Update kine/dynamiclistener

This commit is contained in:
Darren Shepherd 2019-11-13 06:05:20 +00:00
parent 3d7781df70
commit 0a06949b9c
12 changed files with 96 additions and 30 deletions

4
go.mod
View File

@ -100,9 +100,9 @@ require (
github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830
github.com/pkg/errors v0.8.1
github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 // indirect
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51
github.com/rancher/helm-controller v0.2.2
github.com/rancher/kine v0.2.1
github.com/rancher/kine v0.2.2
github.com/rancher/remotedialer v0.2.0
github.com/rancher/wrangler v0.2.0
github.com/rancher/wrangler-api v0.2.0

8
go.sum
View File

@ -584,16 +584,16 @@ github.com/rancher/cri v1.3.0-k3s.2 h1:k2XFyD+ZdsGvNfugdvqD38KSMANT3JmTFULFM2CtI
github.com/rancher/cri v1.3.0-k3s.2/go.mod h1:Ht5T1dIKzm+4NExmb7wDVG6qR+j0xeXIjjhCv1d9geY=
github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg=
github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8=
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07 h1:wR1hnAh7d7ZicsAwDyw2nfvGFDOvPojcfClwA8WGy5g=
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s=
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51 h1:+UOLT6b1Of/gSiLR1i+m81ITu79vUpIU8zpsxbY4Hlw=
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s=
github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8=
github.com/rancher/flannel v0.11.0-k3s.1/go.mod h1:Hn4ZV+eq0LhLZP63xZnxdGwXEoRSxs5sxELxu27M3UA=
github.com/rancher/go-dqlite v1.1.0-k3s.1 h1:w3ghNkY5vqRnnrcqxvHkpBQr6E+R/nIwJfaGdNgJAiw=
github.com/rancher/go-dqlite v1.1.0-k3s.1/go.mod h1:lj8UhpkZddn/Ag0tBsnkbELbxHGMpzrZLMs/nW9/DX4=
github.com/rancher/helm-controller v0.2.2 h1:MUqisy53/Ay1EYOF2uTCYBbGpgtZLNKKrI01BdxIbQo=
github.com/rancher/helm-controller v0.2.2/go.mod h1:0JkL0UjxddNbT4FmLoESarD4Mz8xzA5YlejqJ/U4g+8=
github.com/rancher/kine v0.2.1 h1:pK7QJUVA+/oU6esxKa/LIlBbeLl2HGWIwmu8xrROukQ=
github.com/rancher/kine v0.2.1/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE=
github.com/rancher/kine v0.2.2 h1:dN5jZK1x3t5CqqEz05EImBjtxQm7ANeLmNJ8rA2jB90=
github.com/rancher/kine v0.2.2/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE=
github.com/rancher/kubernetes v1.16.2-k3s.1 h1:+oJEecXgQDkEOD/X8z2YUdYVonbXZtGzXsmtKDPYesg=
github.com/rancher/kubernetes v1.16.2-k3s.1/go.mod h1:SmhGgKfQ30imqjFVj8AI+iW+zSyFsswNErKYeTfgoH0=
github.com/rancher/kubernetes/staging/src/k8s.io/api v1.16.2-k3s.1 h1:2kK5KD6MU86txBYKG+tM6j5zbey02DaIDtwpG5JsfnI=

View File

@ -29,16 +29,20 @@ type TLS struct {
Organization []string
}
func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) {
var (
cns []string
digest = sha256.New()
)
func cns(secret *v1.Secret) (cns []string) {
for k, v := range secret.Annotations {
if strings.HasPrefix(k, cnPrefix) {
cns = append(cns, v)
}
}
return
}
func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) {
var (
cns = cns(secret)
digest = sha256.New()
)
sort.Strings(cns)
@ -56,6 +60,10 @@ func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string,
return
}
func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) {
return t.AddCN(secret, cns(other)...)
}
func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) {
var (
err error

View File

@ -6,6 +6,7 @@ import (
"crypto/x509"
"net"
"net/http"
"strings"
"sync"
"github.com/rancher/dynamiclistener/factory"
@ -18,6 +19,10 @@ type TLSStorage interface {
Update(secret *v1.Secret) error
}
type SetFactory interface {
SetFactory(tls *factory.TLS)
}
type Config struct {
CN string
Organization []string
@ -47,6 +52,10 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
}
dynamicListener.tlsConfig.GetCertificate = dynamicListener.getCertificate
if setter, ok := storage.(SetFactory); ok {
setter.SetFactory(dynamicListener.factory)
}
return tls.NewListener(dynamicListener, &dynamicListener.tlsConfig), dynamicListener.cacheHandler(), nil
}
@ -60,9 +69,16 @@ type listener struct {
tlsConfig tls.Config
cert *tls.Certificate
sans []string
init sync.Once
}
func (l *listener) Accept() (net.Conn, error) {
l.init.Do(func() {
if len(l.sans) > 0 {
l.updateCert(l.sans...)
}
})
conn, err := l.Listener.Accept()
if err != nil {
return conn, err
@ -79,9 +95,11 @@ func (l *listener) Accept() (net.Conn, error) {
return conn, nil
}
if !strings.Contains(host, ":") {
if err := l.updateCert(host); err != nil {
logrus.Infof("failed to create TLS cert for: %s", host)
}
}
return conn, nil
}
@ -96,7 +114,7 @@ func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
return l.loadCert()
}
func (l *listener) updateCert(cn string) error {
func (l *listener) updateCert(cn ...string) error {
l.RLock()
defer l.RUnlock()
@ -105,7 +123,7 @@ func (l *listener) updateCert(cn string) error {
return err
}
if !factory.NeedsUpdate(secret, append(l.sans, cn)...) {
if !factory.NeedsUpdate(secret, cn...) {
return nil
}
@ -114,7 +132,7 @@ func (l *listener) updateCert(cn string) error {
defer l.RLock()
defer l.Unlock()
secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn)...)
secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn...)...)
if err != nil {
return err
}

View File

@ -6,6 +6,7 @@ import (
"time"
"github.com/rancher/dynamiclistener"
"github.com/rancher/dynamiclistener/factory"
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
v1controller "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1"
"github.com/rancher/wrangler/pkg/start"
@ -54,6 +55,11 @@ type storage struct {
storage dynamiclistener.TLSStorage
secrets v1controller.SecretClient
ctx context.Context
tls *factory.TLS
}
func (s *storage) SetFactory(tls *factory.TLS) {
s.tls = tls
}
func (s *storage) init(secrets v1controller.SecretController) {
@ -105,6 +111,12 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
return secret, nil
}
if existing, err := s.storage.Get(); err == nil && s.tls != nil {
if newSecret, updated, err := s.tls.Merge(secret, existing); err == nil && updated {
secret = newSecret
}
}
targetSecret, err := s.targetSecret()
if err != nil {
return nil, err

View File

@ -91,7 +91,6 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) {
if err != nil {
return nil, err
}
if err := migrate(ctx, generic.DB); err != nil {
return nil, errors.Wrap(err, "failed to migrate DB from sqlite")
}
@ -103,6 +102,12 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) {
}
return false
}
generic.TranslateErr = func(err error) error {
if strings.Contains(err.Error(), "UNIQUE constraint") {
return server.ErrKeyExists
}
return err
}
return backend, nil
}

View File

@ -12,7 +12,6 @@ import (
"github.com/Rican7/retry/backoff"
"github.com/Rican7/retry/strategy"
"github.com/sirupsen/logrus"
)
@ -63,6 +62,7 @@ func (s Stripped) String() string {
}
type ErrRetry func(error) bool
type TranslateErr func(error) error
type Generic struct {
sync.Mutex
@ -83,6 +83,7 @@ type Generic struct {
FillSQL string
InsertLastInsertIDSQL string
Retry ErrRetry
TranslateErr TranslateErr
}
func q(sql, param string, numbered bool) string {
@ -308,6 +309,14 @@ func (d *Generic) IsFill(key string) bool {
}
func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, createRevision, previousRevision int64, ttl int64, value, prevValue []byte) (id int64, err error) {
if d.TranslateErr != nil {
defer func() {
if err != nil {
err = d.TranslateErr(err)
}
}()
}
cVal := 0
dVal := 0
if create {
@ -320,7 +329,7 @@ func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, c
if d.LastInsertID {
row, err := d.execute(ctx, d.InsertLastInsertIDSQL, key, cVal, dVal, createRevision, previousRevision, ttl, value, prevValue)
if err != nil {
return 00, err
return 0, err
}
return row.LastInsertId()
}

View File

@ -23,7 +23,7 @@ var (
`create table if not exists kine
(
id INTEGER AUTO_INCREMENT,
name TEXT,
name VARCHAR(630),
created INTEGER,
deleted INTEGER,
create_revision INTEGER,
@ -34,8 +34,8 @@ var (
PRIMARY KEY (id)
);`,
}
nameIdx = "create index kine_name_index on kine (name(100))"
revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name(100), prev_revision)"
nameIdx = "create index kine_name_index on kine (name)"
revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name, prev_revision)"
createDB = "create database if not exists "
)
@ -63,6 +63,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) {
return nil, err
}
dialect.LastInsertID = true
dialect.TranslateErr = func(err error) error {
if err, ok := err.(*mysql.MySQLError); ok && err.Number == 1062 {
return server.ErrKeyExists
}
return err
}
if err := setup(dialect.DB); err != nil {
return nil, err
}

View File

@ -25,7 +25,7 @@ var (
`create table if not exists kine
(
id SERIAL PRIMARY KEY,
name TEXT,
name VARCHAR(630),
created INTEGER,
deleted INTEGER,
create_revision INTEGER,
@ -54,6 +54,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) {
if err != nil {
return nil, err
}
dialect.TranslateErr = func(err error) error {
if err, ok := err.(*pq.Error); ok && err.Code == "23505" {
return server.ErrKeyExists
}
return err
}
if err := setup(dialect.DB); err != nil {
return nil, err

View File

@ -5,6 +5,7 @@ import (
"database/sql"
"os"
"github.com/mattn/go-sqlite3"
"github.com/rancher/kine/pkg/drivers/generic"
"github.com/rancher/kine/pkg/logstructured"
"github.com/rancher/kine/pkg/logstructured/sqllog"
@ -51,6 +52,12 @@ func NewVariant(driverName, dataSourceName string) (server.Backend, *generic.Gen
return nil, nil, err
}
dialect.LastInsertID = true
dialect.TranslateErr = func(err error) error {
if err, ok := err.(sqlite3.Error); ok && err.ExtendedCode == sqlite3.ErrConstraintUnique {
return server.ErrKeyExists
}
return err
}
if err := setup(dialect.DB); err != nil {
return nil, nil, err

View File

@ -108,11 +108,6 @@ func (l *LogStructured) Create(ctx context.Context, key string, value []byte, le
}
revRet, errRet = l.log.Append(ctx, createEvent)
if errRet != nil {
if _, prevEvent, err := l.get(ctx, key, 0, true); err == nil && prevEvent != nil && !prevEvent.Delete {
return 0, server.ErrKeyExists
}
}
return
}

4
vendor/modules.txt vendored
View File

@ -748,7 +748,7 @@ github.com/prometheus/procfs/internal/util
# github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8
github.com/rakelkar/gonetsh/netroute
github.com/rakelkar/gonetsh/netsh
# github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07
# github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51
github.com/rancher/dynamiclistener
github.com/rancher/dynamiclistener/factory
github.com/rancher/dynamiclistener/storage/file
@ -769,7 +769,7 @@ github.com/rancher/helm-controller/pkg/generated/informers/externalversions/helm
github.com/rancher/helm-controller/pkg/generated/listers/helm.cattle.io/v1
github.com/rancher/helm-controller/pkg/generated/informers/externalversions/internalinterfaces
github.com/rancher/helm-controller/pkg/apis/helm.cattle.io
# github.com/rancher/kine v0.2.1
# github.com/rancher/kine v0.2.2
github.com/rancher/kine/pkg/client
github.com/rancher/kine/pkg/endpoint
github.com/rancher/kine/pkg/drivers/dqlite