Commit 582ab6f
authored
Set Chromium MaxConnectionsPerProxy default to 16 (#183)
**Summary**
Set Chromium’s default managed policy `MaxConnectionsPerProxy` to `16`
in the `kernel-images` browser images.
**Why**
In live testing on a stealth Envoy VM with a 6-tab workload, Chromium’s
default behavior allowed substantially higher upstream proxy fanout than
desired. Setting `MaxConnectionsPerProxy` effectively clamps
Chrome-to-proxy and proxy-to-origin connection counts much closer to the
configured limit.
Observed results from the same workload:
- Default: peak ~34 Chrome->Envoy connections, ~33 Envoy->Ping
connections
- `MaxConnectionsPerProxy=16`: peak ~17 / ~17
- `MaxConnectionsPerProxy=8`: peak ~9 / ~9
- `MaxConnectionsPerProxy=4`: peak ~7 / ~7
This makes `16` a good default for reducing proxy connection fanout
without needing per-session configuration.
**What changed**
- Added `"MaxConnectionsPerProxy": 16` to the shared managed Chromium
policy baked into the browser images.
- Added assertions in existing e2e tests that read
`/etc/chromium/policies/managed/policy.json` to verify the default is
present.
**Implementation details**
The default policy is sourced from the shared image policy file and
copied into the VM at `/etc/chromium/policies/managed/policy.json`, so
this change applies to the browser image startup path directly.
**Validation**
- Confirmed the managed policy JSON contains `MaxConnectionsPerProxy:
16`
- Ran:
- `go test ./lib/policy`
- `go test -run '^$' ./e2e`
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Changes a Chromium managed policy that can affect browser
networking/concurrency behavior across all images. Added e2e checks
reduce regression risk but policy changes may have wide runtime impact.
>
> **Overview**
> **Updates the default managed Chromium policy** to set
`MaxConnectionsPerProxy` to `16` in
`shared/chromium-policies/managed/policy.json`.
>
> **Hardens e2e coverage** by asserting `MaxConnectionsPerProxy` exists
and equals `16` in both the Chromium policy test and the enterprise
extension policy test, so missing/changed policy values are caught
early.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
524dd6b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->1 parent 11c57ac commit 582ab6f
3 files changed
Lines changed: 9 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
754 | 754 | | |
755 | 755 | | |
756 | 756 | | |
| 757 | + | |
| 758 | + | |
| 759 | + | |
| 760 | + | |
757 | 761 | | |
758 | 762 | | |
759 | 763 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
253 | 253 | | |
254 | 254 | | |
255 | 255 | | |
| 256 | + | |
| 257 | + | |
| 258 | + | |
| 259 | + | |
256 | 260 | | |
257 | 261 | | |
258 | 262 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| 12 | + | |
12 | 13 | | |
13 | 14 | | |
14 | 15 | | |
| |||
0 commit comments