Skip to content

Commit

Permalink
fix proxy hostname unresolvable in k8s
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakecoffman
jakecoffman committed Aug 11, 2023
1 parent 57c308e commit 6d02a28
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 40 deletions.
56 changes: 28 additions & 28 deletions internal/infra/proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,43 +4,34 @@ import (
"context"
"encoding/json"
"fmt"
"github.com/goware/prefixer"
"io"
"math/rand"
"os"
"path"
"path/filepath"
"strings"
"time"

"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/mount"
"github.com/docker/docker/api/types/network"
"github.com/goware/prefixer"
"github.com/moby/moby/client"
"github.com/moby/moby/pkg/namesgenerator"
"github.com/moby/moby/pkg/stdcopy"
"io"
"os"
"path"
"path/filepath"
"strings"
)

const proxyCertPath = "/usr/local/share/ca-certificates/custom-ca-cert.crt"

func init() {
// needed for namesgenerator.GetRandomName
rand.Seed(time.Now().UnixNano())
}

// ProxyImageName is the default Docker image used by the proxy
const ProxyImageName = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:latest"

type Proxy struct {
cli *client.Client
containerID string
containerName string
url string
ca CertificateAuthority
cli *client.Client
containerID string
url string
ca CertificateAuthority
}

func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets ...types.NetworkCreateResponse) (*Proxy, error) {
func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets *Networks) (*Proxy, error) {
// Generate secrets:
ca, err := GenerateCertificateAuthority()
if err != nil {
Expand Down Expand Up @@ -104,22 +95,25 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets .
}

proxy := &Proxy{
cli: cli,
containerID: proxyContainer.ID,
containerName: hostName,
url: fmt.Sprintf("http://%s:1080", hostName),
ca: ca,
cli: cli,
containerID: proxyContainer.ID,
ca: ca,
}

if err = putProxyConfig(ctx, cli, proxyConfig, proxyContainer.ID); err != nil {
_ = proxy.Close()
return nil, fmt.Errorf("failed to connect to network: %w", err)
}

for _, n := range nets {
if err = cli.NetworkConnect(ctx, n.ID, proxyContainer.ID, &network.EndpointSettings{}); err != nil {
// nil check since tests don't always need networks
if nets != nil {
if err = cli.NetworkConnect(ctx, nets.NoInternet.ID, proxyContainer.ID, &network.EndpointSettings{}); err != nil {
_ = proxy.Close()
return nil, fmt.Errorf("failed to connect to network: %w", err)
return nil, fmt.Errorf("failed to connect to internal network: %w", err)
}
if err = cli.NetworkConnect(ctx, nets.Internet.ID, proxyContainer.ID, &network.EndpointSettings{}); err != nil {
_ = proxy.Close()
return nil, fmt.Errorf("failed to connect to external network: %w", err)
}
}

Expand All @@ -128,6 +122,12 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets .
return nil, fmt.Errorf("failed to start container: %w", err)
}

containerInfo, err := cli.ContainerInspect(ctx, proxyContainer.ID)
if err != nil {
return nil, fmt.Errorf("failed to inspect proxy container: %w", err)
}
proxy.url = fmt.Sprintf("http://%s:1080", containerInfo.NetworkSettings.Networks[nets.noInternetName].IPAddress)

return proxy, nil
}

Expand Down
12 changes: 1 addition & 11 deletions internal/infra/proxy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,8 @@ import (

"github.com/docker/docker/api/types"
"github.com/moby/moby/client"
"github.com/moby/moby/pkg/namesgenerator"
)

func TestSeed(t *testing.T) {
// ensure we're still seeding
a := namesgenerator.GetRandomName(1)
b := namesgenerator.GetRandomName(1)
if a == b {
t.Error("Not seeding math/rand")
}
}

// This tests the Proxy's ability to use a custom cert for outbound calls.
// It creates a custom proxy image to test with, passes it a cert, and uses it to
// communicate with a test server using the certs.
Expand Down Expand Up @@ -97,7 +87,7 @@ func TestNewProxy_customCert(t *testing.T) {
proxy, err := NewProxy(ctx, cli, &RunParams{
ProxyCertPath: cert.Name(),
ProxyImage: proxyImageName,
})
}, nil)
if err != nil {
panic(err)
}
Expand Down
2 changes: 1 addition & 1 deletion internal/infra/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ func runContainers(ctx context.Context, params RunParams, api *server.API) error
}
defer networks.Close()

prox, err := NewProxy(ctx, cli, &params, networks.NoInternet, networks.Internet)
prox, err := NewProxy(ctx, cli, &params, networks)
if err != nil {
return err
}
Expand Down

0 comments on commit 6d02a28

Please sign in to comment.