mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Update kine/dynamiclistener
This commit is contained in:
parent
3d7781df70
commit
0a06949b9c
4
go.mod
4
go.mod
@ -100,9 +100,9 @@ require (
|
||||
github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830
|
||||
github.com/pkg/errors v0.8.1
|
||||
github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 // indirect
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51
|
||||
github.com/rancher/helm-controller v0.2.2
|
||||
github.com/rancher/kine v0.2.1
|
||||
github.com/rancher/kine v0.2.2
|
||||
github.com/rancher/remotedialer v0.2.0
|
||||
github.com/rancher/wrangler v0.2.0
|
||||
github.com/rancher/wrangler-api v0.2.0
|
||||
|
8
go.sum
8
go.sum
@ -584,16 +584,16 @@ github.com/rancher/cri v1.3.0-k3s.2 h1:k2XFyD+ZdsGvNfugdvqD38KSMANT3JmTFULFM2CtI
|
||||
github.com/rancher/cri v1.3.0-k3s.2/go.mod h1:Ht5T1dIKzm+4NExmb7wDVG6qR+j0xeXIjjhCv1d9geY=
|
||||
github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg=
|
||||
github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07 h1:wR1hnAh7d7ZicsAwDyw2nfvGFDOvPojcfClwA8WGy5g=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51 h1:+UOLT6b1Of/gSiLR1i+m81ITu79vUpIU8zpsxbY4Hlw=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s=
|
||||
github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8=
|
||||
github.com/rancher/flannel v0.11.0-k3s.1/go.mod h1:Hn4ZV+eq0LhLZP63xZnxdGwXEoRSxs5sxELxu27M3UA=
|
||||
github.com/rancher/go-dqlite v1.1.0-k3s.1 h1:w3ghNkY5vqRnnrcqxvHkpBQr6E+R/nIwJfaGdNgJAiw=
|
||||
github.com/rancher/go-dqlite v1.1.0-k3s.1/go.mod h1:lj8UhpkZddn/Ag0tBsnkbELbxHGMpzrZLMs/nW9/DX4=
|
||||
github.com/rancher/helm-controller v0.2.2 h1:MUqisy53/Ay1EYOF2uTCYBbGpgtZLNKKrI01BdxIbQo=
|
||||
github.com/rancher/helm-controller v0.2.2/go.mod h1:0JkL0UjxddNbT4FmLoESarD4Mz8xzA5YlejqJ/U4g+8=
|
||||
github.com/rancher/kine v0.2.1 h1:pK7QJUVA+/oU6esxKa/LIlBbeLl2HGWIwmu8xrROukQ=
|
||||
github.com/rancher/kine v0.2.1/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE=
|
||||
github.com/rancher/kine v0.2.2 h1:dN5jZK1x3t5CqqEz05EImBjtxQm7ANeLmNJ8rA2jB90=
|
||||
github.com/rancher/kine v0.2.2/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE=
|
||||
github.com/rancher/kubernetes v1.16.2-k3s.1 h1:+oJEecXgQDkEOD/X8z2YUdYVonbXZtGzXsmtKDPYesg=
|
||||
github.com/rancher/kubernetes v1.16.2-k3s.1/go.mod h1:SmhGgKfQ30imqjFVj8AI+iW+zSyFsswNErKYeTfgoH0=
|
||||
github.com/rancher/kubernetes/staging/src/k8s.io/api v1.16.2-k3s.1 h1:2kK5KD6MU86txBYKG+tM6j5zbey02DaIDtwpG5JsfnI=
|
||||
|
18
vendor/github.com/rancher/dynamiclistener/factory/gen.go
generated
vendored
18
vendor/github.com/rancher/dynamiclistener/factory/gen.go
generated
vendored
@ -29,16 +29,20 @@ type TLS struct {
|
||||
Organization []string
|
||||
}
|
||||
|
||||
func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) {
|
||||
var (
|
||||
cns []string
|
||||
digest = sha256.New()
|
||||
)
|
||||
func cns(secret *v1.Secret) (cns []string) {
|
||||
for k, v := range secret.Annotations {
|
||||
if strings.HasPrefix(k, cnPrefix) {
|
||||
cns = append(cns, v)
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) {
|
||||
var (
|
||||
cns = cns(secret)
|
||||
digest = sha256.New()
|
||||
)
|
||||
|
||||
sort.Strings(cns)
|
||||
|
||||
@ -56,6 +60,10 @@ func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string,
|
||||
return
|
||||
}
|
||||
|
||||
func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) {
|
||||
return t.AddCN(secret, cns(other)...)
|
||||
}
|
||||
|
||||
func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) {
|
||||
var (
|
||||
err error
|
||||
|
24
vendor/github.com/rancher/dynamiclistener/listener.go
generated
vendored
24
vendor/github.com/rancher/dynamiclistener/listener.go
generated
vendored
@ -6,6 +6,7 @@ import (
|
||||
"crypto/x509"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/rancher/dynamiclistener/factory"
|
||||
@ -18,6 +19,10 @@ type TLSStorage interface {
|
||||
Update(secret *v1.Secret) error
|
||||
}
|
||||
|
||||
type SetFactory interface {
|
||||
SetFactory(tls *factory.TLS)
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
CN string
|
||||
Organization []string
|
||||
@ -47,6 +52,10 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
|
||||
}
|
||||
dynamicListener.tlsConfig.GetCertificate = dynamicListener.getCertificate
|
||||
|
||||
if setter, ok := storage.(SetFactory); ok {
|
||||
setter.SetFactory(dynamicListener.factory)
|
||||
}
|
||||
|
||||
return tls.NewListener(dynamicListener, &dynamicListener.tlsConfig), dynamicListener.cacheHandler(), nil
|
||||
}
|
||||
|
||||
@ -60,9 +69,16 @@ type listener struct {
|
||||
tlsConfig tls.Config
|
||||
cert *tls.Certificate
|
||||
sans []string
|
||||
init sync.Once
|
||||
}
|
||||
|
||||
func (l *listener) Accept() (net.Conn, error) {
|
||||
l.init.Do(func() {
|
||||
if len(l.sans) > 0 {
|
||||
l.updateCert(l.sans...)
|
||||
}
|
||||
})
|
||||
|
||||
conn, err := l.Listener.Accept()
|
||||
if err != nil {
|
||||
return conn, err
|
||||
@ -79,9 +95,11 @@ func (l *listener) Accept() (net.Conn, error) {
|
||||
return conn, nil
|
||||
}
|
||||
|
||||
if !strings.Contains(host, ":") {
|
||||
if err := l.updateCert(host); err != nil {
|
||||
logrus.Infof("failed to create TLS cert for: %s", host)
|
||||
}
|
||||
}
|
||||
|
||||
return conn, nil
|
||||
}
|
||||
@ -96,7 +114,7 @@ func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
|
||||
return l.loadCert()
|
||||
}
|
||||
|
||||
func (l *listener) updateCert(cn string) error {
|
||||
func (l *listener) updateCert(cn ...string) error {
|
||||
l.RLock()
|
||||
defer l.RUnlock()
|
||||
|
||||
@ -105,7 +123,7 @@ func (l *listener) updateCert(cn string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if !factory.NeedsUpdate(secret, append(l.sans, cn)...) {
|
||||
if !factory.NeedsUpdate(secret, cn...) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -114,7 +132,7 @@ func (l *listener) updateCert(cn string) error {
|
||||
defer l.RLock()
|
||||
defer l.Unlock()
|
||||
|
||||
secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn)...)
|
||||
secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn...)...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
12
vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go
generated
vendored
12
vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go
generated
vendored
@ -6,6 +6,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/rancher/dynamiclistener"
|
||||
"github.com/rancher/dynamiclistener/factory"
|
||||
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
|
||||
v1controller "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1"
|
||||
"github.com/rancher/wrangler/pkg/start"
|
||||
@ -54,6 +55,11 @@ type storage struct {
|
||||
storage dynamiclistener.TLSStorage
|
||||
secrets v1controller.SecretClient
|
||||
ctx context.Context
|
||||
tls *factory.TLS
|
||||
}
|
||||
|
||||
func (s *storage) SetFactory(tls *factory.TLS) {
|
||||
s.tls = tls
|
||||
}
|
||||
|
||||
func (s *storage) init(secrets v1controller.SecretController) {
|
||||
@ -105,6 +111,12 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
if existing, err := s.storage.Get(); err == nil && s.tls != nil {
|
||||
if newSecret, updated, err := s.tls.Merge(secret, existing); err == nil && updated {
|
||||
secret = newSecret
|
||||
}
|
||||
}
|
||||
|
||||
targetSecret, err := s.targetSecret()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
7
vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go
generated
vendored
7
vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go
generated
vendored
@ -91,7 +91,6 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := migrate(ctx, generic.DB); err != nil {
|
||||
return nil, errors.Wrap(err, "failed to migrate DB from sqlite")
|
||||
}
|
||||
@ -103,6 +102,12 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) {
|
||||
}
|
||||
return false
|
||||
}
|
||||
generic.TranslateErr = func(err error) error {
|
||||
if strings.Contains(err.Error(), "UNIQUE constraint") {
|
||||
return server.ErrKeyExists
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
return backend, nil
|
||||
}
|
||||
|
13
vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go
generated
vendored
13
vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go
generated
vendored
@ -12,7 +12,6 @@ import (
|
||||
|
||||
"github.com/Rican7/retry/backoff"
|
||||
"github.com/Rican7/retry/strategy"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
@ -63,6 +62,7 @@ func (s Stripped) String() string {
|
||||
}
|
||||
|
||||
type ErrRetry func(error) bool
|
||||
type TranslateErr func(error) error
|
||||
|
||||
type Generic struct {
|
||||
sync.Mutex
|
||||
@ -83,6 +83,7 @@ type Generic struct {
|
||||
FillSQL string
|
||||
InsertLastInsertIDSQL string
|
||||
Retry ErrRetry
|
||||
TranslateErr TranslateErr
|
||||
}
|
||||
|
||||
func q(sql, param string, numbered bool) string {
|
||||
@ -308,6 +309,14 @@ func (d *Generic) IsFill(key string) bool {
|
||||
}
|
||||
|
||||
func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, createRevision, previousRevision int64, ttl int64, value, prevValue []byte) (id int64, err error) {
|
||||
if d.TranslateErr != nil {
|
||||
defer func() {
|
||||
if err != nil {
|
||||
err = d.TranslateErr(err)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
cVal := 0
|
||||
dVal := 0
|
||||
if create {
|
||||
@ -320,7 +329,7 @@ func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, c
|
||||
if d.LastInsertID {
|
||||
row, err := d.execute(ctx, d.InsertLastInsertIDSQL, key, cVal, dVal, createRevision, previousRevision, ttl, value, prevValue)
|
||||
if err != nil {
|
||||
return 00, err
|
||||
return 0, err
|
||||
}
|
||||
return row.LastInsertId()
|
||||
}
|
||||
|
12
vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go
generated
vendored
12
vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go
generated
vendored
@ -23,7 +23,7 @@ var (
|
||||
`create table if not exists kine
|
||||
(
|
||||
id INTEGER AUTO_INCREMENT,
|
||||
name TEXT,
|
||||
name VARCHAR(630),
|
||||
created INTEGER,
|
||||
deleted INTEGER,
|
||||
create_revision INTEGER,
|
||||
@ -34,8 +34,8 @@ var (
|
||||
PRIMARY KEY (id)
|
||||
);`,
|
||||
}
|
||||
nameIdx = "create index kine_name_index on kine (name(100))"
|
||||
revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name(100), prev_revision)"
|
||||
nameIdx = "create index kine_name_index on kine (name)"
|
||||
revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name, prev_revision)"
|
||||
createDB = "create database if not exists "
|
||||
)
|
||||
|
||||
@ -63,6 +63,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) {
|
||||
return nil, err
|
||||
}
|
||||
dialect.LastInsertID = true
|
||||
dialect.TranslateErr = func(err error) error {
|
||||
if err, ok := err.(*mysql.MySQLError); ok && err.Number == 1062 {
|
||||
return server.ErrKeyExists
|
||||
}
|
||||
return err
|
||||
}
|
||||
if err := setup(dialect.DB); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
8
vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go
generated
vendored
8
vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go
generated
vendored
@ -25,7 +25,7 @@ var (
|
||||
`create table if not exists kine
|
||||
(
|
||||
id SERIAL PRIMARY KEY,
|
||||
name TEXT,
|
||||
name VARCHAR(630),
|
||||
created INTEGER,
|
||||
deleted INTEGER,
|
||||
create_revision INTEGER,
|
||||
@ -54,6 +54,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
dialect.TranslateErr = func(err error) error {
|
||||
if err, ok := err.(*pq.Error); ok && err.Code == "23505" {
|
||||
return server.ErrKeyExists
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
if err := setup(dialect.DB); err != nil {
|
||||
return nil, err
|
||||
|
7
vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go
generated
vendored
7
vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"database/sql"
|
||||
"os"
|
||||
|
||||
"github.com/mattn/go-sqlite3"
|
||||
"github.com/rancher/kine/pkg/drivers/generic"
|
||||
"github.com/rancher/kine/pkg/logstructured"
|
||||
"github.com/rancher/kine/pkg/logstructured/sqllog"
|
||||
@ -51,6 +52,12 @@ func NewVariant(driverName, dataSourceName string) (server.Backend, *generic.Gen
|
||||
return nil, nil, err
|
||||
}
|
||||
dialect.LastInsertID = true
|
||||
dialect.TranslateErr = func(err error) error {
|
||||
if err, ok := err.(sqlite3.Error); ok && err.ExtendedCode == sqlite3.ErrConstraintUnique {
|
||||
return server.ErrKeyExists
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
if err := setup(dialect.DB); err != nil {
|
||||
return nil, nil, err
|
||||
|
5
vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go
generated
vendored
5
vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go
generated
vendored
@ -108,11 +108,6 @@ func (l *LogStructured) Create(ctx context.Context, key string, value []byte, le
|
||||
}
|
||||
|
||||
revRet, errRet = l.log.Append(ctx, createEvent)
|
||||
if errRet != nil {
|
||||
if _, prevEvent, err := l.get(ctx, key, 0, true); err == nil && prevEvent != nil && !prevEvent.Delete {
|
||||
return 0, server.ErrKeyExists
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
4
vendor/modules.txt
vendored
4
vendor/modules.txt
vendored
@ -748,7 +748,7 @@ github.com/prometheus/procfs/internal/util
|
||||
# github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8
|
||||
github.com/rakelkar/gonetsh/netroute
|
||||
github.com/rakelkar/gonetsh/netsh
|
||||
# github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07
|
||||
# github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51
|
||||
github.com/rancher/dynamiclistener
|
||||
github.com/rancher/dynamiclistener/factory
|
||||
github.com/rancher/dynamiclistener/storage/file
|
||||
@ -769,7 +769,7 @@ github.com/rancher/helm-controller/pkg/generated/informers/externalversions/helm
|
||||
github.com/rancher/helm-controller/pkg/generated/listers/helm.cattle.io/v1
|
||||
github.com/rancher/helm-controller/pkg/generated/informers/externalversions/internalinterfaces
|
||||
github.com/rancher/helm-controller/pkg/apis/helm.cattle.io
|
||||
# github.com/rancher/kine v0.2.1
|
||||
# github.com/rancher/kine v0.2.2
|
||||
github.com/rancher/kine/pkg/client
|
||||
github.com/rancher/kine/pkg/endpoint
|
||||
github.com/rancher/kine/pkg/drivers/dqlite
|
||||
|
Loading…
Reference in New Issue
Block a user