From 308de7e21cef81474e46e1c45b9dbeafe39b8433 Mon Sep 17 00:00:00 2001 From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Mon, 15 Jul 2024 23:13:59 -0700 Subject: [PATCH 1/2] Have Sidecar reuse the same HTTP client and discar request body Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> --- sidecar/pkg/sidecar/webhook_server.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/sidecar/pkg/sidecar/webhook_server.go b/sidecar/pkg/sidecar/webhook_server.go index e30bc51aa0a..efa4c9b5b32 100644 --- a/sidecar/pkg/sidecar/webhook_server.go +++ b/sidecar/pkg/sidecar/webhook_server.go @@ -19,6 +19,7 @@ package sidecar import ( "crypto/tls" "fmt" + "io" "net/http" "time" @@ -78,6 +79,14 @@ func configureProbesServer(c *Controller, tenantTLS bool) *http.Server { return s } +// we do insecure skip verify because we are checking against the local instance and don't care for the certificate +var probeHttpClient = &http.Client{ + Timeout: time.Millisecond * 500, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, +} + func readinessHandler(tenantTLS bool) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { schema := "https" @@ -92,21 +101,13 @@ func readinessHandler(tenantTLS bool) func(w http.ResponseWriter, r *http.Reques return } - // we do insecure skip verify because we are checking against the local instance and don't care for the - // certificate - client := &http.Client{ - Timeout: time.Millisecond * 500, - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - }, - } - - response, err := client.Do(request) + response, err := probeHttpClient.Do(request) if err != nil { http.Error(w, fmt.Sprintf("HTTP request failed: %s", err), http.StatusInternalServerError) return } defer response.Body.Close() + _, _ = io.Copy(io.Discard, response.Body) // Discard body to enable connection reuse if response.StatusCode == 403 { fmt.Fprintln(w, "Readiness probe succeeded.") From 13998680a1ede7a3ffd9928173b8dbb976002e71 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Tue, 16 Jul 2024 11:24:39 -0600 Subject: [PATCH 2/2] rename variable to pass lint test Signed-off-by: pjuarezd --- sidecar/pkg/sidecar/webhook_server.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sidecar/pkg/sidecar/webhook_server.go b/sidecar/pkg/sidecar/webhook_server.go index efa4c9b5b32..b8a656b28a2 100644 --- a/sidecar/pkg/sidecar/webhook_server.go +++ b/sidecar/pkg/sidecar/webhook_server.go @@ -80,7 +80,7 @@ func configureProbesServer(c *Controller, tenantTLS bool) *http.Server { } // we do insecure skip verify because we are checking against the local instance and don't care for the certificate -var probeHttpClient = &http.Client{ +var probeHTTPClient = &http.Client{ Timeout: time.Millisecond * 500, Transport: &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, @@ -101,7 +101,7 @@ func readinessHandler(tenantTLS bool) func(w http.ResponseWriter, r *http.Reques return } - response, err := probeHttpClient.Do(request) + response, err := probeHTTPClient.Do(request) if err != nil { http.Error(w, fmt.Sprintf("HTTP request failed: %s", err), http.StatusInternalServerError) return