Roland.Ma
35
vendor/k8s.io/apiserver/pkg/server/egressselector/config.go
generated
vendored
35
vendor/k8s.io/apiserver/pkg/server/egressselector/config.go
generated
vendored
@@ -22,6 +22,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||
"k8s.io/apiserver/pkg/apis/apiserver"
|
||||
"k8s.io/apiserver/pkg/apis/apiserver/install"
|
||||
@@ -32,6 +33,10 @@ import (
|
||||
|
||||
var cfgScheme = runtime.NewScheme()
|
||||
|
||||
// validEgressSelectorNames contains the set of valid egress selctor names.
|
||||
// 'master' is deprecated in favor of 'controlplane' and will be removed in v1.22.
|
||||
var validEgressSelectorNames = sets.NewString("master", "controlplane", "cluster", "etcd")
|
||||
|
||||
func init() {
|
||||
install.Install(cfgScheme)
|
||||
}
|
||||
@@ -97,6 +102,30 @@ func ValidateEgressSelectorConfiguration(config *apiserver.EgressSelectorConfigu
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
var foundControlPlane, foundMaster bool
|
||||
for _, service := range config.EgressSelections {
|
||||
canonicalName := strings.ToLower(service.Name)
|
||||
|
||||
if !validEgressSelectorNames.Has(canonicalName) {
|
||||
allErrs = append(allErrs, field.NotSupported(field.NewPath("egressSelection", "name"), canonicalName, validEgressSelectorNames.List()))
|
||||
continue
|
||||
}
|
||||
|
||||
if canonicalName == "master" {
|
||||
foundMaster = true
|
||||
}
|
||||
|
||||
if canonicalName == "controlplane" {
|
||||
foundControlPlane = true
|
||||
}
|
||||
}
|
||||
|
||||
// error if both master and controlplane egress selectors are set
|
||||
if foundMaster && foundControlPlane {
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("egressSelection", "name"), "both egressSelection names 'master' and 'controlplane' are specified, only one is allowed"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
}
|
||||
|
||||
@@ -199,7 +228,7 @@ func validateTLSConfig(tlsConfig *apiserver.TLSConfig, fldPath *field.Path) fiel
|
||||
return allErrs
|
||||
}
|
||||
if tlsConfig.CABundle != "" {
|
||||
if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.CABundle); exists == false || err != nil {
|
||||
if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.CABundle); !exists || err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(
|
||||
fldPath.Child("tlsConfig", "caBundle"),
|
||||
tlsConfig.CABundle,
|
||||
@@ -211,7 +240,7 @@ func validateTLSConfig(tlsConfig *apiserver.TLSConfig, fldPath *field.Path) fiel
|
||||
fldPath.Child("tlsConfig", "clientCert"),
|
||||
"nil",
|
||||
"Using TLS requires clientCert"))
|
||||
} else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientCert); exists == false || err != nil {
|
||||
} else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientCert); !exists || err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(
|
||||
fldPath.Child("tlsConfig", "clientCert"),
|
||||
tlsConfig.ClientCert,
|
||||
@@ -222,7 +251,7 @@ func validateTLSConfig(tlsConfig *apiserver.TLSConfig, fldPath *field.Path) fiel
|
||||
fldPath.Child("tlsConfig", "clientKey"),
|
||||
"nil",
|
||||
"Using TLS requires requires clientKey"))
|
||||
} else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientKey); exists == false || err != nil {
|
||||
} else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientKey); !exists || err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(
|
||||
fldPath.Child("tlsConfig", "clientKey"),
|
||||
tlsConfig.ClientKey,
|
||||
|
||||
23
vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go
generated
vendored
23
vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go
generated
vendored
@@ -34,7 +34,7 @@ import (
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/apis/apiserver"
|
||||
egressmetrics "k8s.io/apiserver/pkg/server/egressselector/metrics"
|
||||
"k8s.io/klog"
|
||||
"k8s.io/klog/v2"
|
||||
utiltrace "k8s.io/utils/trace"
|
||||
client "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client"
|
||||
)
|
||||
@@ -47,12 +47,12 @@ type EgressSelector struct {
|
||||
}
|
||||
|
||||
// EgressType is an indicator of which egress selection should be used for sending traffic.
|
||||
// See https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190226-network-proxy.md#network-context
|
||||
// See https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1281-network-proxy/README.md#network-context
|
||||
type EgressType int
|
||||
|
||||
const (
|
||||
// Master is the EgressType for traffic intended to go to the control plane.
|
||||
Master EgressType = iota
|
||||
// ControlPlane is the EgressType for traffic intended to go to the control plane.
|
||||
ControlPlane EgressType = iota
|
||||
// Etcd is the EgressType for traffic intended to go to Kubernetes persistence store.
|
||||
Etcd
|
||||
// Cluster is the EgressType for traffic intended to go to the system being managed by Kubernetes.
|
||||
@@ -73,8 +73,8 @@ type Lookup func(networkContext NetworkContext) (utilnet.DialFunc, error)
|
||||
// String returns the canonical string representation of the egress type
|
||||
func (s EgressType) String() string {
|
||||
switch s {
|
||||
case Master:
|
||||
return "master"
|
||||
case ControlPlane:
|
||||
return "controlplane"
|
||||
case Etcd:
|
||||
return "etcd"
|
||||
case Cluster:
|
||||
@@ -91,8 +91,12 @@ func (s EgressType) AsNetworkContext() NetworkContext {
|
||||
|
||||
func lookupServiceName(name string) (EgressType, error) {
|
||||
switch strings.ToLower(name) {
|
||||
// 'master' is deprecated, interpret "master" as controlplane internally until removed in v1.22.
|
||||
case "master":
|
||||
return Master, nil
|
||||
klog.Warning("EgressSelection name 'master' is deprecated, use 'controlplane' instead")
|
||||
return ControlPlane, nil
|
||||
case "controlplane":
|
||||
return ControlPlane, nil
|
||||
case "etcd":
|
||||
return Etcd, nil
|
||||
case "cluster":
|
||||
@@ -199,7 +203,7 @@ func (u *udsGRPCConnector) connect() (proxier, error) {
|
||||
return c, err
|
||||
})
|
||||
|
||||
tunnel, err := client.CreateGrpcTunnel(udsName, dialOption, grpc.WithInsecure())
|
||||
tunnel, err := client.CreateSingleUseGrpcTunnel(udsName, dialOption, grpc.WithInsecure())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -222,7 +226,7 @@ func (d *dialerCreator) createDialer() utilnet.DialFunc {
|
||||
return directDialer
|
||||
}
|
||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
trace := utiltrace.New(fmt.Sprintf("Proxy via HTTP Connect over %s", d.options.transport), utiltrace.Field{Key: "address", Value: addr})
|
||||
trace := utiltrace.New(fmt.Sprintf("Proxy via %s protocol over %s", d.options.protocol, d.options.transport), utiltrace.Field{Key: "address", Value: addr})
|
||||
defer trace.LogIfLong(500 * time.Millisecond)
|
||||
start := egressmetrics.Metrics.Clock().Now()
|
||||
proxier, err := d.connector.connect()
|
||||
@@ -364,5 +368,6 @@ func (cs *EgressSelector) Lookup(networkContext NetworkContext) (utilnet.DialFun
|
||||
// The round trip wrapper will over-ride the dialContext method appropriately
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return cs.egressToDialer[networkContext.EgressSelectionName], nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user