Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sshproxy] Add heartbeating #7760

Merged
merged 5 commits into from
Jan 24, 2022
Merged

[sshproxy] Add heartbeating #7760

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
87ca302
[sshproxy] Add heartbeating
csweichel Jan 21, 2022
f293b41
refactory and improve SSH gateway compatibility with some automatic c…
iQQBot Jan 22, 2022
60b3c81
If pty channel closed then send closed flag and fix timer leak
iQQBot Jan 22, 2022
978b8b1
Adjust SSH Gateway helm support
iQQBot Jan 22, 2022
15577e0
Change the quick login split field from : to #
iQQBot Jan 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion chart/templates/ws-proxy-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ data:
},
"pprofAddr": ":6060",
"readinessProbeAddr": ":60088",
"prometheusAddr": "localhost:9500"
"prometheusAddr": "localhost:9500",
"wsManager": {
"addr": "ws-manager:8080",
"tls": {
"ca": "/ws-manager-client-tls-certs/ca.crt",
"crt": "/ws-manager-client-tls-certs/tls.crt",
"key": "/ws-manager-client-tls-certs/tls.key"
}
}
}
{{- end -}}
3 changes: 3 additions & 0 deletions chart/templates/ws-proxy-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ spec:
- name: config
mountPath: "/config"
readOnly: true
- name: ws-manager-client-tls-certs
mountPath: "/ws-manager-client-tls-certs"
readOnly: true
{{- if $.Values.certificatesSecret.secretName }}
- name: config-certificates
mountPath: "/mnt/certificates"
Expand Down
37 changes: 36 additions & 1 deletion components/ws-proxy/cmd/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@
package cmd

import (
"context"
"net"
"os"
"path/filepath"
"time"

"github.com/bombsimon/logrusr"
common_grpc "github.com/gitpod-io/gitpod/common-go/grpc"
"github.com/gitpod-io/gitpod/common-go/log"
"github.com/gitpod-io/gitpod/common-go/pprof"
wsmanapi "github.com/gitpod-io/gitpod/ws-manager/api"
"github.com/gitpod-io/gitpod/ws-proxy/pkg/config"
"github.com/gitpod-io/gitpod/ws-proxy/pkg/proxy"
"github.com/gitpod-io/gitpod/ws-proxy/pkg/sshproxy"
"github.com/spf13/cobra"
"golang.org/x/crypto/ssh"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
Expand Down Expand Up @@ -77,6 +83,35 @@ var runCmd = &cobra.Command{

log.Infof("workspace info provider started")

var heartbeat sshproxy.Heartbeat
if wsm := cfg.WorkspaceManager; wsm != nil {
var dialOption grpc.DialOption = grpc.WithInsecure()
if wsm.TLS.CA != "" && wsm.TLS.Cert != "" && wsm.TLS.Key != "" {
tlsConfig, err := common_grpc.ClientAuthTLSConfig(
wsm.TLS.CA, wsm.TLS.Cert, wsm.TLS.Key,
common_grpc.WithSetRootCAs(true),
common_grpc.WithServerName("ws-manager"),
)
if err != nil {
log.WithField("config", wsm.TLS).Error("Cannot load ws-manager certs - this is a configuration issue.")
log.WithError(err).Fatal("cannot load ws-manager certs")
}

dialOption = grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))
}

dialctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
conn, err := grpc.DialContext(dialctx, wsm.Addr, dialOption, grpc.WithBlock())
cancel()
if err != nil {
log.WithError(err).Fatal("cannot connect to ws-manager")
}

heartbeat = &sshproxy.WorkspaceManagerHeartbeat{
Client: wsmanapi.NewWorkspaceManagerClient(conn),
}
}

go proxy.NewWorkspaceProxy(cfg.Ingress, cfg.Proxy, proxy.HostBasedRouter(cfg.Ingress.Header, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffix, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffixRegex), workspaceInfoProvider).MustServe()
log.Infof("started proxying on %s", cfg.Ingress.HTTPAddress)

Expand All @@ -98,7 +133,7 @@ var runCmd = &cobra.Command{
signers = append(signers, hostSigner)
}
if len(signers) > 0 {
server := sshproxy.New(signers, workspaceInfoProvider)
server := sshproxy.New(signers, workspaceInfoProvider, heartbeat)
l, err := net.Listen("tcp", ":2200")
if err != nil {
panic(err)
Expand Down
4 changes: 3 additions & 1 deletion components/ws-proxy/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ require (
github.com/sirupsen/logrus v1.8.1
github.com/spf13/cobra v1.1.3
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
google.golang.org/grpc v1.39.1
k8s.io/api v0.22.2
Expand All @@ -39,6 +40,8 @@ require (
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.5.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
Expand All @@ -58,7 +61,6 @@ require (
github.com/uber/jaeger-client-go v2.29.1+incompatible // indirect
github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
go.uber.org/atomic v1.8.0 // indirect
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
golang.org/x/oauth2 v0.0.0-20210615190721-d04028783cf1 // indirect
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
Expand Down
2 changes: 2 additions & 0 deletions components/ws-proxy/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,9 @@ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
Expand Down
10 changes: 10 additions & 0 deletions components/ws-proxy/pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,16 @@ type Config struct {
PrometheusAddr string `json:"prometheusAddr"`
ReadinessProbeAddr string `json:"readinessProbeAddr"`
Namespace string `json:"namespace"`
WorkspaceManager *WorkspaceManagerConn `json:"wsManager"`
}

type WorkspaceManagerConn struct {
Addr string `json:"addr"`
TLS struct {
CA string `json:"ca"`
Cert string `json:"crt"`
Key string `json:"key"`
} `json:"tls"`
}

// Validate validates the configuration to catch issues during startup and not at runtime.
Expand Down
Loading