kubernetes · liggitt · Sep 1, 2020 · Sep 16, 2020 · Sep 16, 2020
diff --git a/pkg/registry/core/pod/rest/subresources.go b/pkg/registry/core/pod/rest/subresources.go
@@ -71,7 +71,9 @@ func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object,
 	if err != nil {
 		return nil, err
 	}
+	fmt.Println(74, location.String())
 	location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path)
+	fmt.Println(76, location.String())
 	// Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc)
 	return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, false, responder), nil
 }

diff --git a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go
@@ -164,7 +164,10 @@ func NewUpgradeRequestRoundTripper(connection, request http.RoundTripper) Upgrad
 
 // normalizeLocation returns the result of parsing the full URL, with scheme set to http if missing
 func normalizeLocation(location *url.URL) *url.URL {
-	normalized, _ := url.Parse(location.String())
+	normalized, err := url.Parse(location.String())
+	if err != nil {
+		panic(fmt.Errorf("error parsing %s (from %#v): %v", location.String(), location, err))
+	}
 	if len(normalized.Scheme) == 0 {
 		normalized.Scheme = "http"
 	}

diff --git a/test/e2e/network/BUILD b/test/e2e/network/BUILD
@@ -65,6 +65,7 @@ go_library(
         "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
         "//staging/src/k8s.io/client-go/tools/cache:go_default_library",
         "//staging/src/k8s.io/client-go/tools/watch:go_default_library",
+        "//staging/src/k8s.io/client-go/transport:go_default_library",
         "//staging/src/k8s.io/client-go/util/flowcontrol:go_default_library",
         "//staging/src/k8s.io/client-go/util/retry:go_default_library",
         "//staging/src/k8s.io/client-go/util/workqueue:go_default_library",

diff --git a/test/e2e/network/proxy.go b/test/e2e/network/proxy.go
@@ -32,7 +32,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/net"
+	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/transport"
 	"k8s.io/kubernetes/test/e2e/framework"
 	e2enode "k8s.io/kubernetes/test/e2e/framework/node"
 	e2erc "k8s.io/kubernetes/test/e2e/framework/rc"
@@ -52,6 +54,8 @@ const (
 
 	// We have seen one of these calls take just over 15 seconds, so putting this at 30.
 	proxyHTTPCallTimeout = 30 * time.Second
+	podRetryPeriod       = 1 * time.Second
+	podRetryTimeout      = 1 * time.Minute
 )
 
 var _ = SIGDescribe("Proxy", func() {
@@ -258,9 +262,87 @@ var _ = SIGDescribe("Proxy", func() {
 				framework.Failf(strings.Join(errs, "\n"))
 			}
 		})
+
+		ginkgo.It("proxy connection returns a series of 301 redirections for a pod", func() {
+			ns := f.Namespace.Name
+			httpVerbs := []string{"DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"}
+
+			ginkgo.By("Creating a Pod")
+			_, err := f.ClientSet.CoreV1().Pods(ns).Create(context.TODO(), &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "proxy-pod-target",
+					Labels: map[string]string{
+						"test": "redirect"},
+				},
+				Spec: v1.PodSpec{
+					Containers: []v1.Container{{
+						Image: imageutils.GetE2EImage(imageutils.Agnhost),
+						Name:  "agnhost",
+					}},
+					RestartPolicy: v1.RestartPolicyNever,
+				}}, metav1.CreateOptions{})
+			framework.ExpectNoError(err, "failed to create pod")
+			framework.Logf("pod created")
+
+			err = wait.PollImmediate(podRetryPeriod, podRetryTimeout, checkPodStatus(f, "test=redirect"))
+			framework.ExpectNoError(err, "Pod didn't start within time out period")
+
+			transportCfg, err := f.ClientConfig().TransportConfig()
+			framework.ExpectNoError(err, "Error accessing TransportConfig")
+			tlsCfg, err := transport.TLSConfigFor(transportCfg)
+			framework.ExpectNoError(err, "Error accessing TLSConfigFor(transportCfg)")
+			// Disable 301 automatic follow
+			client := &http.Client{
+				CheckRedirect: func(req *http.Request, via []*http.Request) error {
+					return http.ErrUseLastResponse
+				},
+				Transport: &http.Transport{TLSClientConfig: tlsCfg},
+			}
+
+			for _, httpVerb := range httpVerbs {
+
+				// Using http.Client to verify 301 redirect from .../proxy to .../proxy/
+				urlString := f.ClientConfig().Host + "/api/v1/namespaces/" + ns + "/pods/proxy-pod-target/proxy"
+				framework.Logf("Starting http.Client for %s", urlString)
+
+				request, err := http.NewRequest(httpVerb, urlString, nil)
+				framework.ExpectNoError(err, "processing request")
+
+				if len(f.ClientConfig().BearerToken) != 0 {
+					request.Header.Set("Authorization", "Bearer "+f.ClientConfig().BearerToken)
+				}
+
+				resp, err := client.Do(request)
+				framework.ExpectNoError(err, "processing response")
+				defer resp.Body.Close()
+
+				framework.Logf("http.Client request:%s StatusCode:%d", httpVerb, resp.StatusCode)
+				framework.ExpectEqual(resp.StatusCode, 301, "The resp.StatusCode returned: %d", resp.StatusCode)
+			}
+		})
 	})
 })
 
+func checkPodStatus(f *framework.Framework, label string) func() (bool, error) {
+	return func() (bool, error) {
+		var err error
+
+		list, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).List(context.TODO(), metav1.ListOptions{
+			LabelSelector: label})
+
+		if err != nil {
+			return false, err
+		}
+
+		if list.Items[0].Status.Phase == "Pending" {
+			framework.Logf("Pod Quantity: %d Status: %s", len(list.Items), list.Items[0].Status.Phase)
+			return false, err
+		}
+		framework.Logf("Pod Status: %v", list.Items[0].Status.Phase)
+		return true, nil
+	}
+}
+
 func doProxy(f *framework.Framework, path string, i int) (body []byte, statusCode int, d time.Duration, err error) {
 	// About all of the proxy accesses in this file:
 	// * AbsPath is used because it preserves the trailing '/'.