Production-Grade Container Scheduling and Management
Go to file
Kubernetes Submit Queue 8787b13d75 Merge pull request #43922 from cezarsa/spdy-fix
Automatic merge from submit-queue

prevent corrupted spdy stream after hijacking connection

This PR fixes corner case in spdy stream code where some bytes would never arrive at the server.

Reading directly from a hijacked connection isn't safe because some data may have already been read by the server before `Hijack` was called. To ensure all data will be received it's safer to read from the returned `bufio.Reader`. This problem seem to happen more frequently when using Go 1.8.
This is described in https://golang.org/pkg/net/http/#Hijacker:

> // The returned bufio.Reader may contain unprocessed buffered
   // data from the client.

I came across this while debugging a flaky test that used code from the `k8s.io/apimachinery/pkg/util/httpstream/spdy` package. After filling the code with debug logs and long hours running the tests in loop in the hope of catching the error I finally caught something weird.

The first word on the first spdy frame [read by the server here](b625085230/vendor/github.com/docker/spdystream/spdy/read.go (L148)) had the value `0x03000100`. See, the first frame to arrive on the server was supposed to be a control frame indicating the creation of a new stream, but all control frames need the high-order bit set to 1, which was not the case here, so the saver mistakenly assumed this was a data frame and the stream would never be created. The correct value for the first word of a SYN_STREAM frame was supposed to be `0x80030001` and this lead me on the path of finding who had consumed the first 1 byte prior to the frame reader being called and finally finding the problem with the Hijack call.

I added a new test to try stressing this condition and ensuring that this bug doesn't happen anymore. However, it's quite ugly as it loops 1000 times creating streams on servers to increase the chances of this bug happening. So, I'm not sure whether it's worth it to keep this test or if I should remove it from the PR. Please let me know what you guys think and I'll be happy to update this.

Fixes #45093 #45089 #45078 #45075 #45072 #45066 #45023
2017-04-28 07:40:03 -07:00
.github PR template: Update links to kubernetes/community repo 2017-03-17 12:23:58 -04:00
api Add PATCH to supported list of proxy subresource verbs 2017-04-27 10:38:10 -04:00
build Merge pull request #44346 from mikedanese/build-static 2017-04-27 12:11:00 -07:00
cluster Merge pull request #45055 from nicksardo/glbc-v0.9.3-bump 2017-04-27 18:03:33 -07:00
cmd Merge pull request #44888 from caesarxuchao/clean-deepcopy-init 2017-04-27 18:48:28 -07:00
docs Add PATCH to supported list of proxy subresource verbs 2017-04-27 10:38:10 -04:00
examples Merge pull request #44804 from humblec/glusterfs-rearrange 2017-04-27 08:57:32 -07:00
federation Merge pull request #44888 from caesarxuchao/clean-deepcopy-init 2017-04-27 18:48:28 -07:00
Godeps Merge pull request #41197 from aleksandra-malinowska/monitoring-test 2017-04-27 03:44:22 -07:00
hack Update gazel to v17 2017-04-27 15:01:34 -07:00
hooks
logo
pkg Merge pull request #43477 from gnufied/cloudprovider-aws-metrics 2017-04-28 01:35:17 -07:00
plugin Merge pull request #44888 from caesarxuchao/clean-deepcopy-init 2017-04-27 18:48:28 -07:00
staging Merge pull request #43922 from cezarsa/spdy-fix 2017-04-28 07:40:03 -07:00
test Merge pull request #41254 from shashidharatd/federation-service-e2e-1 2017-04-27 17:14:06 -07:00
third_party autogenerated 2017-04-14 10:40:57 -07:00
translations Extract a bunch more strings from kubectl 2017-04-06 20:12:50 -07:00
vendor Merge pull request #41197 from aleksandra-malinowska/monitoring-test 2017-04-27 03:44:22 -07:00
.bazelrc Add verify-gofmt as a Bazel test. 2017-02-10 17:00:28 -08:00
.gazelcfg.json Add go_genrule for zz_generated.openapi.go. 2017-04-25 17:51:36 -07:00
.generated_files Move .generated_docs to docs/ so docs OWNERS can review / approve 2017-02-16 10:11:57 -08:00
.gitattributes
.gitignore Remove verify_gen_openapi make rule. 2017-04-25 17:41:33 -07:00
BUILD.bazel Update repo-infra bazel dependency and use new gcs_upload rule 2017-04-25 13:45:28 -07:00
CHANGELOG.md Update CHANGELOG.md for v1.5.7. 2017-04-27 08:07:09 -04:00
code-of-conduct.md
CONTRIBUTING.md Close kubernetes/community#420 2017-03-08 09:59:30 -08:00
labels.yaml
LICENSE
Makefile Remove verify_gen_openapi make rule. 2017-04-25 17:41:33 -07:00
Makefile.generated_files Remove verify_gen_openapi make rule. 2017-04-25 17:41:33 -07:00
OWNERS
OWNERS_ALIASES Merge pull request #42953 from kargakis/rm-myself 2017-04-03 01:50:58 -07:00
README.md Adjust the link to the right troubleshooting doc page 2017-04-13 08:20:39 +00:00
Vagrantfile
WORKSPACE update libc 2017-04-27 11:59:18 -07:00

Kubernetes

Submit Queue Widget GoDoc Widget


Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.

Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Kubernetes plays a role, read the CNCF announcement.


To start using Kubernetes

See our documentation on kubernetes.io.

Try our interactive tutorial.

Take a free course on Scalable Microservices with Kubernetes.

To start developing Kubernetes

The community repository hosts all information about building Kubernetes from source, how to contribute code and documentation, who to contact about what, etc.

If you want to build Kubernetes right away there are two options:

You have a working Go environment.
$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
You have a working Docker environment.
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

If you are less impatient, head over to the developer's documentation.

Support

If you need support, start with the troubleshooting guide and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another.

Analytics