Add the SSHTunnel transport to the kubelet client.

This commit is contained in:
Brendan Burns 2015-05-29 15:33:22 -07:00 committed by CJ Cullen
parent de9a5f43bc
commit 7ea533d871
6 changed files with 43 additions and 8 deletions

View File

@ -231,7 +231,7 @@ func handleInternal(legacy bool, storage map[string]rest.Storage, admissionContr
container := restful.NewContainer()
container.Router(restful.CurlyRouter{})
mux := container.ServeMux
if err := group.InstallREST(&RestContainer{container, 0}); err != nil {
if err := group.InstallREST(&RestContainer{container, 0}, nil); err != nil {
panic(fmt.Sprintf("unable to install container %s: %v", group.Version, err))
}
ws := new(restful.WebService)
@ -1901,7 +1901,7 @@ func TestParentResourceIsRequired(t *testing.T) {
Codec: newCodec,
}
container := restful.NewContainer()
if err := group.InstallREST(&RestContainer{container, 0}); err == nil {
if err := group.InstallREST(&RestContainer{container, 0}, nil); err == nil {
t.Fatal("expected error")
}
@ -1929,7 +1929,7 @@ func TestParentResourceIsRequired(t *testing.T) {
Codec: newCodec,
}
container = restful.NewContainer()
if err := group.InstallREST(&RestContainer{container, 0}); err != nil {
if err := group.InstallREST(&RestContainer{container, 0}, nil); err != nil {
t.Fatal(err)
}

View File

@ -121,7 +121,8 @@ func (r *ProxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
httpCode = http.StatusNotFound
return
}
if r.dial != nil {
// If we have a custom dialer, and no pre-existing transport, initialize it to use the dialer.
if transport == nil && r.dial != nil {
transport = &http.Transport{Dial: r.dial}
}

View File

@ -102,6 +102,9 @@ type KubeletConfig struct {
// HTTPTimeout is used by the client to timeout http requests to Kubelet.
HTTPTimeout time.Duration
// Dial is a custom dialer used for the client
Dial func(net, addr string) (net.Conn, error)
}
// TLSClientConfig contains settings to enable transport layer security

View File

@ -45,14 +45,20 @@ type ConnectionInfoGetter interface {
// HTTPKubeletClient is the default implementation of KubeletHealthchecker, accesses the kubelet over HTTP.
type HTTPKubeletClient struct {
Client *http.Client
Config *KubeletConfig
Port uint
EnableHttps bool
}
// TODO: this structure is questionable, it should be using client.Config and overriding defaults.
func NewKubeletClient(config *KubeletConfig) (KubeletClient, error) {
transport := http.DefaultTransport
func MakeTransport(config *KubeletConfig) (http.RoundTripper, error) {
var transport http.RoundTripper
if config.Dial == nil {
transport = http.DefaultTransport
} else {
transport = &http.Transport{
Dial: config.Dial,
}
}
cfg := &Config{TLSClientConfig: config.TLSClientConfig}
if config.EnableHttps {
hasCA := len(config.CAFile) > 0 || len(config.CAData) > 0
@ -69,13 +75,22 @@ func NewKubeletClient(config *KubeletConfig) (KubeletClient, error) {
TLSClientConfig: tlsConfig,
}
}
return transport, nil
}
// TODO: this structure is questionable, it should be using client.Config and overriding defaults.
func NewKubeletClient(config *KubeletConfig) (KubeletClient, error) {
transport, err := MakeTransport(config)
if err != nil {
return nil, err
}
c := &http.Client{
Transport: transport,
Timeout: config.HTTPTimeout,
}
return &HTTPKubeletClient{
Client: c,
Config: config,
Port: config.Port,
EnableHttps: config.EnableHttps,
}, nil

View File

@ -17,6 +17,7 @@ limitations under the License.
package fake_cloud
import (
"errors"
"fmt"
"net"
"regexp"

View File

@ -506,6 +506,21 @@ func (m *Master) init(c *Config) {
}
m.setupSecureProxy(c.SSHUser, c.SSHKeyfile)
proxyDialer = m.Dial
// This is pretty ugly. A better solution would be to pull this all the way up into the
// server.go file.
httpKubeletClient, ok := c.KubeletClient.(*client.HTTPKubeletClient)
if ok {
httpKubeletClient.Config.Dial = m.Dial
transport, err := client.MakeTransport(httpKubeletClient.Config)
if err != nil {
glog.Errorf("Error setting up transport over SSH: %v", err)
} else {
httpKubeletClient.Client.Transport = transport
}
} else {
glog.Errorf("Failed to cast %v to HTTPKubeletClient, skipping SSH tunnel.")
}
}
apiVersions := []string{}