThrottleConfig fetches and parses the BlockDriveThrottleConfig flag.

type BoolFlag

type BoolFlag struct {
	// contains filtered or unexported fields
}

func NewBoolFlag

func NewBoolFlag(name string, fallback bool) BoolFlag

func (BoolFlag) Fallback

func (f BoolFlag) Fallback() bool

func (BoolFlag) Key

func (f BoolFlag) Key() string

func (BoolFlag) String

func (f BoolFlag) String() string

type Client

type Client struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient() (*Client, error)

func NewClientWithDatasource

func NewClientWithDatasource(source *ldtestdata.TestDataSource) (*Client, error)

func NewClientWithLogLevel

func NewClientWithLogLevel(logLevel ldlog.LogLevel) (*Client, error)

NewClientWithLogLevel creates a client with a specific log level. Use ldlog.Error to suppress INFO/WARN logs in CLI tools.

func (*Client) BoolFlag

func (c *Client) BoolFlag(ctx context.Context, flag BoolFlag, contexts ...ldcontext.Context) bool

func (*Client) Close

func (c *Client) Close(ctx context.Context) error

func (*Client) IntFlag

func (c *Client) IntFlag(ctx context.Context, flag IntFlag, contexts ...ldcontext.Context) int

func (*Client) JSONFlag

func (c *Client) JSONFlag(ctx context.Context, flag JSONFlag, contexts ...ldcontext.Context) ldvalue.Value

func (*Client) RegisterContextProvider

func (c *Client) RegisterContextProvider(provider ContextProvider)

RegisterContextProvider registers a provider whose contexts are appended to every flag evaluation.

func (*Client) SetDeploymentName

func (c *Client) SetDeploymentName(deploymentName string)

func (*Client) SetServiceName

func (c *Client) SetServiceName(serviceName string)

func (*Client) StringFlag

func (c *Client) StringFlag(ctx context.Context, flag StringFlag, contexts ...ldcontext.Context) string

func (*Client) WatchJSONFlag

func (c *Client) WatchJSONFlag(ctx context.Context, flag JSONFlag, contexts ...ldcontext.Context) (<-chan interfaces.FlagValueChangeEvent, func())

type ContextProvider

type ContextProvider func(ctx context.Context) ldcontext.Context

ContextProvider supplies an additional LD context on every flag evaluation. Services register providers to inject specific contexts without leaking that specificity into the shared client.

type IntFlag

type IntFlag struct {
	// contains filtered or unexported fields
}

func NewIntFlag

func NewIntFlag(name string, fallback int) IntFlag

func (IntFlag) Fallback

func (f IntFlag) Fallback() int

func (IntFlag) Key

func (f IntFlag) Key() string

func (IntFlag) String

func (f IntFlag) String() string

type JSONFlag

type JSONFlag struct {
	// contains filtered or unexported fields
}

func NewJSONFlag

func NewJSONFlag(name string, fallback ldvalue.Value) JSONFlag

func (JSONFlag) Fallback

func (f JSONFlag) Fallback() ldvalue.Value

func (JSONFlag) Key

func (f JSONFlag) Key() string

func (JSONFlag) String

func (f JSONFlag) String() string

type LogWriteConfig

type LogWriteConfig struct {
	// PrimaryURL is the synchronous, success-controlling destination.
	PrimaryURL string
	// ShadowURLs are best-effort, fire-and-forget destinations.
	ShadowURLs []string
	// Timeout bounds each individual log write request.
	Timeout time.Duration
	// MaxInflightShadowWrites bounds concurrent best-effort shadow writes.
	MaxInflightShadowWrites int64
}

LogWriteConfig is the resolved, validated log write routing configuration. The zero value (PrimaryURL set by the resolver) preserves legacy behavior.

func ResolveLogWriteConfig

func ResolveLogWriteConfig(ctx context.Context, ff *Client, fallbackURL string, contexts ...ldcontext.Context) LogWriteConfig

ResolveLogWriteConfig reads LogsWriteConfigFlag and returns a validated LogWriteConfig. On any missing/malformed/unsafe input it falls back to writing only to fallbackURL (today's behavior).

type LogWriteConfigResolver

type LogWriteConfigResolver struct {
	// contains filtered or unexported fields
}

LogWriteConfigResolver caches the resolved LogWriteConfig for a short TTL so callers on hot log-write paths avoid evaluating LaunchDarkly on every line. It is safe for concurrent use.

func NewLogWriteConfigResolver

func NewLogWriteConfigResolver(ff *Client, fallbackURL string) *LogWriteConfigResolver

NewLogWriteConfigResolver builds a resolver that caches LogsWriteConfigFlag evaluations for a short TTL. A nil ff is supported: Resolve then always returns the legacy fallback config (current behavior).

func (*LogWriteConfigResolver) Resolve

Resolve returns the cached LogWriteConfig, refreshing it via ResolveLogWriteConfig when the cache is empty or expired. Behavior for null/malformed/unsafe flag values is identical to ResolveLogWriteConfig.

type ReclaimConfig

type ReclaimConfig struct {
	Sync          time.Duration
	DropCaches    time.Duration
	CompactMemory time.Duration
	Fstrim        time.Duration
}

func GetReclaimConfig

func GetReclaimConfig(ctx context.Context, ff *Client, contexts ...ldcontext.Context) ReclaimConfig

type StringFlag

type StringFlag struct {
	// contains filtered or unexported fields
}

func NewStringFlag

func NewStringFlag(name string, fallback string) StringFlag

func (StringFlag) Fallback

func (f StringFlag) Fallback() string

func (StringFlag) Key

func (f StringFlag) Key() string

func (StringFlag) String

func (f StringFlag) String() string

type TCPFirewallEgressThrottleConfigValue

type TCPFirewallEgressThrottleConfigValue struct {
	Ops       TokenBucketConfig
	Bandwidth TokenBucketConfig
}

TCPFirewallEgressThrottleConfigValue holds the parsed values of TCPFirewallEgressThrottleConfig.

func GetTCPFirewallEgressThrottleConfig

func GetTCPFirewallEgressThrottleConfig(ctx context.Context, ff *Client) TCPFirewallEgressThrottleConfigValue

GetTCPFirewallEgressThrottleConfig fetches and parses the TCPFirewallEgressThrottleConfig flag.

type TokenBucketConfig

type TokenBucketConfig struct {
	BucketSize   int64
	OneTimeBurst int64
	RefillTimeMs int64
}

TokenBucketConfig holds parameters for a single Firecracker token bucket. BucketSize < 0 disables the bucket.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL