Align lifecycle handlers and probes

Align the behavior of HTTP-based lifecycle handlers and HTTP-based
probers, converging on the probers implementation. This fixes multiple
deficiencies in the current implementation of lifecycle handlers
surrounding what functionality is available.

The functionality is gated by the features.ConsistentHTTPGetHandlers feature gate.

pkg/probe/http/http.go

@@ -21,11 +21,9 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"net/url"
 	"time"
 
 	utilnet "k8s.io/apimachinery/pkg/util/net"
-	"k8s.io/component-base/version"
 	"k8s.io/kubernetes/pkg/probe"
 
 	"k8s.io/klog/v2"
@@ -63,7 +61,7 @@ func NewWithTLSConfig(config *tls.Config, followNonLocalRedirects bool) Prober {
 
 // Prober is an interface that defines the Probe function for doing HTTP readiness/liveness checks.
 type Prober interface {
-	Probe(url *url.URL, headers http.Header, timeout time.Duration) (probe.Result, string, error)
+	Probe(req *http.Request, timeout time.Duration) (probe.Result, string, error)
 }
 
 type httpProber struct {
@@ -71,14 +69,14 @@ type httpProber struct {
 	followNonLocalRedirects bool
 }
 
-// Probe returns a probing result. The only case the err will not be nil is when there is a problem reading the response body.
-func (pr httpProber) Probe(url *url.URL, headers http.Header, timeout time.Duration) (probe.Result, string, error) {
+// Probe returns a ProbeRunner capable of running an HTTP check.
+func (pr httpProber) Probe(req *http.Request, timeout time.Duration) (probe.Result, string, error) {
 	client := &http.Client{
 		Timeout:       timeout,
 		Transport:     pr.transport,
-		CheckRedirect: redirectChecker(pr.followNonLocalRedirects),
+		CheckRedirect: RedirectChecker(pr.followNonLocalRedirects),
 	}
-	return DoHTTPProbe(url, headers, client)
+	return DoHTTPProbe(req, client)
 }
 
 // GetHTTPInterface is an interface for making HTTP requests, that returns a response and error.
@@ -90,29 +88,9 @@ type GetHTTPInterface interface {
 // If the HTTP response code is successful (i.e. 400 > code >= 200), it returns Success.
 // If the HTTP response code is unsuccessful or HTTP communication fails, it returns Failure.
 // This is exported because some other packages may want to do direct HTTP probes.
-func DoHTTPProbe(url *url.URL, headers http.Header, client GetHTTPInterface) (probe.Result, string, error) {
-	req, err := http.NewRequest("GET", url.String(), nil)
-	if err != nil {
-		// Convert errors into failures to catch timeouts.
-		return probe.Failure, err.Error(), nil
-	}
-	if headers == nil {
-		headers = http.Header{}
-	}
-	if _, ok := headers["User-Agent"]; !ok {
-		// explicitly set User-Agent so it's not set to default Go value
-		v := version.Get()
-		headers.Set("User-Agent", fmt.Sprintf("kube-probe/%s.%s", v.Major, v.Minor))
-	}
-	if _, ok := headers["Accept"]; !ok {
-		// Accept header was not defined. accept all
-		headers.Set("Accept", "*/*")
-	} else if headers.Get("Accept") == "" {
-		// Accept header was overridden but is empty. removing
-		headers.Del("Accept")
-	}
-	req.Header = headers
-	req.Host = headers.Get("Host")
+func DoHTTPProbe(req *http.Request, client GetHTTPInterface) (probe.Result, string, error) {
+	url := req.URL
+	headers := req.Header
 	res, err := client.Do(req)
 	if err != nil {
 		// Convert errors into failures to catch timeouts.
@@ -140,7 +118,8 @@ func DoHTTPProbe(url *url.URL, headers http.Header, client GetHTTPInterface) (pr
 	return probe.Failure, fmt.Sprintf("HTTP probe failed with statuscode: %d", res.StatusCode), nil
 }
 
-func redirectChecker(followNonLocalRedirects bool) func(*http.Request, []*http.Request) error {
+// RedirectChecker returns a function that can be used to check HTTP redirects.
+func RedirectChecker(followNonLocalRedirects bool) func(*http.Request, []*http.Request) error {
 	if followNonLocalRedirects {
 		return nil // Use the default http client checker.
 	}

pkg/probe/http/http_test.go

@@ -84,7 +84,13 @@ func TestHTTPProbeProxy(t *testing.T) {
 	if err != nil {
 		t.Errorf("proxy test unexpected error: %v", err)
 	}
-	_, response, _ := prober.Probe(url, http.Header{}, time.Second*3)
+
+	req, err := NewProbeRequest(url, http.Header{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, response, _ := prober.Probe(req, time.Second*3)
 
 	if response == res {
 		t.Errorf("proxy test unexpected error: the probe is using proxy")
@@ -376,7 +382,11 @@ func TestHTTPProbeChecker(t *testing.T) {
 			if err != nil {
 				t.Errorf("case %d: unexpected error: %v", i, err)
 			}
-			health, output, err := prober.Probe(u, test.reqHeaders, 1*time.Second)
+			req, err := NewProbeRequest(u, test.reqHeaders)
+			if err != nil {
+				t.Fatal(err)
+			}
+			health, output, err := prober.Probe(req, 1*time.Second)
 			if test.health == probe.Unknown && err == nil {
 				t.Errorf("case %d: expected error", i)
 			}
@@ -436,7 +446,9 @@ func TestHTTPProbeChecker_NonLocalRedirects(t *testing.T) {
 			prober := New(followNonLocalRedirects)
 			target, err := url.Parse(server.URL + "/redirect?loc=" + url.QueryEscape(test.redirect))
 			require.NoError(t, err)
-			result, _, _ := prober.Probe(target, nil, wait.ForeverTestTimeout)
+			req, err := NewProbeRequest(target, nil)
+			require.NoError(t, err)
+			result, _, _ := prober.Probe(req, wait.ForeverTestTimeout)
 			assert.Equal(t, test.expectLocalResult, result)
 		})
 		t.Run(desc+"-nonlocal", func(t *testing.T) {
@@ -444,7 +456,9 @@ func TestHTTPProbeChecker_NonLocalRedirects(t *testing.T) {
 			prober := New(followNonLocalRedirects)
 			target, err := url.Parse(server.URL + "/redirect?loc=" + url.QueryEscape(test.redirect))
 			require.NoError(t, err)
-			result, _, _ := prober.Probe(target, nil, wait.ForeverTestTimeout)
+			req, err := NewProbeRequest(target, nil)
+			require.NoError(t, err)
+			result, _, _ := prober.Probe(req, wait.ForeverTestTimeout)
 			assert.Equal(t, test.expectNonLocalResult, result)
 		})
 	}
@@ -486,7 +500,9 @@ func TestHTTPProbeChecker_HostHeaderPreservedAfterRedirect(t *testing.T) {
 			prober := New(followNonLocalRedirects)
 			target, err := url.Parse(server.URL + "/redirect")
 			require.NoError(t, err)
-			result, _, _ := prober.Probe(target, headers, wait.ForeverTestTimeout)
+			req, err := NewProbeRequest(target, headers)
+			require.NoError(t, err)
+			result, _, _ := prober.Probe(req, wait.ForeverTestTimeout)
 			assert.Equal(t, test.expectedResult, result)
 		})
 		t.Run(desc+"nonlocal", func(t *testing.T) {
@@ -494,7 +510,9 @@ func TestHTTPProbeChecker_HostHeaderPreservedAfterRedirect(t *testing.T) {
 			prober := New(followNonLocalRedirects)
 			target, err := url.Parse(server.URL + "/redirect")
 			require.NoError(t, err)
-			result, _, _ := prober.Probe(target, headers, wait.ForeverTestTimeout)
+			req, err := NewProbeRequest(target, headers)
+			require.NoError(t, err)
+			result, _, _ := prober.Probe(req, wait.ForeverTestTimeout)
 			assert.Equal(t, test.expectedResult, result)
 		})
 	}
@@ -527,7 +545,9 @@ func TestHTTPProbeChecker_PayloadTruncated(t *testing.T) {
 		prober := New(false)
 		target, err := url.Parse(server.URL + "/success")
 		require.NoError(t, err)
-		result, body, err := prober.Probe(target, headers, wait.ForeverTestTimeout)
+		req, err := NewProbeRequest(target, headers)
+		require.NoError(t, err)
+		result, body, err := prober.Probe(req, wait.ForeverTestTimeout)
 		assert.NoError(t, err)
 		assert.Equal(t, probe.Success, result)
 		assert.Equal(t, string(truncatedPayload), body)
@@ -560,7 +580,9 @@ func TestHTTPProbeChecker_PayloadNormal(t *testing.T) {
 		prober := New(false)
 		target, err := url.Parse(server.URL + "/success")
 		require.NoError(t, err)
-		result, body, err := prober.Probe(target, headers, wait.ForeverTestTimeout)
+		req, err := NewProbeRequest(target, headers)
+		require.NoError(t, err)
+		result, body, err := prober.Probe(req, wait.ForeverTestTimeout)
 		assert.NoError(t, err)
 		assert.Equal(t, probe.Success, result)
 		assert.Equal(t, string(normalPayload), body)

pkg/probe/http/request.go

@@ -0,0 +1,119 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package http
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/component-base/version"
+	"k8s.io/kubernetes/pkg/probe"
+)
+
+// NewProbeRequest returns an http.Request suitable for use as a request for a
+// probe.
+func NewProbeRequest(url *url.URL, headers http.Header) (*http.Request, error) {
+	return newProbeRequest(url, headers, "probe")
+}
+
+// NewRequestForHTTPGetAction returns an http.Request derived from httpGet.
+// When httpGet.Host is empty, podIP will be used instead.
+func NewRequestForHTTPGetAction(httpGet *v1.HTTPGetAction, container *v1.Container, podIP string, userAgentFragment string) (*http.Request, error) {
+	scheme := strings.ToLower(string(httpGet.Scheme))
+	if scheme == "" {
+		scheme = "http"
+	}
+
+	host := httpGet.Host
+	if host == "" {
+		host = podIP
+	}
+
+	port, err := probe.ResolveContainerPort(httpGet.Port, container)
+	if err != nil {
+		return nil, err
+	}
+
+	path := httpGet.Path
+	url := formatURL(scheme, host, port, path)
+	headers := v1HeaderToHTTPHeader(httpGet.HTTPHeaders)
+
+	return newProbeRequest(url, headers, userAgentFragment)
+}
+
+func newProbeRequest(url *url.URL, headers http.Header, userAgentFragment string) (*http.Request, error) {
+	req, err := http.NewRequest("GET", url.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if headers == nil {
+		headers = http.Header{}
+	}
+	if _, ok := headers["User-Agent"]; !ok {
+		// User-Agent header was not defined, set it
+		headers.Set("User-Agent", userAgent(userAgentFragment))
+	}
+	if _, ok := headers["Accept"]; !ok {
+		// Accept header was not defined. accept all
+		headers.Set("Accept", "*/*")
+	} else if headers.Get("Accept") == "" {
+		// Accept header was overridden but is empty. removing
+		headers.Del("Accept")
+	}
+	req.Header = headers
+	req.Host = headers.Get("Host")
+
+	return req, nil
+}
+
+func userAgent(purpose string) string {
+	v := version.Get()
+	return fmt.Sprintf("kube-%s/%s.%s", purpose, v.Major, v.Minor)
+}
+
+// formatURL formats a URL from args.  For testability.
+func formatURL(scheme string, host string, port int, path string) *url.URL {
+	u, err := url.Parse(path)
+	// Something is busted with the path, but it's too late to reject it. Pass it along as is.
+	//
+	// This construction of a URL may be wrong in some cases, but it preserves
+	// legacy prober behavior.
+	if err != nil {
+		u = &url.URL{
+			Path: path,
+		}
+	}
+	u.Scheme = scheme
+	u.Host = net.JoinHostPort(host, strconv.Itoa(port))
+	return u
+}
+
+// v1HeaderToHTTPHeader takes a list of HTTPHeader <name, value> string pairs
+// and returns a populated string->[]string http.Header map.
+func v1HeaderToHTTPHeader(headerList []v1.HTTPHeader) http.Header {
+	headers := make(http.Header)
+	for _, header := range headerList {
+		headers[header.Name] = append(headers[header.Name], header.Value)
+	}
+	return headers
+}

pkg/probe/http/request_test.go

@@ -0,0 +1,40 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package http
+
+import "testing"
+
+func TestFormatURL(t *testing.T) {
+	testCases := []struct {
+		scheme string
+		host   string
+		port   int
+		path   string
+		result string
+	}{
+		{"http", "localhost", 93, "", "http://localhost:93"},
+		{"https", "localhost", 93, "/path", "https://localhost:93/path"},
+		{"http", "localhost", 93, "?foo", "http://localhost:93?foo"},
+		{"https", "localhost", 93, "/path?bar", "https://localhost:93/path?bar"},
+	}
+	for _, test := range testCases {
+		url := formatURL(test.scheme, test.host, test.port, test.path)
+		if url.String() != test.result {
+			t.Errorf("Expected %s, got %s", test.result, url.String())
+		}
+	}
+}

pkg/probe/util.go

@@ -0,0 +1,57 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package probe
+
+import (
+	"fmt"
+	"strconv"
+
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+func ResolveContainerPort(param intstr.IntOrString, container *v1.Container) (int, error) {
+	port := -1
+	var err error
+	switch param.Type {
+	case intstr.Int:
+		port = param.IntValue()
+	case intstr.String:
+		if port, err = findPortByName(container, param.StrVal); err != nil {
+			// Last ditch effort - maybe it was an int stored as string?
+			if port, err = strconv.Atoi(param.StrVal); err != nil {
+				return port, err
+			}
+		}
+	default:
+		return port, fmt.Errorf("intOrString had no kind: %+v", param)
+	}
+	if port > 0 && port < 65536 {
+		return port, nil
+	}
+	return port, fmt.Errorf("invalid port number: %v", port)
+}
+
+// findPortByName is a helper function to look up a port in a container by name.
+func findPortByName(container *v1.Container, portName string) (int, error) {
+	for _, port := range container.Ports {
+		if port.Name == portName {
+			return int(port.ContainerPort), nil
+		}
+	}
+	return 0, fmt.Errorf("port %s not found", portName)
+}

pkg/probe/util_test.go

@@ -0,0 +1,43 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package probe
+
+import (
+	"testing"
+
+	v1 "k8s.io/api/core/v1"
+)
+
+func TestFindPortByName(t *testing.T) {
+	container := v1.Container{
+		Ports: []v1.ContainerPort{
+			{
+				Name:          "foo",
+				ContainerPort: 8080,
+			},
+			{
+				Name:          "bar",
+				ContainerPort: 9000,
+			},
+		},
+	}
+	want := 8080
+	got, err := findPortByName(&container, "foo")
+	if got != want || err != nil {
+		t.Errorf("Expected %v, got %v, err: %v", want, got, err)
+	}
+}