github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e3d754a055be5c8327d3cfabe523187d8c52769d
kubernetes/staging
History
Kubernetes Submit Queue ac495f169b Merge pull request #58644 from yguo0905/webhooks 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use SSH tunnel for webhook communication iff the webhook is deployed as a service

**What this PR does / why we need it**:

We are getting the following error when the apiserver connects the webhook on localhost (configured via URL). We should only use the SSL tunnel for the connections to nodes when the webhooks are running as services.

```
I0119 17:41:18.678436       1 ssh.go:400] [4cdf44753cc3705d: localhost:10258] Dialing...
W0119 17:41:18.678483       1 ssh.go:424] SSH tunnel not found for address "localhost", picking random node
I0119 17:41:18.679810       1 ssh.go:402] [4cdf44753cc3705d: localhost:10258] Dialed in 1.398691ms.
W0119 17:41:18.679928       1 admission.go:256] Failed calling webhook, failing closed xxx: failed calling admission webhook "xxx": Post xxx: ssh: rejected: connect failed (Connection refused)
I0119 17:41:18.680346       1 wrap.go:42] POST /api/v1/namespaces/kube-system/pods: (5.725588ms) 500
```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubernetes/issues/58779

**Special notes for your reviewer**:

**Release note**:

```release-note
kube-apiserver is changed to use SSH tunnels for webhook iff the webhook is not directly routable from apiserver's network environment.
```

/assign @lavalamp @caesarxuchao @cheftako
2018-01-26 15:58:27 -08:00
..
src/k8s.io
Merge pull request #58644 from yguo0905/webhooks
2018-01-26 15:58:27 -08:00
BUILD
create auto-gen files
2018-01-17 16:23:03 +08:00
OWNERS
README.md
Add link to k8s.io/sample-controller
2017-10-19 15:46:36 +01:00

README.md

External Repository Staging Area

This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.

Repositories currently staged here:

The code in the staging/ directory is authoritative, i.e. the only copy of the code. You can directly modify such code.

Using staged repositories from Kubernetes code

Kubernetes code uses the repositories in this directory via symlinks in the vendor/k8s.io directory into this staging area. For example, when Kubernetes code imports a package from the k8s.io/client-go repository, that import is resolved to staging/src/k8s.io/client-go relative to the project root:

// pkg/example/some_code.go
package example

import (
  "k8s.io/client-go/dynamic" // resolves to staging/src/k8s.io/client-go/dynamic
)

Once the change-over to external repositories is complete, these repositories will actually be vendored from k8s.io/<package-name>.