fix proxy grpcClient: set default http2 DialTLSContext

Eikykun · Eikykun · commit 865efe04997e · 2023-11-16T16:35:40.000+08:00
diff --git a/artifacts/images/manager.Dockerfile b/artifacts/images/manager.Dockerfile
@@ -15,7 +15,11 @@ RUN CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 go build -mod=vendor -a
 FROM ubuntu:focal
 # This is required by daemon connnecting with cri
 RUN ln -s /usr/bin/* /usr/sbin/ && apt-get update -y \
-  && apt-get install --no-install-recommends -y ca-certificates \
+  && apt-get install --no-install-recommends -y \
+    sudo \
+    net-tools \
+    curl \
+    ca-certificates \
   && apt-get clean && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old
 WORKDIR /
 COPY --from=builder /workspace/ctrlmesh-manager .
diff --git a/go.mod b/go.mod
@@ -5,7 +5,6 @@ go 1.20
 require (
 	connectrpc.com/connect v1.11.1
 	github.com/go-logr/zapr v1.2.3
-	github.com/gogo/protobuf v1.3.2
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.24.1
 	github.com/prometheus/client_golang v1.14.0
@@ -52,6 +51,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/cel-go v0.12.6 // indirect
diff --git a/pkg/manager/controllers/circuitbreaker/circuitbreaker_controller.go b/pkg/manager/controllers/circuitbreaker/circuitbreaker_controller.go
@@ -53,7 +53,7 @@ var (
 	PodNamespace = os.Getenv(constants.EnvPodNamespace)
 
 	defaultRequeueTime   = 60 * time.Second
-	concurrentReconciles = flag.Int("ctrlmesh-server-workers", 3, "Max concurrent workers for CtrlMesh Server controller.")
+	concurrentReconciles = flag.Int("ctrlmesh-breaker-workers", 3, "Max concurrent workers for CtrlMesh Server controller.")
 )
 
 // CircuitBreakerReconciler reconciles a CircuitBreaker object
diff --git a/pkg/manager/controllers/shardingconfigserver/grpc_server.go b/pkg/manager/controllers/shardingconfigserver/grpc_server.go
@@ -24,9 +24,9 @@ import (
 	"sync"
 
 	"connectrpc.com/connect"
-	"github.com/gogo/protobuf/proto"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/proxy/proto/grpc.go b/pkg/proxy/proto/grpc.go
@@ -19,14 +19,16 @@ package proto
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"math/rand"
+	"net"
 	"net/http"
 	"time"
 
 	"connectrpc.com/connect"
-	"github.com/gogo/protobuf/proto"
 	"golang.org/x/net/http2"
+	"google.golang.org/protobuf/proto"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/klog/v2"
 
@@ -98,7 +100,7 @@ func (c *grpcClient) connect(ctx context.Context, initChan chan struct{}) {
 			continue
 		}
 
-		addr := fmt.Sprintf("%s:%d", leader.PodIP, managerState.Status.Ports.GrpcLeaderElectionPort)
+		addr := fmt.Sprintf("https://%s:%d", leader.PodIP, managerState.Status.Ports.GrpcLeaderElectionPort)
 		klog.Infof("Preparing to connect ctrlmesh-manager %v", addr)
 		func() {
 			ctxWithCancel, cancel := context.WithCancel(ctx)
@@ -107,6 +109,14 @@ func (c *grpcClient) connect(ctx context.Context, initChan chan struct{}) {
 			client := &http.Client{
 				Transport: &http2.Transport{
 					AllowHTTP: true,
+					DialTLSContext: func(ctx context.Context, network, addr string, _ *tls.Config) (net.Conn, error) {
+						// TODO:
+						// If you're also using this client for non-h2c traffic, you may want
+						// to delegate to tls.Dial if the network isn't TCP or the addr isn't
+						// in an allowlist.
+						d := net.Dialer{Timeout: 5 * time.Second}
+						return d.DialContext(ctx, network, addr)
+					},
 				},
 			}
 			grpcCtrlMeshClient := protoconnect.NewControllerMeshClient(client, addr, connect.WithGRPC())
diff --git a/pkg/proxy/proto/proto_manager.go b/pkg/proxy/proto/proto_manager.go
@@ -23,7 +23,7 @@ import (
 	"os"
 	"sync"
 
-	"github.com/gogo/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 	"k8s.io/klog/v2"
 
 	"github.com/KusionStack/controller-mesh/pkg/apis/ctrlmesh/constants"
diff --git a/pkg/proxy/proto/strorage.go b/pkg/proxy/proto/strorage.go
@@ -22,7 +22,7 @@ import (
 	"io"
 	"os"
 
-	"github.com/gogo/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 	"k8s.io/klog/v2"
 
 	ctrlmeshproto "github.com/KusionStack/controller-mesh/pkg/apis/ctrlmesh/proto"

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ var (`
`53`	`53`	`PodNamespace = os.Getenv(constants.EnvPodNamespace)`
`54`	`54`
`55`	`55`	`defaultRequeueTime = 60 * time.Second`
`56`		`- concurrentReconciles = flag.Int("ctrlmesh-server-workers", 3, "Max concurrent workers for CtrlMesh Server controller.")`
	`56`	`+ concurrentReconciles = flag.Int("ctrlmesh-breaker-workers", 3, "Max concurrent workers for CtrlMesh Server controller.")`
`57`	`57`	`)`
`58`	`58`
`59`	`59`	`// CircuitBreakerReconciler reconciles a CircuitBreaker object`