This repository has been archived by the owner on Sep 12, 2024. It is now read-only.
Add a proxy for wsl integration #15
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mook-as
suggested changes
Jan 23, 2024
README.md
Outdated
| ``` | ||
| ## wsl-proxy | ||
| Its primary function comes into play when WSL integration is activated alongside the network tunnel. The purpose is to actively listen on `127.0.0.1:6443` and reroute all incoming requests to the upstream Kubernetes API server residing within the network namespace. The proxy achieves this by directing the incoming traffic through a Virtual Ethernet pair. Specifically, `veth-rd0` serves as the originating end listening in the default network, while `veth-rd1` acts as the terminating end within the network namespace. |
There was a problem hiding this comment.
and reroute all incoming requests to the upstream Kubernetes API server residing within the network namespace
It also routes non-Kubernetes things, right? (Think random containers)
There was a problem hiding this comment.
It routes anything that is destined for K8s API server at 127.0.0.1:6443.
README.md
Outdated
| ``` | ||
| ## wsl-proxy | ||
| Its primary function comes into play when WSL integration is activated alongside the network tunnel. The purpose is to actively listen on `127.0.0.1:6443` and reroute all incoming requests to the upstream Kubernetes API server residing within the network namespace. The proxy achieves this by directing the incoming traffic through a Virtual Ethernet pair. Specifically, `veth-rd0` serves as the originating end listening in the default network, while `veth-rd1` acts as the terminating end within the network namespace. |
There was a problem hiding this comment.
This needs to somehow document what is doing work on veth-rd1, since wsl-proxy sounds like it runs within the default namespace (and needs something on the other end to help it).
Closed
6 tasks
Nino-K
force-pushed
the
add-wsl-integration-proxy
branch
2 times, most recently
from
21eeac6
to
9340943
Compare
mook-as
suggested changes
Jan 26, 2024
README.md
Outdated
| @@ -47,7 +47,7 @@ portForwarding["Port Forwarding"] | |||
| `host-switch` runs on the Windows host and acts as a receiver for all traffic originating from the network namespace within the WSL VM. It performs a handshake to find the right VM to talk to over `AF_VSOCK`. Once a correct VM is found, it then listens for the incoming traffic from that VM. In additon to this, it can provide a DNS resolver that runs in the user space network along with an API that allows for dynamic port forwarding. | |||
|
|
|||
| ## network-setup | |||
| Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. | |||
| Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. The process also establishes a Virtual Ethernet pair consisting of two endpoints: veth-rd0 and `veth-rd1`. `veth-rd0` resides within the default namespace and is configured to listen on the IP address `192.168.1.1`. Conversely, `veth-rd1` is located within a network namespace and is assigned the IP address `192.168.1.2`. | |||
There was a problem hiding this comment.
Suggested change
| Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. The process also establishes a Virtual Ethernet pair consisting of two endpoints: veth-rd0 and `veth-rd1`. `veth-rd0` resides within the default namespace and is configured to listen on the IP address `192.168.1.1`. Conversely, `veth-rd1` is located within a network namespace and is assigned the IP address `192.168.1.2`. | |
| Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. The process also establishes a Virtual Ethernet pair consisting of two endpoints: `veth-rd0` and `veth-rd1`. `veth-rd0` resides within the default namespace and is configured to listen on the IP address `192.168.1.1`. Conversely, `veth-rd1` is located within a network namespace and is assigned the IP address `192.168.1.2`. |
README.md
Outdated
| ``` | ||
| ## wsl-proxy | ||
| Its primary function comes into play when WSL integration is activated alongside the network tunnel. The purpose is to actively listen on `127.0.0.1:6443` and reroute all incoming requests to the upstream Kubernetes API server residing within the network namespace. Although, in the future this coponent will expand to proxy non k8s API traffic (e.g container traffic into the namespace) The proxy achieves this by directing the incoming traffic through a Virtual Ethernet pair. Specifically, `veth-rd0` serves as the originating end listening in the default network, while `veth-rd1` acts as the terminating end within the network namespace. |
There was a problem hiding this comment.
I think the last bit is better phrased as
The proxy uses
192.168.1.2:6443as its upstream, which is theveth-rd1interface created bynetwork-setup.
Nothing in the wsl-proxy process actually deals with veth.
This was referenced Jan 29, 2024
mook-as
suggested changes
Jan 29, 2024
Comment on lines
+24
to
+25
| bin/wsl-proxy: | ||
| GOOS=linux go build $(LDFLAGS) -o $@ ./cmd/proxy |
There was a problem hiding this comment.
Hmm, it's kind of odd that the directory named proxy produces a binary named wsl-proxy (instead of proxy). But that's an issue we also have with all the other commands…
cmd/proxy/wsl_integration_linux.go
Outdated
| TargetURL *url.URL | ||
| } | ||
|
|
||
| // handleRequestAndRedirect Copies the original request headers to the new request, |
There was a problem hiding this comment.
Suggested change
| // handleRequestAndRedirect Copies the original request headers to the new request, | |
| // handleRequestAndRedirect copies the original request headers to the new request, |
cmd/proxy/wsl_integration_linux.go
Outdated
| } | ||
|
|
||
| // handleRequestAndRedirect Copies the original request headers to the new request, | ||
| // and updates the request URL to the target URL. It then Performs the request to |
There was a problem hiding this comment.
Suggested change
| // and updates the request URL to the target URL. It then Performs the request to | |
| // and updates the request URL to the target URL. It then performs the request to |
cmd/proxy/wsl_integration_linux.go
Outdated
| } | ||
| } | ||
|
|
||
| type requestHandler struct { |
There was a problem hiding this comment.
Is there a reason we're not using httputil.ReverseProxy? I'm mostly thinking about annoying bits like websocket / upgrade support (which ends up being used for logs and things, I think).
There was a problem hiding this comment.
Is there a reason we're not using
httputil.ReverseProxy? I'm mostly thinking about annoying bits like websocket / upgrade support (which ends up being used for logs and things, I think).
Is there going to be websocket? this proxy is meant to only talk to k8s API endpoint and I think that is mostly https. However, it wouldn't hurt to use httputil.ReverseProxy.
Nino-K
force-pushed
the
add-wsl-integration-proxy
branch
from
78dc380
to
ce59765
Compare
mook-as
suggested changes
Jan 31, 2024
cmd/proxy/wsl_integration_linux.go
Outdated
Comment on lines
53
to
55
| http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { | ||
| proxy.ServeHTTP(writer, request) | ||
| }) |
There was a problem hiding this comment.
Is there a reason this isn't just
http.ListenAndServe(listenAddr, proxy)
This commit introduces a proxy server that actively listens in the default network, capturing all incoming requests destined for the Kubernetes API server within the network namespace. Signed-off-by: Nino Kodabande <[email protected]>
Signed-off-by: Nino Kodabande <[email protected]>
Signed-off-by: Nino Kodabande <[email protected]>
Nino-K
force-pushed
the
add-wsl-integration-proxy
branch
from
ce59765
to
3e7b8b6
Compare
mook-as
approved these changes
Jan 31, 2024
Comment on lines
+55
to
+57
| if err != nil { | ||
| logrus.Error("Error starting server:", err) | ||
| } |
There was a problem hiding this comment.
FWIW, the docs says:
ListenAndServe always returns a non-nil error.
But I don't think that's an issue here.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces a proxy server that actively listens in the default network, capturing all incoming requests destined for the Kubernetes API server within the network namespace.
Related to: rancher-sandbox/rancher-desktop#6245
Fixes: rancher-sandbox/rancher-desktop#6359