github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #90215 from jasimmons/pr_agnhost_netexec_http

Browse Source 
Adds HTTPS logic to agnhost netexec
This commit is contained in:
Kubernetes Prow Robot 2020-05-05 18:01:09 -07:00 committed by GitHub
commit 8e3766f2a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
test/images/agnhost/README.md
View File

@ -375,7 +375,7 @@ HTTP server:
### netexec ### netexec
Starts a HTTP server on given port with the following endpoints: Starts a HTTP(S) server on given port with the following endpoints:
- `/`: Returns the request's timestamp. - `/`: Returns the request's timestamp.
- `/clientip`: Returns the request's IP address. - `/clientip`: Returns the request's IP address.
@ -407,6 +407,10 @@ Starts a HTTP server on given port with the following endpoints:
Returns a JSON with the fields `output` (containing the file's name on the server) and Returns a JSON with the fields `output` (containing the file's name on the server) and
`error` containing any potential server side errors. `error` containing any potential server side errors.
If `--tls-cert-file` is added (ideally in conjunction with `--tls-private-key-file`, the HTTP server
will be upgraded to HTTPS. The image has default, `localhost`-based cert/privkey files at
`/localhost.crt` and `/localhost.key` (see: [`porter` subcommand](#porter))
It will also start a UDP server on the indicated UDP port that responds to the following commands: It will also start a UDP server on the indicated UDP port that responds to the following commands:
- `hostname`: Returns the server's hostname - `hostname`: Returns the server's hostname
@ -419,7 +423,7 @@ responding to the same commands as the UDP server.
Usage: Usage:
```console ```console
kubectl exec test-agnhost -- /agnhost netexec [--http-port <http-port>] [--udp-port <udp-port>] [--sctp-port <sctp-port>] kubectl exec test-agnhost -- /agnhost netexec [--http-port <http-port>] [--udp-port <udp-port>] [--sctp-port <sctp-port>] [--tls-cert-file <cert-file>] [--tls-private-key-file <privkey-file>]
``` ```
### nettest ### nettest

2
test/images/agnhost/VERSION
View File

@ -1 +1 @@
2.14 2.15

2
test/images/agnhost/agnhost.go
View File

@ -49,7 +49,7 @@ import (
) )
func main() { func main() {
rootCmd := &cobra.Command{Use: "app", Version: "2.14"} rootCmd := &cobra.Command{Use: "app", Version: "2.15"}
rootCmd.AddCommand(auditproxy.CmdAuditProxy) rootCmd.AddCommand(auditproxy.CmdAuditProxy)
rootCmd.AddCommand(connect.CmdConnect) rootCmd.AddCommand(connect.CmdConnect)

28
test/images/agnhost/netexec/netexec.go
View File

@ -44,13 +44,15 @@ var (
sctpPort = -1 sctpPort = -1
shellPath = "/bin/sh" shellPath = "/bin/sh"
serverReady = &atomicBool{0} serverReady = &atomicBool{0}
certFile = ""
privKeyFile = ""
) )
// CmdNetexec is used by agnhost Cobra. // CmdNetexec is used by agnhost Cobra.
var CmdNetexec = &cobra.Command{ var CmdNetexec = &cobra.Command{
Use: "netexec", Use: "netexec",
Short: "Creates HTTP, UDP, and (optionally) SCTP servers with various endpoints", Short: "Creates HTTP(S), UDP, and (optionally) SCTP servers with various endpoints",
Long: `Starts a HTTP server on given port with the following endpoints: Long: `Starts a HTTP(S) server on given port with the following endpoints:
- /: Returns the request's timestamp. - /: Returns the request's timestamp.
- /clientip: Returns the request's IP address. - /clientip: Returns the request's IP address.
@ -97,6 +99,10 @@ responding to the same commands as the UDP server.
func init() { func init() {
CmdNetexec.Flags().IntVar(&httpPort, "http-port", 8080, "HTTP Listen Port") CmdNetexec.Flags().IntVar(&httpPort, "http-port", 8080, "HTTP Listen Port")
CmdNetexec.Flags().StringVar(&certFile, "tls-cert-file", "",
"File containing an x509 certificate for HTTPS. (CA cert, if any, concatenated after server cert)")
CmdNetexec.Flags().StringVar(&privKeyFile, "tls-private-key-file", "",
"File containing an x509 private key matching --tls-cert-file")
CmdNetexec.Flags().IntVar(&udpPort, "udp-port", 8081, "UDP Listen Port") CmdNetexec.Flags().IntVar(&udpPort, "udp-port", 8081, "UDP Listen Port")
CmdNetexec.Flags().IntVar(&sctpPort, "sctp-port", -1, "SCTP Listen Port") CmdNetexec.Flags().IntVar(&sctpPort, "sctp-port", -1, "SCTP Listen Port")
} }
@ -125,10 +131,17 @@ func main(cmd *cobra.Command, args []string) {
if sctpPort != -1 { if sctpPort != -1 {
go startSCTPServer(sctpPort) go startSCTPServer(sctpPort)
} }
startHTTPServer(httpPort)
addRoutes()
if len(certFile) > 0 {
// only start HTTPS server if a cert is provided
startHTTPSServer(httpPort, certFile, privKeyFile)
} else {
startHTTPServer(httpPort)
}
} }
func startHTTPServer(httpPort int) { func addRoutes() {
http.HandleFunc("/", rootHandler) http.HandleFunc("/", rootHandler)
http.HandleFunc("/clientip", clientIPHandler) http.HandleFunc("/clientip", clientIPHandler)
http.HandleFunc("/echo", echoHandler) http.HandleFunc("/echo", echoHandler)
@ -141,6 +154,13 @@ func startHTTPServer(httpPort int) {
// older handlers // older handlers
http.HandleFunc("/hostName", hostNameHandler) http.HandleFunc("/hostName", hostNameHandler)
http.HandleFunc("/shutdown", shutdownHandler) http.HandleFunc("/shutdown", shutdownHandler)
}
func startHTTPSServer(httpsPort int, certFile, privKeyFile string) {
log.Fatal(http.ListenAndServeTLS(fmt.Sprintf(":%d", httpPort), certFile, privKeyFile, nil))
}
func startHTTPServer(httpPort int) {
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", httpPort), nil)) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", httpPort), nil))
} }