Merge pull request #53190 from lichen2013/issues_34457

Automatic merge from submit-queue (batch tested with PRs 53190, 54790, 54445, 52607, 54801). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Improve kubectl error messages Fixes #34457 Part of work on #31267
2017-10-31 20:10:16 -07:00 · 2017-10-31 20:10:16 -07:00 · ff5f00537d
parent 09d896bfd0 a4a6076924
commit ff5f00537d
2 changed files with 77 additions and 1 deletions
--- a/pkg/kubelet/server/server.go
+++ b/pkg/kubelet/server/server.go
@ -211,6 +211,8 @@ func NewServer(
 		if enableContentionProfiling {
 			goruntime.SetBlockProfileRate(1)
 		}
+	} else {
+		server.InstallDebuggingDisabledHandlers()
 	}
 	return server
 }
@ -418,6 +420,20 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
 	}
 }

+// InstallDebuggingDisabledHandlers registers the HTTP request patterns that provide better error message
+func (s *Server) InstallDebuggingDisabledHandlers() {
+	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		http.Error(w, "Debug endpoints are disabled.", http.StatusMethodNotAllowed)
+	})
+
+	paths := []string{
+		"/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/",
+		"/runningpods/", pprofBasePath, logsPath}
+	for _, p := range paths {
+		s.restfulCont.Handle(p, h)
+	}
+}
+
 // Checks if kubelet's sync loop  that updates containers is working.
 func (s *Server) syncLoopHealthCheck(req *http.Request) error {
 	duration := s.host.ResyncInterval() * 2
--- a/pkg/kubelet/server/server_test.go
+++ b/pkg/kubelet/server/server_test.go
@ -205,6 +205,10 @@ type serverTestFramework struct {
 }

 func newServerTest() *serverTestFramework {
+	return newServerTestWithDebug(true)
+}
+
+func newServerTestWithDebug(enableDebugging bool) *serverTestFramework {
 	fw := &serverTestFramework{}
 	fw.fakeKubelet = &fakeKubelet{
 		hostnameFunc: func() string {
@ -239,7 +243,7 @@ func newServerTest() *serverTestFramework {
 		fw.fakeKubelet,
 		stats.NewResourceAnalyzer(fw.fakeKubelet, time.Minute),
 		fw.fakeAuth,
-		true,
+		enableDebugging,
 		false,
 		&kubecontainertesting.Mock{},
 		fw.criHandler)
@ -1635,3 +1639,59 @@ func TestCRIHandler(t *testing.T) {
 	assert.Equal(t, path, fw.criHandler.RequestReceived.URL.Path)
 	assert.Equal(t, query, fw.criHandler.RequestReceived.URL.RawQuery)
 }
+
+func TestDebuggingDisabledHandlers(t *testing.T) {
+	fw := newServerTestWithDebug(false)
+	defer fw.testHTTPServer.Close()
+
+	paths := []string{
+		"/run", "/exec", "/attach", "/portForward", "/containerLogs", "/runningpods",
+		"/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/", "/runningpods/",
+		"/run/xxx", "/exec/xxx", "/attach/xxx", "/debug/pprof/profile", "/logs/kubelet.log",
+	}
+
+	for _, p := range paths {
+		resp, err := http.Get(fw.testHTTPServer.URL + p)
+		require.NoError(t, err)
+		assert.Equal(t, http.StatusMethodNotAllowed, resp.StatusCode)
+		body, err := ioutil.ReadAll(resp.Body)
+		require.NoError(t, err)
+		assert.Equal(t, "Debug endpoints are disabled.\n", string(body))
+
+		resp, err = http.Post(fw.testHTTPServer.URL+p, "", nil)
+		require.NoError(t, err)
+		assert.Equal(t, http.StatusMethodNotAllowed, resp.StatusCode)
+		body, err = ioutil.ReadAll(resp.Body)
+		require.NoError(t, err)
+		assert.Equal(t, "Debug endpoints are disabled.\n", string(body))
+	}
+
+	// test some other paths, make sure they're working
+	containerInfo := &cadvisorapi.ContainerInfo{
+		ContainerReference: cadvisorapi.ContainerReference{
+			Name: "/",
+		},
+	}
+	fw.fakeKubelet.rawInfoFunc = func(req *cadvisorapi.ContainerInfoRequest) (map[string]*cadvisorapi.ContainerInfo, error) {
+		return map[string]*cadvisorapi.ContainerInfo{
+			containerInfo.Name: containerInfo,
+		}, nil
+	}
+
+	resp, err := http.Get(fw.testHTTPServer.URL + "/stats")
+	require.NoError(t, err)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+	machineInfo := &cadvisorapi.MachineInfo{
+		NumCores:       4,
+		MemoryCapacity: 1024,
+	}
+	fw.fakeKubelet.machineInfoFunc = func() (*cadvisorapi.MachineInfo, error) {
+		return machineInfo, nil
+	}
+
+	resp, err = http.Get(fw.testHTTPServer.URL + "/spec")
+	require.NoError(t, err)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+}