github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Bump remotedialer 

Includes fix for recently identified memory leak.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
pull/5867/head
Brad Davidson 2022-06-29 11:50:21 -07:00 committed by Brad Davidson
parent e3cf461cca
commit ea615fb033
4 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -113,7 +113,7 @@ require (
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/rancher/dynamiclistener v0.3.3 github.com/rancher/dynamiclistener v0.3.3
github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08 github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08
github.com/rancher/remotedialer v0.2.0 github.com/rancher/remotedialer v0.2.6-0.20220624190122-ea57207bf2b8
github.com/rancher/wharfie v0.5.1 github.com/rancher/wharfie v0.5.1
github.com/rancher/wrangler v0.8.10 github.com/rancher/wrangler v0.8.10
github.com/robfig/cron/v3 v3.0.1 github.com/robfig/cron/v3 v3.0.1

4
go.sum
View File

@ -992,8 +992,8 @@ github.com/rancher/dynamiclistener v0.3.3 h1:pNwVc3vzuEHsbqAh1e76asq4aeDzHFV/5Ha
github.com/rancher/dynamiclistener v0.3.3/go.mod h1:QwTpy+drx4gvPMefrrUUKpVaWiy74O7vNvkwBXJ+s3E= github.com/rancher/dynamiclistener v0.3.3/go.mod h1:QwTpy+drx4gvPMefrrUUKpVaWiy74O7vNvkwBXJ+s3E=
github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08 h1:NxR8Fh0eE7/5/5Zvlog9B5NVjWKqBSb1WYMUF7/IE5c= github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08 h1:NxR8Fh0eE7/5/5Zvlog9B5NVjWKqBSb1WYMUF7/IE5c=
github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08/go.mod h1:9qZd/S8DqWzfKtjKGgSoHqGEByYmUE3qRaBaaAHwfEM= github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08/go.mod h1:9qZd/S8DqWzfKtjKGgSoHqGEByYmUE3qRaBaaAHwfEM=
github.com/rancher/remotedialer v0.2.0 h1:xD7t3K6JYwTdAsxmGtTHQMkEkFgKouQ1foLxVW424Dc= github.com/rancher/remotedialer v0.2.6-0.20220624190122-ea57207bf2b8 h1:leqh0chjBsXhKWebxxFd5QPcoQLu51EpaHo04ce0o+8=
github.com/rancher/remotedialer v0.2.0/go.mod h1:tkU8ZvrR5lRgaKWaX71nAy6daeqvPFx/lJEnbW7tXSI= github.com/rancher/remotedialer v0.2.6-0.20220624190122-ea57207bf2b8/go.mod h1:BwwztuvViX2JrLLUwDlsYt5DiyUwHLlzynRwkZLAY0Q=
github.com/rancher/wharfie v0.5.1 h1:TUqZyNj6BaGe2+tqhwAGwZouuwx02mvAMMjNuyejc5I= github.com/rancher/wharfie v0.5.1 h1:TUqZyNj6BaGe2+tqhwAGwZouuwx02mvAMMjNuyejc5I=
github.com/rancher/wharfie v0.5.1/go.mod h1:5AHZRFBAOWYPDNCwj/y5Dpj+MMwXLoitPwxjYAIbcxQ= github.com/rancher/wharfie v0.5.1/go.mod h1:5AHZRFBAOWYPDNCwj/y5Dpj+MMwXLoitPwxjYAIbcxQ=
github.com/rancher/wrangler v0.8.11-0.20220211163748-d5a8ee98be5f h1:0Z+sioLE7Ai0PLiwG81Lmh2kMFnT78cKUApArXQECzY= github.com/rancher/wrangler v0.8.11-0.20220211163748-d5a8ee98be5f h1:0Z+sioLE7Ai0PLiwG81Lmh2kMFnT78cKUApArXQECzY=

2
pkg/agent/tunnel/tunnel.go
View File

@ -341,7 +341,7 @@ func (a *agentTunnel) connect(rootCtx context.Context, waitGroup *sync.WaitGroup
for { for {
remotedialer.ClientConnect(ctx, wsURL, nil, ws, func(proto, address string) bool { remotedialer.ClientConnect(ctx, wsURL, nil, ws, func(proto, address string) bool {
return a.authorized(rootCtx, proto, address) return a.authorized(rootCtx, proto, address)
}, func(_ context.Context) error { }, func(_ context.Context, _ *remotedialer.Session) error {
if waitGroup != nil { if waitGroup != nil {
once.Do(waitGroup.Done) once.Do(waitGroup.Done)
} }

30
pkg/daemons/control/tunnel.go
View File

@ -27,6 +27,8 @@ import (
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
) )
var defaultDialer = net.Dialer{}
func loggingErrorWriter(rw http.ResponseWriter, req *http.Request, code int, err error) { func loggingErrorWriter(rw http.ResponseWriter, req *http.Request, code int, err error) {
logrus.Debugf("Tunnel server error: %d %v", code, err) logrus.Debugf("Tunnel server error: %d %v", code, err)
rw.WriteHeader(code) rw.WriteHeader(code)
@ -167,10 +169,10 @@ func (t *TunnelServer) onChangePod(podName string, pod *v1.Pod) (*v1.Pod, error)
// serveConnect attempts to handle the HTTP CONNECT request by dialing // serveConnect attempts to handle the HTTP CONNECT request by dialing
// a connection, either locally or via the remotedialer tunnel. // a connection, either locally or via the remotedialer tunnel.
func (t *TunnelServer) serveConnect(resp http.ResponseWriter, req *http.Request) { func (t *TunnelServer) serveConnect(resp http.ResponseWriter, req *http.Request) {
bconn, err := t.dialBackend(req.Host) bconn, err := t.dialBackend(req.Context(), req.Host)
if err != nil { if err != nil {
responsewriters.ErrorNegotiated( responsewriters.ErrorNegotiated(
apierrors.NewInternalError(errors.Wrap(err, "no tunnels available")), apierrors.NewServiceUnavailable(err.Error()),
scheme.Codecs.WithoutConversion(), schema.GroupVersion{}, resp, req, scheme.Codecs.WithoutConversion(), schema.GroupVersion{}, resp, req,
) )
return return
@ -203,7 +205,7 @@ func (t *TunnelServer) serveConnect(resp http.ResponseWriter, req *http.Request)
// tunnel connection, the agent may return an error if the agent's authorizer // tunnel connection, the agent may return an error if the agent's authorizer
// denies the connection, or if there is some other error in actually dialing // denies the connection, or if there is some other error in actually dialing
// the requested endpoint. // the requested endpoint.
func (t *TunnelServer) dialBackend(addr string) (net.Conn, error) { func (t *TunnelServer) dialBackend(ctx context.Context, addr string) (net.Conn, error) {
host, port, err := net.SplitHostPort(addr) host, port, err := net.SplitHostPort(addr)
if err != nil { if err != nil {
return nil, err return nil, err
@ -245,14 +247,26 @@ func (t *TunnelServer) dialBackend(addr string) (net.Conn, error) {
useTunnel = false useTunnel = false
} }
if useTunnel && t.server.HasSession(nodeName) { if useTunnel {
// Have a session and it is safe to use for this destination, do so. // Dialer(nodeName) returns a dial function that calls getDialer internally, which does the same locked session search
logrus.Debugf("Tunnel server egress proxy dialing %s via session to %s", addr, nodeName) // as HasSession(nodeName). Rather than checking twice, just attempt the dial and handle the error if no session is found.
return t.server.Dial(nodeName, 15*time.Second, "tcp", addr) dialContext := t.server.Dialer(nodeName)
if conn, err := dialContext(ctx, "tcp", addr); err != nil {
logrus.Debugf("Tunnel server egress proxy dial error: %v", err)
if toKubelet && strings.HasPrefix(err.Error(), "failed to find Session for client") {
// Don't have a session and we're trying to remote dial the kubelet via loopback, reject the connection.
return conn, err
}
// any other error is ignored; fall back to to dialing directly.
} else {
// Have a session and it is safe to use for this destination, do so.
logrus.Debugf("Tunnel server egress proxy dialing %s via Session to %s", addr, nodeName)
return conn, err
}
} }
// Don't have a session, the agent doesn't support tunneling to this destination, or // Don't have a session, the agent doesn't support tunneling to this destination, or
// the destination is local; fall back to direct connection. // the destination is local; fall back to direct connection.
logrus.Debugf("Tunnel server egress proxy dialing %s directly", addr) logrus.Debugf("Tunnel server egress proxy dialing %s directly", addr)
return net.Dial("tcp", addr) return defaultDialer.DialContext(ctx, "tcp", addr)
} }