github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Make UpgradeAwareProxyHandler use transport.Dial if provided

Browse Source 
This change is required for the handler to work with sshtunnels.
Without it, `kubectl exec` and `kubectl port-forward` are broken
when an ssh proxy is used (see #9292). I manually verified this
fixes that issue, e2e test coming shortly.
This commit is contained in:
Jeff Lowdermilk 2015-06-29 22:33:48 -07:00
parent bd12aefdf2
commit f0a36b0afd
1 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
pkg/registry/generic/rest/proxy.go
View File

@ -174,24 +174,57 @@ func (h *UpgradeAwareProxyHandler) tryUpgrade(w http.ResponseWriter, req *http.R
func (h *UpgradeAwareProxyHandler) dialURL() (net.Conn, error) { func (h *UpgradeAwareProxyHandler) dialURL() (net.Conn, error) {
dialAddr := netutil.CanonicalAddr(h.Location) dialAddr := netutil.CanonicalAddr(h.Location)
var dialer func(network, addr string) (net.Conn, error)
if httpTransport, ok := h.Transport.(*http.Transport); ok && httpTransport.Dial != nil {
dialer = httpTransport.Dial
}
switch h.Location.Scheme { switch h.Location.Scheme {
case "http": case "http":
if dialer != nil {
return dialer("tcp", dialAddr)
}
return net.Dial("tcp", dialAddr) return net.Dial("tcp", dialAddr)
case "https": case "https":
// TODO: this TLS logic can probably be cleaned up; it's messy in an attempt
// to preserve behavior that we don't know for sure is exercised.
// Get the tls config from the transport if we recognize it // Get the tls config from the transport if we recognize it
var tlsConfig *tls.Config var tlsConfig *tls.Config
var tlsConn *tls.Conn
var err error
if h.Transport != nil { if h.Transport != nil {
httpTransport, ok := h.Transport.(*http.Transport) httpTransport, ok := h.Transport.(*http.Transport)
if ok { if ok {
tlsConfig = httpTransport.TLSClientConfig tlsConfig = httpTransport.TLSClientConfig
} }
} }
if dialer != nil {
// Dial // We have a dialer; use it to open the connection, then
tlsConn, err := tls.Dial("tcp", dialAddr, tlsConfig) // create a tls client using the connection.
netConn, err := dialer("tcp", dialAddr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// tls.Client requires non-nil config
if tlsConfig == nil {
glog.Warningf("using custom dialer with no TLSClientConfig. Defaulting to InsecureSkipVerify")
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
tlsConn = tls.Client(netConn, tlsConfig)
if err := tlsConn.Handshake(); err != nil {
return nil, err
}
} else {
// Dial
tlsConn, err = tls.Dial("tcp", dialAddr, tlsConfig)
if err != nil {
return nil, err
}
}
// Verify // Verify
host, _, _ := net.SplitHostPort(dialAddr) host, _, _ := net.SplitHostPort(dialAddr)
@ -202,7 +235,7 @@ func (h *UpgradeAwareProxyHandler) dialURL() (net.Conn, error) {
return tlsConn, nil return tlsConn, nil
default: default:
return nil, fmt.Errorf("Unknown scheme: %s", h.Location.Scheme) return nil, fmt.Errorf("unknown scheme: %s", h.Location.Scheme)
} }
} }