Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: Utilize transport defaults from API machinery for http calls inside kubeadm #53895

Merged
merged 1 commit into from
Jan 20, 2018
Merged

kubeadm: Utilize transport defaults from API machinery for http calls inside kubeadm #53895

merged 1 commit into from
Jan 20, 2018
+17 −7

Conversation

kad
Copy link
Member

@kad kad commented Oct 13, 2017
edited
Loading

What this PR does / why we need it:
Default Go HTTP transport does not allow to use CIDR notations in
NO_PROXY variables, thus for certain HTTP calls that is done inside
kubeadm user needs to put explicitly multiple IP addresses. For most of
calls done via API machinery it is get solved by setting different Proxy
resolver. This patch allows to use CIDR notations in NO_PROXY variables
for currently all other HTTP calls that is made inside kubeadm.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes kubernetes/kubeadm#324

Special notes for your reviewer:
Based on discussion in #52788, replacing this patch replacing all calls inside kubeadm that are done via DefaultTransport to explicitly defined and initialized with API machinery defaults Transport and http client.

Release note:

- kubeadm now supports CIDR notations in NO_PROXY environment variable

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 13, 2017
@kad
Copy link
Member Author

kad commented Oct 14, 2017

/retest

@kad
Copy link
Member Author

kad commented Oct 28, 2017

@luxas @liggitt please have a look at this PR as a replacement for opposed #52788

@kad kad mentioned this pull request Oct 28, 2017
Closed
liggitt
liggitt reviewed Oct 30, 2017
View reviewed changes
cmd/kubeadm/app/discovery/https/https.go
@@ -29,7 +30,8 @@ import (
// securely to the API Server using the provided CA cert and
// optionally refreshes the cluster-info information from the cluster-info ConfigMap
func RetrieveValidatedClusterInfo(httpsURL string) (*clientcmdapi.Cluster, error) {
response, err := http.Get(httpsURL)
client := &http.Client{Transport: netutil.SetOldTransportDefaults(&http.Transport{})}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not SetTransportDefaults?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SetTransportDefaults does http2 initialization, which in most cases here is not expected.
Even SetOldTransportDefaults does a bit more than expected, but setting defaults for Dialer and TLSHandshakeTimeout is safe enough to not be worried about.

@liggitt
Copy link
Member

liggitt commented Oct 30, 2017

could have a kubeadm default client constructed using the cidr-supporting no-proxy rather than constructing one-off clients all over the place

also, is there a reason not to use SetTransportDefaults?

lgtm otherwise

@justinsb justinsb removed their assignment Nov 1, 2017
@kad
Copy link
Member Author

kad commented Nov 1, 2017

@liggitt regarding sharing one client: we have in places like etcd connection different settings for client applied (tls, timeouts). In all other places, I think it is better for now keep as it is, rather than introduce global variable for kubeadm that would keep once constructed client.

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 9, 2017
@kad
kubeadm: Utilize transport defaults from API machinery for http calls
4bd692a 
Default Go HTTP transport does not allow to use CIDR notations in
NO_PROXY variables, thus for certain HTTP calls that is done inside
kubeadm user needs to put explicitly multiple IP addresses. For most of
calls done via API machinery it is get solved by setting different Proxy
resolver. This patch allows to use CIDR notations in NO_PROXY variables
for currently all other HTTP calls that is made inside kubeadm.
@kad kad force-pushed the kubeadm-proxy-transports branch from 348d9b4 to 4bd692a Compare November 10, 2017 12:14
@k8s-github-robot k8s-github-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2017
@luxas
Copy link
Member

luxas commented Nov 13, 2017

@liggitt deferring this to your assessment

@kad
Copy link
Member Author

kad commented Nov 21, 2017

@liggitt ping

@liggitt
Copy link
Member

liggitt commented Nov 22, 2017

I think construction of ad-hoc clients throughout kubeadm, and use of SetOldTransportDefaults should be revisited, but this is a strict improvement over what currently exists

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 22, 2017
@k8s-github-robot
Copy link

/test all

Tests are more than 96 hours old. Re-running tests.

timothysc
timothysc approved these changes Jan 19, 2018
View reviewed changes
Copy link
Member

@timothysc timothysc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kubernetes kubernetes deleted a comment from k8s-github-robot Jan 19, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kad, liggitt, timothysc

Associated issue: #324

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 19, 2018
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 4b41a54 into kubernetes:master Jan 20, 2018
@kke kke mentioned this pull request Nov 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@timothysc timothysc timothysc approved these changes

Assignees

@liggitt liggitt

@luxas luxas

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Where does kubeadm take the proxy settings from?
8 participants
@kad @liggitt @luxas @k8s-github-robot @k8s-ci-robot @fejta-bot @timothysc @justinsb