From 58dc579d5784e663a55a96d8277c3a2a8f45132f Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Thu, 18 Feb 2021 00:10:21 -0800
Subject: [PATCH] resolver: fix tcp connections limit

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
---
 util/resolver/resolver.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/util/resolver/resolver.go b/util/resolver/resolver.go
index 42c940b3..ee863c82 100644
--- a/util/resolver/resolver.go
+++ b/util/resolver/resolver.go
@@ -43,7 +43,7 @@ func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHos
 	}
 	if c.Insecure != nil && *c.Insecure {
 		h2 := h
-		transport := newDefaultTransport()
+		transport := newTransport()
 		transport.TLSClientConfig = tc
 		h2.Client = &http.Client{
 			Transport: tracing.NewTransport(transport),
@@ -53,7 +53,7 @@ func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHos
 	}
 
 	if len(hosts) == 0 {
-		transport := newDefaultTransport()
+		transport := newTransport()
 		transport.TLSClientConfig = tc
 
 		h.Client = &http.Client{
@@ -172,18 +172,20 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
 
 func newDefaultClient() *http.Client {
 	return &http.Client{
-		Transport: tracing.NewTransport(newDefaultTransport()),
+		Transport: tracing.NewTransport(defaultTransport),
 	}
 }
 
-// newDefaultTransport is for pull or push client
+var defaultTransport = newTransport()
+
+// newTransport is for pull or push client
 //
 // NOTE: For push, there must disable http2 for https because the flow control
 // will limit data transfer. The net/http package doesn't provide http2 tunable
 // settings which limits push performance.
 //
 // REF: https://github.com/golang/go/issues/14077
-func newDefaultTransport() *http.Transport {
+func newTransport() *http.Transport {
 	return &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
@@ -194,6 +196,7 @@ func newDefaultTransport() *http.Transport {
 		IdleConnTimeout:       30 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 5 * time.Second,
+		MaxConnsPerHost:       6,
 		TLSNextProto:          make(map[string]func(authority string, c *tls.Conn) http.RoundTripper),
 	}
 }