Handle requests with very large payload

[Ectelion]

Fixes #1754. In particular:

• Prevents potential out-of-memory issues caused by requests with very large payload;
• Addresses a functional issue that occurs even for relatively small payload sizes that exceeds PubSub limit on message size, which is 10Mb (non-extendable). Requests with payloads above that are not passing the publishing stage;
  • You may find it on PubSub quotas page: after the main table, there is a section with non-extendable quotas;

On memory consumption

Memory stress test was re-run several times. Here's is how a typical memory consumption pattern looks like:

In both cases, there is an initial spike varying around 600-800MiB, which then gradually smoothes out. There appears to be little to no impact on memory caused by the MaxBytesReader wrapper. This can also be seen from MaxBytesReader's implementation, which turns out to be lightweight and does not have any notable memory overheads.

[Ectelion]

Let me know if we'd rather have this as an env variable.

[liu-cong]

Can you document how this number is picked? Is this the same as the pubsub message size limit?

[Ectelion]

Sure, I have updated the description.

[ian-mi]

I recommend also wrapping the body in an io.LimitedReader.

[Ectelion]

I recommend also wrapping the body in an io.LimitedReader.

Some more context on this: I think this is indeed a more reliable approach. I myself considered MaxBytesReader, which is similar. In the context of recently completed perf tuning work (#1600), I wondered if the influence on memory consumption can be assumed to be negligible or whether the memory analysis in #1600 would need to be re-evaluated. Given this and that the malicious use case implies a wider problem (unauthorized access to the Broker first place), I thought it may be fine to keep it with current approach. What do you think?

[knative-test-reporter-robot]

The following jobs failed:

Test name	Triggers	Retries
pull-google-knative-gcp-wi-tests	2020-09-29 07:03:51.617 +0000 UTC	1/3

Automatically retrying due to test flakiness...
/test pull-google-knative-gcp-wi-tests

[knative-metrics-robot]

The following is the coverage report on the affected files.
Say /test pull-google-knative-gcp-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/broker/ingress/handler.go	90.0%	94.0%	4.0

[grantr]

Thanks @Ectelion!

/lgtm

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Ectelion, grantr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [grantr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment