addressing comments from josh

rancher · Jan 29, 2025 · 015c101 · 015c101
1 parent 57577ba
commit 015c101
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 38 deletions.
diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go
@@ -4,7 +4,6 @@ import (
 	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/rest"
 
-	"github.com/rancher/lasso/pkg/log"
 	"github.com/rancher/remotedialer/proxy"
 )
 
@@ -16,10 +15,9 @@ func main() {
 		logrus.Fatalf("fatal configuration error: %v", err)
 	}
 
-	// Initializing Wrangler
 	restConfig, err := rest.InClusterConfig()
 	if err != nil {
-		log.Errorf("failed to get in-cluster config: %w", err)
+		logrus.Errorf("failed to get in-cluster config: %w", err)
 		return
 	}
 

diff --git a/cmd/proxy/deployment.yaml → cmd/proxy/proxy.yaml b/cmd/proxy/deployment.yaml → cmd/proxy/proxy.yaml
@@ -73,9 +73,9 @@ metadata:
   name: remotedialer-proxy-secret-access
   namespace: cattle-system
 rules:
-- apiGroups: [""]              # "" indicates the core API group
-  resources: ["secrets"]       # We need to read secrets
-  verbs: ["get", "list", "watch", "create", "delete"]  # Allowed verbs
+- apiGroups: [""]              
+  resources: ["secrets"]      
+  verbs: ["get", "create"]  
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -85,8 +85,8 @@ metadata:
   namespace: cattle-system
 subjects:
 - kind: ServiceAccount
-  name: default                # The service account name
-  namespace: cattle-system     # The same namespace as the SA
+  name: default                
+  namespace: cattle-system     
 roleRef:
   kind: Role
   name: remotedialer-proxy-secret-access

diff --git a/examples/fakek8s/deployment.yaml → examples/fakek8s/fakek8s.yaml b/examples/fakek8s/deployment.yaml → examples/fakek8s/fakek8s.yaml
diff --git a/forward/forward.go b/forward/forward.go
@@ -71,13 +71,12 @@ func (r *PortForward) Stop() {
 }
 
 func (r *PortForward) Start() error {
-	var failed bool
-	var err error
-
-	r.readyCh = make(chan struct{}, 1)
+	var readyErr error
 
 	ctx, cancel := context.WithCancel(context.Background())
+
 	r.cancel = cancel
+	r.readyCh = make(chan struct{}, 1)
 
 	go func() {
 		for {
@@ -86,14 +85,14 @@ func (r *PortForward) Start() error {
 				logrus.Infoln("Goroutine stopped.")
 				return
 			default:
-				err = r.runForwarder(ctx, r.readyCh, r.stopCh, r.Ports)
+				err := r.runForwarder(ctx, r.readyCh, r.stopCh, r.Ports)
 				if err != nil {
 					if errors.Is(err, portforward.ErrLostConnectionToPod) {
 						logrus.Errorf("Lost connection to pod (no automatic retry in this refactor): %v", err)
 					} else {
 						logrus.Errorf("Non-restartable error: %v", err)
-						failed = true
 						r.readyCh <- struct{}{}
+						readyErr = err
 						return
 					}
 				}
@@ -104,15 +103,15 @@ func (r *PortForward) Start() error {
 	// wait for the port forward to be ready if not failed
 	<-r.readyCh
 
-	if failed {
-		return err
+	if readyErr != nil {
+		return readyErr
 	}
 
 	return nil
 }
 
 func (r *PortForward) runForwarder(ctx context.Context, readyCh, stopCh chan struct{}, ports []string) error {
-	podName, err := findPodName(ctx, r.namespace, r.labelSelector, r.podClient)
+	podName, err := lookForPodName(ctx, r.namespace, r.labelSelector, r.podClient)
 	if err != nil {
 		return err
 	}
@@ -143,7 +142,7 @@ func (r *PortForward) runForwarder(ctx context.Context, readyCh, stopCh chan str
 	return forwarder.ForwardPorts()
 }
 
-func findPodName(ctx context.Context, namespace, labelSelector string, podClient v1.PodClient) (string, error) {
+func lookForPodName(ctx context.Context, namespace, labelSelector string, podClient v1.PodClient) (string, error) {
 	for {
 		select {
 		case <-ctx.Done():

diff --git a/proxy/server.go b/proxy/server.go
@@ -11,6 +11,8 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/rancher/dynamiclistener"
 	"github.com/rancher/dynamiclistener/server"
+
+	"github.com/rancher/wrangler/v3/pkg/generated/controllers/core"
 	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/rest"
 
@@ -100,12 +102,14 @@ func Start(cfg *Config, restConfig *rest.Config) error {
 		}
 	}()
 
-	// Setting Up Remote Dialer HTTPS Server
-	secretController, err := remotedialer.BuildSecretController(restConfig)
+	// Setting Up Secret Controller
+	core, err := core.NewFactoryFromConfigWithOptions(restConfig, nil)
 	if err != nil {
 		return fmt.Errorf("build secret controller failed w/ err: %w", err)
 	}
+	secretController := core.Core().V1().Secret()
 
+	// Setting Up Remote Dialer HTTPS Server
 	if err := server.ListenAndServe(ctx, cfg.HTTPSPort, 0, router, &server.ListenOpts{
 		Secrets:       secretController,
 		CAName:        cfg.CAName,

diff --git a/proxyclient/client.go b/proxyclient/client.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/gorilla/websocket"
 	"github.com/rancher/remotedialer"
+	"github.com/rancher/wrangler/v3/pkg/generated/controllers/core"
 	v1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1"
 	"github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -88,12 +89,13 @@ func New(serverSharedSecret, namespace, certSecretName, certServerName string, r
 }
 
 func buildDialer(namespace, certSecretName, certServerName string, restConfig *rest.Config) (*websocket.Dialer, error) {
-	secretController, err := remotedialer.BuildSecretController(restConfig)
+	core, err := core.NewFactoryFromConfigWithOptions(restConfig, nil)
 	if err != nil {
 		logrus.Error("build secret controller failed: %w, defaulting to non TLS connection", err)
-		return nonTLSDialer, nil
+		return nonTLSDialer, err
 	}
 
+	secretController := core.Core().V1().Secret()
 	secret, err := secretController.Get(namespace, certSecretName, metav1.GetOptions{})
 	if err != nil {
 		return nil, err

diff --git a/secret.go b/secret.go