From df9b4e92e84849e2b9fdb5b4849c9c4ebfae8040 Mon Sep 17 00:00:00 2001 From: Patrik Cyvoct Date: Fri, 24 Jan 2020 12:09:15 +0100 Subject: [PATCH] use network proxy for aggregator api Signed-off-by: Patrik Cyvoct --- .../k8s.io/kube-aggregator/pkg/apiserver/BUILD | 1 + .../kube-aggregator/pkg/apiserver/apiserver.go | 8 ++++++++ .../pkg/apiserver/handler_proxy.go | 16 +++++++++++++++- .../kube-aggregator/pkg/controllers/status/BUILD | 2 ++ .../controllers/status/available_controller.go | 15 ++++++++++++++- 5 files changed, 40 insertions(+), 2 deletions(-) diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/BUILD b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/BUILD index fdeac0d8e4a..ea1dd7a5481 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/BUILD +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/BUILD @@ -62,6 +62,7 @@ go_library( "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library", "//staging/src/k8s.io/apiserver/pkg/features:go_default_library", "//staging/src/k8s.io/apiserver/pkg/server:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/server/egressselector:go_default_library", "//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/proxy:go_default_library", diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go index 1d4c6ed7703..02c887c2a51 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go @@ -25,6 +25,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/sets" genericapiserver "k8s.io/apiserver/pkg/server" + "k8s.io/apiserver/pkg/server/egressselector" serverstorage "k8s.io/apiserver/pkg/server/storage" "k8s.io/client-go/pkg/version" openapicommon "k8s.io/kube-openapi/pkg/common" @@ -133,6 +134,10 @@ type APIAggregator struct { // openAPIAggregationController downloads and merges OpenAPI specs. openAPIAggregationController *openapicontroller.AggregationController + + // egressSelector selects the proper egress dialer to communicate with the custom apiserver + // overwrites proxyTransport dialer if not nil + egressSelector *egressselector.EgressSelector } // Complete fills in any fields not set that are required to have valid data. It's mutating the receiver. @@ -184,6 +189,7 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg APIRegistrationInformers: informerFactory, serviceResolver: c.ExtraConfig.ServiceResolver, openAPIConfig: openAPIConfig, + egressSelector: c.GenericConfig.EgressSelector, } apiGroupInfo := apiservicerest.NewRESTStorage(c.GenericConfig.MergedResourceConfig, c.GenericConfig.RESTOptionsGetter) @@ -217,6 +223,7 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg c.ExtraConfig.ProxyClientCert, c.ExtraConfig.ProxyClientKey, s.serviceResolver, + c.GenericConfig.EgressSelector, ) if err != nil { return nil, err @@ -301,6 +308,7 @@ func (s *APIAggregator) AddAPIService(apiService *v1.APIService) error { proxyClientKey: s.proxyClientKey, proxyTransport: s.proxyTransport, serviceResolver: s.serviceResolver, + egressSelector: s.egressSelector, } proxyHandler.updateAPIService(apiService) if s.openAPIAggregationController != nil { diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go index 9f876b227f1..4d1f9a6dd1b 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go @@ -33,6 +33,7 @@ import ( endpointmetrics "k8s.io/apiserver/pkg/endpoints/metrics" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" genericfeatures "k8s.io/apiserver/pkg/features" + "k8s.io/apiserver/pkg/server/egressselector" utilfeature "k8s.io/apiserver/pkg/util/feature" restclient "k8s.io/client-go/rest" "k8s.io/client-go/transport" @@ -63,6 +64,10 @@ type proxyHandler struct { serviceResolver ServiceResolver handlingInfo atomic.Value + + // egressSelector selects the proper egress dialer to communicate with the custom apiserver + // overwrites proxyTransport dialer if not nil + egressSelector *egressselector.EgressSelector } type proxyHandlingInfo struct { @@ -259,7 +264,16 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationv1api.APIServ servicePort: *apiService.Spec.Service.Port, serviceAvailable: apiregistrationv1apihelper.IsAPIServiceConditionTrue(apiService, apiregistrationv1api.Available), } - if r.proxyTransport != nil && r.proxyTransport.DialContext != nil { + if r.egressSelector != nil { + networkContext := egressselector.Cluster.AsNetworkContext() + var egressDialer utilnet.DialFunc + egressDialer, err := r.egressSelector.Lookup(networkContext) + if err != nil { + klog.Warning(err.Error()) + } else { + newInfo.restConfig.Dial = egressDialer + } + } else if r.proxyTransport != nil && r.proxyTransport.DialContext != nil { newInfo.restConfig.Dial = r.proxyTransport.DialContext } newInfo.proxyRoundTripper, newInfo.transportBuildingError = restclient.TransportFor(newInfo.restConfig) diff --git a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/BUILD b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/BUILD index cb7c2119f3c..2f63f65de44 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/BUILD +++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/BUILD @@ -17,8 +17,10 @@ go_library( "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/server/egressselector:go_default_library", "//staging/src/k8s.io/client-go/informers/core/v1:go_default_library", "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library", "//staging/src/k8s.io/client-go/rest:go_default_library", diff --git a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go index 8f11a5f3835..dc626e0449b 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go @@ -31,8 +31,10 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" + utilnet "k8s.io/apimachinery/pkg/util/net" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/apiserver/pkg/server/egressselector" v1informers "k8s.io/client-go/informers/core/v1" v1listers "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/rest" @@ -90,6 +92,7 @@ func NewAvailableConditionController( proxyClientCert []byte, proxyClientKey []byte, serviceResolver ServiceResolver, + egressSelector *egressselector.EgressSelector, ) (*AvailableConditionController, error) { c := &AvailableConditionController{ apiServiceClient: apiServiceClient, @@ -118,9 +121,19 @@ func NewAvailableConditionController( KeyData: proxyClientKey, }, } - if proxyTransport != nil && proxyTransport.DialContext != nil { + + if egressSelector != nil { + networkContext := egressselector.Cluster.AsNetworkContext() + var egressDialer utilnet.DialFunc + egressDialer, err := egressSelector.Lookup(networkContext) + if err != nil { + return nil, err + } + restConfig.Dial = egressDialer + } else if proxyTransport != nil && proxyTransport.DialContext != nil { restConfig.Dial = proxyTransport.DialContext } + transport, err := rest.TransportFor(restConfig) if err != nil { return nil, err