Merge pull request #36662 from deads2k/fix-proxy-tls
Automatic merge from submit-queue make spdy.roundtripper usable with UpgradeAwareProxyHandler the `spdy.RoundTripper` was incompatible for use on `https` connections by the `UpgradeAwareProxyHandler` because it couldn't find the TLS config. This check would get `nil` https://github.com/kubernetes/kubernetes/blob/master/pkg/util/proxy/dial.go#L48 because it didn't recognize the type which would result in failures later on. That would cause a failure that ripples out to here: https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/generic/rest/proxy.go#L151 and prevents the proxy from working.
This commit is contained in:
		| @@ -72,6 +72,11 @@ func NewSpdyRoundTripper(tlsConfig *tls.Config) *SpdyRoundTripper { | ||||
| 	return &SpdyRoundTripper{tlsConfig: tlsConfig} | ||||
| } | ||||
|  | ||||
| // implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during proxying with a spdy roundtripper | ||||
| func (s *SpdyRoundTripper) TLSClientConfig() *tls.Config { | ||||
| 	return s.tlsConfig | ||||
| } | ||||
|  | ||||
| // dial dials the host specified by req, using TLS if appropriate, optionally | ||||
| // using a proxy server if one is configured via environment variables. | ||||
| func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { | ||||
|   | ||||
| @@ -138,6 +138,10 @@ func CloneTLSConfig(cfg *tls.Config) *tls.Config { | ||||
| 	} | ||||
| } | ||||
|  | ||||
| type TLSClientConfigHolder interface { | ||||
| 	TLSClientConfig() *tls.Config | ||||
| } | ||||
|  | ||||
| func TLSClientConfig(transport http.RoundTripper) (*tls.Config, error) { | ||||
| 	if transport == nil { | ||||
| 		return nil, nil | ||||
| @@ -146,6 +150,8 @@ func TLSClientConfig(transport http.RoundTripper) (*tls.Config, error) { | ||||
| 	switch transport := transport.(type) { | ||||
| 	case *http.Transport: | ||||
| 		return transport.TLSClientConfig, nil | ||||
| 	case TLSClientConfigHolder: | ||||
| 		return transport.TLSClientConfig(), nil | ||||
| 	case RoundTripperWrapper: | ||||
| 		return TLSClientConfig(transport.WrappedRoundTripper()) | ||||
| 	default: | ||||
|   | ||||
| @@ -218,3 +218,24 @@ func TestProxierWithNoProxyCIDR(t *testing.T) { | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
|  | ||||
| type fakeTLSClientConfigHolder struct { | ||||
| 	called bool | ||||
| } | ||||
|  | ||||
| func (f *fakeTLSClientConfigHolder) TLSClientConfig() *tls.Config { | ||||
| 	f.called = true | ||||
| 	return nil | ||||
| } | ||||
| func (f *fakeTLSClientConfigHolder) RoundTrip(*http.Request) (*http.Response, error) { | ||||
| 	return nil, nil | ||||
| } | ||||
|  | ||||
| func TestTLSClientConfigHolder(t *testing.T) { | ||||
| 	rt := &fakeTLSClientConfigHolder{} | ||||
| 	TLSClientConfig(rt) | ||||
|  | ||||
| 	if !rt.called { | ||||
| 		t.Errorf("didn't find tls config") | ||||
| 	} | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Kubernetes Submit Queue
					Kubernetes Submit Queue