Skip to content

Commit

Permalink
HTTP timeouts and proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
@pgillich
pgillich committed Sep 17, 2024
1 parent 2250640 commit 0c429e5
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 18 deletions.
33 changes: 29 additions & 4 deletions cliclient/cliclient.go
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
package cliclient

import (
"context"
"errors"
"fmt"
"net"
"net/http"
"strings"
"time"

errorsPkg "github.com/pkg/errors"
"github.com/rancher/cli/config"
Expand Down Expand Up @@ -181,10 +185,11 @@ func createClientOpts(config *config.ServerConfig) *clientbase.ClientOpts {
}

options := &clientbase.ClientOpts{
URL: serverURL,
AccessKey: config.AccessKey,
SecretKey: config.SecretKey,
CACerts: config.CACerts,
HTTPClient: DefaultHTTPClient(),
URL: serverURL,
AccessKey: config.AccessKey,
SecretKey: config.SecretKey,
CACerts: config.CACerts,
}
return options
}
Expand All @@ -203,3 +208,23 @@ func CheckProject(s string) []string {

return clustProj
}

// DefaultHTTPClient makes http.Client including http.Transport,
// with default values (for example: proxy) and custom timeouts.
// See: https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
func DefaultHTTPClient() *http.Client {
transport := http.DefaultTransport.(*http.Transport).Clone()
transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
dialer := &net.Dialer{
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second,
}
return dialer.DialContext(ctx, network, addr)
}
transport.ResponseHeaderTimeout = 10 * time.Second

return &http.Client{
Transport: transport,
Timeout: 20 * time.Second,
}
}
8 changes: 4 additions & 4 deletions cmd/kubectl_token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"strings"
"time"

"github.com/rancher/cli/cliclient"
"github.com/rancher/cli/config"
apiv3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3"
Expand Down Expand Up @@ -639,10 +640,9 @@ func getClient(skipVerify bool, caCerts string) (*http.Client, error) {
return nil, err
}

// clone the DefaultTransport to get the default values
transport := http.DefaultTransport.(*http.Transport).Clone()
transport.TLSClientConfig = tlsConfig
return &http.Client{Transport: transport}, nil
client := cliclient.DefaultHTTPClient()
client.Transport.(*http.Transport).TLSClientConfig = tlsConfig
return client, nil
}

func getTLSConfig(skipVerify bool, caCerts string) (*tls.Config, error) {
Expand Down
6 changes: 2 additions & 4 deletions cmd/login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,10 +260,8 @@ func getCertFromServer(ctx *cli.Context, cf *config.ServerConfig) (*cliclient.Ma

req.SetBasicAuth(cf.AccessKey, cf.SecretKey)

tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
client := cliclient.DefaultHTTPClient()
client.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

res, err := client.Do(req)
if err != nil {
Expand Down
9 changes: 3 additions & 6 deletions cmd/ssh.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,20 +170,17 @@ func getSSHKey(c *cliclient.MasterClient, link, nodeName string) ([]byte, string
req.SetBasicAuth(c.UserConfig.AccessKey, c.UserConfig.SecretKey)
req.Header.Add("Accept-Encoding", "zip")

client := &http.Client{}
client := cliclient.DefaultHTTPClient()

if c.UserConfig.CACerts != "" {
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(c.UserConfig.CACerts))
if !ok {
return []byte{}, "", err
}
tr := &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: roots,
},
client.Transport.(*http.Transport).TLSClientConfig = &tls.Config{
RootCAs: roots,
}
client.Transport = tr
}

resp, err := client.Do(req)
Expand Down

0 comments on commit 0c429e5

Please sign in to comment.