mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #106830 from pacoxu/StreamingProxyRedirects-remove
remove ValidateProxyRedirects and StreamingProxyRedirects
This commit is contained in:
commit
c2d2e66535
@ -950,8 +950,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
||||
|
||||
// inherited features from generic apiserver, relisted here to get a conflict if it is changed
|
||||
// unintentionally on either side:
|
||||
genericfeatures.StreamingProxyRedirects: {Default: false, PreRelease: featuregate.Deprecated}, // remove in 1.24
|
||||
genericfeatures.ValidateProxyRedirects: {Default: true, PreRelease: featuregate.Deprecated},
|
||||
genericfeatures.AdvancedAuditing: {Default: true, PreRelease: featuregate.GA},
|
||||
genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta},
|
||||
genericfeatures.APIListChunking: {Default: true, PreRelease: featuregate.Beta},
|
||||
|
@ -25,10 +25,8 @@ import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apimachinery/pkg/util/proxy"
|
||||
genericfeatures "k8s.io/apiserver/pkg/features"
|
||||
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
"k8s.io/kubernetes/pkg/capabilities"
|
||||
"k8s.io/kubernetes/pkg/kubelet/client"
|
||||
@ -73,7 +71,7 @@ func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object,
|
||||
}
|
||||
location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path)
|
||||
// Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc)
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, false, responder), nil
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil
|
||||
}
|
||||
|
||||
// Support both GET and POST methods. We must support GET for browsers that want to use WebSockets.
|
||||
@ -103,7 +101,7 @@ func (r *AttachREST) Connect(ctx context.Context, name string, opts runtime.Obje
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
|
||||
}
|
||||
|
||||
// NewConnectOptions returns the versioned object that represents exec parameters
|
||||
@ -140,7 +138,7 @@ func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
|
||||
}
|
||||
|
||||
// NewConnectOptions returns the versioned object that represents exec parameters
|
||||
@ -188,13 +186,11 @@ func (r *PortForwardREST) Connect(ctx context.Context, name string, opts runtime
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
|
||||
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
|
||||
}
|
||||
|
||||
func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired, interceptRedirects bool, responder rest.Responder) *proxy.UpgradeAwareHandler {
|
||||
func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler {
|
||||
handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder))
|
||||
handler.InterceptRedirects = interceptRedirects && utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StreamingProxyRedirects)
|
||||
handler.RequireSameHostRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.ValidateProxyRedirects)
|
||||
handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec
|
||||
return handler
|
||||
}
|
||||
|
@ -69,11 +69,6 @@ type UpgradeAwareHandler struct {
|
||||
UpgradeTransport UpgradeRequestRoundTripper
|
||||
// WrapTransport indicates whether the provided Transport should be wrapped with default proxy transport behavior (URL rewriting, X-Forwarded-* header setting)
|
||||
WrapTransport bool
|
||||
// InterceptRedirects determines whether the proxy should sniff backend responses for redirects,
|
||||
// following them as necessary.
|
||||
InterceptRedirects bool
|
||||
// RequireSameHostRedirects only allows redirects to the same host. It is only used if InterceptRedirects=true.
|
||||
RequireSameHostRedirects bool
|
||||
// UseRequestLocation will use the incoming request URL when talking to the backend server.
|
||||
UseRequestLocation bool
|
||||
// UseLocationHost overrides the HTTP host header in requests to the backend server to use the Host from Location.
|
||||
@ -310,17 +305,12 @@ func (h *UpgradeAwareHandler) tryUpgrade(w http.ResponseWriter, req *http.Reques
|
||||
// Only append X-Forwarded-For in the upgrade path, since httputil.NewSingleHostReverseProxy
|
||||
// handles this in the non-upgrade path.
|
||||
utilnet.AppendForwardedForHeader(clone)
|
||||
if h.InterceptRedirects {
|
||||
klog.V(6).Infof("Connecting to backend proxy (intercepting redirects) %s\n Headers: %v", &location, clone.Header)
|
||||
backendConn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, &location, clone.Header, req.Body, utilnet.DialerFunc(h.DialForUpgrade), h.RequireSameHostRedirects)
|
||||
} else {
|
||||
klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header)
|
||||
if h.UseLocationHost {
|
||||
clone.Host = h.Location.Host
|
||||
}
|
||||
clone.URL = &location
|
||||
backendConn, err = h.DialForUpgrade(clone)
|
||||
klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header)
|
||||
if h.UseLocationHost {
|
||||
clone.Host = h.Location.Host
|
||||
}
|
||||
clone.URL = &location
|
||||
backendConn, err = h.DialForUpgrade(clone)
|
||||
if err != nil {
|
||||
klog.V(6).Infof("Proxy connection error: %v", err)
|
||||
h.Responder.Error(w, req, err)
|
||||
|
@ -501,61 +501,54 @@ func TestProxyUpgrade(t *testing.T) {
|
||||
}
|
||||
|
||||
for k, tc := range testcases {
|
||||
for _, redirect := range []bool{false, true} {
|
||||
tcName := k
|
||||
backendPath := "/hello"
|
||||
if redirect {
|
||||
tcName += " with redirect"
|
||||
backendPath = "/redirect"
|
||||
}
|
||||
func() { // Cleanup after each test case.
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) {
|
||||
if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth {
|
||||
t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header)
|
||||
defer ws.Close()
|
||||
ws.Write([]byte("you failed"))
|
||||
return
|
||||
}
|
||||
tcName := k
|
||||
backendPath := "/hello"
|
||||
func() { // Cleanup after each test case.
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) {
|
||||
if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth {
|
||||
t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header)
|
||||
defer ws.Close()
|
||||
body := make([]byte, 5)
|
||||
ws.Read(body)
|
||||
ws.Write([]byte("hello " + string(body)))
|
||||
}))
|
||||
backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/hello", http.StatusFound)
|
||||
}))
|
||||
backendServer := tc.ServerFunc(backend)
|
||||
defer backendServer.Close()
|
||||
|
||||
serverURL, _ := url.Parse(backendServer.URL)
|
||||
serverURL.Path = backendPath
|
||||
proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t})
|
||||
proxyHandler.UpgradeTransport = tc.UpgradeTransport
|
||||
proxyHandler.InterceptRedirects = redirect
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
|
||||
ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/")
|
||||
if err != nil {
|
||||
t.Fatalf("%s: websocket dial err: %s", tcName, err)
|
||||
ws.Write([]byte("you failed"))
|
||||
return
|
||||
}
|
||||
defer ws.Close()
|
||||
body := make([]byte, 5)
|
||||
ws.Read(body)
|
||||
ws.Write([]byte("hello " + string(body)))
|
||||
}))
|
||||
backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/hello", http.StatusFound)
|
||||
}))
|
||||
backendServer := tc.ServerFunc(backend)
|
||||
defer backendServer.Close()
|
||||
|
||||
if _, err := ws.Write([]byte("world")); err != nil {
|
||||
t.Fatalf("%s: write err: %s", tcName, err)
|
||||
}
|
||||
serverURL, _ := url.Parse(backendServer.URL)
|
||||
serverURL.Path = backendPath
|
||||
proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t})
|
||||
proxyHandler.UpgradeTransport = tc.UpgradeTransport
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
|
||||
response := make([]byte, 20)
|
||||
n, err := ws.Read(response)
|
||||
if err != nil {
|
||||
t.Fatalf("%s: read err: %s", tcName, err)
|
||||
}
|
||||
if e, a := "hello world", string(response[0:n]); e != a {
|
||||
t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a)
|
||||
}
|
||||
}()
|
||||
}
|
||||
ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/")
|
||||
if err != nil {
|
||||
t.Fatalf("%s: websocket dial err: %s", tcName, err)
|
||||
}
|
||||
defer ws.Close()
|
||||
|
||||
if _, err := ws.Write([]byte("world")); err != nil {
|
||||
t.Fatalf("%s: write err: %s", tcName, err)
|
||||
}
|
||||
|
||||
response := make([]byte, 20)
|
||||
n, err := ws.Read(response)
|
||||
if err != nil {
|
||||
t.Fatalf("%s: read err: %s", tcName, err)
|
||||
}
|
||||
if e, a := "hello world", string(response[0:n]); e != a {
|
||||
t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a)
|
||||
}
|
||||
}()
|
||||
}
|
||||
}
|
||||
|
||||
@ -614,107 +607,100 @@ func TestProxyUpgradeConnectionErrorResponse(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestProxyUpgradeErrorResponseTerminates(t *testing.T) {
|
||||
for _, intercept := range []bool{true, false} {
|
||||
for _, code := range []int{400, 500} {
|
||||
t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) {
|
||||
// Set up a backend server
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(code)
|
||||
w.Write([]byte(`some data`))
|
||||
}))
|
||||
backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
t.Error("request to /there")
|
||||
}))
|
||||
backendServer := httptest.NewServer(backend)
|
||||
defer backendServer.Close()
|
||||
backendServerURL, _ := url.Parse(backendServer.URL)
|
||||
backendServerURL.Path = "/hello"
|
||||
for _, code := range []int{400, 500} {
|
||||
t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) {
|
||||
// Set up a backend server
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(code)
|
||||
w.Write([]byte(`some data`))
|
||||
}))
|
||||
backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
t.Error("request to /there")
|
||||
}))
|
||||
backendServer := httptest.NewServer(backend)
|
||||
defer backendServer.Close()
|
||||
backendServerURL, _ := url.Parse(backendServer.URL)
|
||||
backendServerURL.Path = "/hello"
|
||||
|
||||
// Set up a proxy pointing to a specific path on the backend
|
||||
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t})
|
||||
proxyHandler.InterceptRedirects = intercept
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
proxyURL, _ := url.Parse(proxy.URL)
|
||||
// Set up a proxy pointing to a specific path on the backend
|
||||
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t})
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
proxyURL, _ := url.Parse(proxy.URL)
|
||||
|
||||
conn, err := net.Dial("tcp", proxyURL.Host)
|
||||
require.NoError(t, err)
|
||||
bufferedReader := bufio.NewReader(conn)
|
||||
conn, err := net.Dial("tcp", proxyURL.Host)
|
||||
require.NoError(t, err)
|
||||
bufferedReader := bufio.NewReader(conn)
|
||||
|
||||
// Send upgrade request resulting in a non-101 response from the backend
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
|
||||
require.NoError(t, req.Write(conn))
|
||||
// Verify we get the correct response and full message body content
|
||||
resp, err := http.ReadResponse(bufferedReader, nil)
|
||||
require.NoError(t, err)
|
||||
data, err := ioutil.ReadAll(resp.Body)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, resp.StatusCode, code)
|
||||
require.Equal(t, data, []byte(`some data`))
|
||||
resp.Body.Close()
|
||||
// Send upgrade request resulting in a non-101 response from the backend
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
|
||||
require.NoError(t, req.Write(conn))
|
||||
// Verify we get the correct response and full message body content
|
||||
resp, err := http.ReadResponse(bufferedReader, nil)
|
||||
require.NoError(t, err)
|
||||
data, err := ioutil.ReadAll(resp.Body)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, resp.StatusCode, code)
|
||||
require.Equal(t, data, []byte(`some data`))
|
||||
resp.Body.Close()
|
||||
|
||||
// try to read from the connection to verify it was closed
|
||||
b := make([]byte, 1)
|
||||
conn.SetReadDeadline(time.Now().Add(time.Second))
|
||||
if _, err := conn.Read(b); err != io.EOF {
|
||||
t.Errorf("expected EOF, got %v", err)
|
||||
}
|
||||
// try to read from the connection to verify it was closed
|
||||
b := make([]byte, 1)
|
||||
conn.SetReadDeadline(time.Now().Add(time.Second))
|
||||
if _, err := conn.Read(b); err != io.EOF {
|
||||
t.Errorf("expected EOF, got %v", err)
|
||||
}
|
||||
|
||||
// Send another request to another endpoint to verify it is not received
|
||||
req, _ = http.NewRequest("GET", "/there", nil)
|
||||
req.Write(conn)
|
||||
// wait to ensure the handler does not receive the request
|
||||
time.Sleep(time.Second)
|
||||
// Send another request to another endpoint to verify it is not received
|
||||
req, _ = http.NewRequest("GET", "/there", nil)
|
||||
req.Write(conn)
|
||||
// wait to ensure the handler does not receive the request
|
||||
time.Sleep(time.Second)
|
||||
|
||||
// clean up
|
||||
conn.Close()
|
||||
})
|
||||
}
|
||||
// clean up
|
||||
conn.Close()
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestProxyUpgradeErrorResponse(t *testing.T) {
|
||||
for _, intercept := range []bool{true, false} {
|
||||
for _, code := range []int{200, 300, 302, 307} {
|
||||
t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) {
|
||||
// Set up a backend server
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "https://example.com/there", code)
|
||||
}))
|
||||
backendServer := httptest.NewServer(backend)
|
||||
defer backendServer.Close()
|
||||
backendServerURL, _ := url.Parse(backendServer.URL)
|
||||
backendServerURL.Path = "/hello"
|
||||
for _, code := range []int{200, 300, 302, 307} {
|
||||
t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) {
|
||||
// Set up a backend server
|
||||
backend := http.NewServeMux()
|
||||
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "https://example.com/there", code)
|
||||
}))
|
||||
backendServer := httptest.NewServer(backend)
|
||||
defer backendServer.Close()
|
||||
backendServerURL, _ := url.Parse(backendServer.URL)
|
||||
backendServerURL.Path = "/hello"
|
||||
|
||||
// Set up a proxy pointing to a specific path on the backend
|
||||
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t})
|
||||
proxyHandler.InterceptRedirects = intercept
|
||||
proxyHandler.RequireSameHostRedirects = true
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
proxyURL, _ := url.Parse(proxy.URL)
|
||||
// Set up a proxy pointing to a specific path on the backend
|
||||
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t})
|
||||
proxy := httptest.NewServer(proxyHandler)
|
||||
defer proxy.Close()
|
||||
proxyURL, _ := url.Parse(proxy.URL)
|
||||
|
||||
conn, err := net.Dial("tcp", proxyURL.Host)
|
||||
require.NoError(t, err)
|
||||
bufferedReader := bufio.NewReader(conn)
|
||||
conn, err := net.Dial("tcp", proxyURL.Host)
|
||||
require.NoError(t, err)
|
||||
bufferedReader := bufio.NewReader(conn)
|
||||
|
||||
// Send upgrade request resulting in a non-101 response from the backend
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
|
||||
require.NoError(t, req.Write(conn))
|
||||
// Verify we get the correct response and full message body content
|
||||
resp, err := http.ReadResponse(bufferedReader, nil)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, fakeStatusCode, resp.StatusCode)
|
||||
resp.Body.Close()
|
||||
// Send upgrade request resulting in a non-101 response from the backend
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
|
||||
require.NoError(t, req.Write(conn))
|
||||
// Verify we get the correct response and full message body content
|
||||
resp, err := http.ReadResponse(bufferedReader, nil)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, fakeStatusCode, resp.StatusCode)
|
||||
resp.Body.Close()
|
||||
|
||||
// clean up
|
||||
conn.Close()
|
||||
})
|
||||
}
|
||||
// clean up
|
||||
conn.Close()
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -30,26 +30,6 @@ const (
|
||||
// // alpha: v1.4
|
||||
// MyFeature() bool
|
||||
|
||||
// owner: @tallclair
|
||||
// alpha: v1.5
|
||||
// beta: v1.6
|
||||
// deprecated: v1.18
|
||||
//
|
||||
// StreamingProxyRedirects controls whether the apiserver should intercept (and follow)
|
||||
// redirects from the backend (Kubelet) for streaming requests (exec/attach/port-forward).
|
||||
//
|
||||
// This feature is deprecated, and will be removed in v1.24.
|
||||
StreamingProxyRedirects featuregate.Feature = "StreamingProxyRedirects"
|
||||
|
||||
// owner: @tallclair
|
||||
// alpha: v1.12
|
||||
// beta: v1.14
|
||||
// deprecated: v1.22
|
||||
//
|
||||
// ValidateProxyRedirects controls whether the apiserver should validate that redirects are only
|
||||
// followed to the same host. Only used if StreamingProxyRedirects is enabled.
|
||||
ValidateProxyRedirects featuregate.Feature = "ValidateProxyRedirects"
|
||||
|
||||
// owner: @tallclair
|
||||
// alpha: v1.7
|
||||
// beta: v1.8
|
||||
@ -213,8 +193,6 @@ func init() {
|
||||
// To add a new feature, define a key for it above and add it here. The features will be
|
||||
// available throughout Kubernetes binaries.
|
||||
var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
|
||||
StreamingProxyRedirects: {Default: false, PreRelease: featuregate.Deprecated},
|
||||
ValidateProxyRedirects: {Default: true, PreRelease: featuregate.Deprecated},
|
||||
AdvancedAuditing: {Default: true, PreRelease: featuregate.GA},
|
||||
APIResponseCompression: {Default: true, PreRelease: featuregate.Beta},
|
||||
APIListChunking: {Default: true, PreRelease: featuregate.Beta},
|
||||
|
@ -32,9 +32,7 @@ import (
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
endpointmetrics "k8s.io/apiserver/pkg/endpoints/metrics"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
genericfeatures "k8s.io/apiserver/pkg/features"
|
||||
"k8s.io/apiserver/pkg/server/egressselector"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol"
|
||||
"k8s.io/apiserver/pkg/util/x509metrics"
|
||||
restclient "k8s.io/client-go/rest"
|
||||
@ -174,8 +172,6 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
handler := proxy.NewUpgradeAwareHandler(location, proxyRoundTripper, true, upgrade, &responder{w: w})
|
||||
handler.InterceptRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StreamingProxyRedirects)
|
||||
handler.RequireSameHostRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.ValidateProxyRedirects)
|
||||
utilflowcontrol.RequestDelegated(req.Context())
|
||||
handler.ServeHTTP(w, newReq)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user