mirror of
https://gitea.com/Lydanne/buildx.git
synced 2025-07-09 21:17:09 +08:00
vendor: update buildkit
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
47
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
generated
vendored
47
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
generated
vendored
@ -18,7 +18,6 @@ package exec
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
@ -34,7 +33,8 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
"golang.org/x/term"
|
||||
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
@ -52,7 +52,6 @@ import (
|
||||
)
|
||||
|
||||
const execInfoEnv = "KUBERNETES_EXEC_INFO"
|
||||
const onRotateListWarningLength = 1000
|
||||
const installHintVerboseHelp = `
|
||||
|
||||
It looks like you are trying to use a client-go credential plugin that is not installed.
|
||||
@ -177,6 +176,12 @@ func newAuthenticator(c *cache, config *api.ExecConfig, cluster *clientauthentic
|
||||
return nil, fmt.Errorf("exec plugin: invalid apiVersion %q", config.APIVersion)
|
||||
}
|
||||
|
||||
connTracker := connrotation.NewConnectionTracker()
|
||||
defaultDialer := connrotation.NewDialerWithTracker(
|
||||
(&net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).DialContext,
|
||||
connTracker,
|
||||
)
|
||||
|
||||
a := &Authenticator{
|
||||
cmd: config.Command,
|
||||
args: config.Args,
|
||||
@ -193,9 +198,12 @@ func newAuthenticator(c *cache, config *api.ExecConfig, cluster *clientauthentic
|
||||
|
||||
stdin: os.Stdin,
|
||||
stderr: os.Stderr,
|
||||
interactive: terminal.IsTerminal(int(os.Stdout.Fd())),
|
||||
interactive: term.IsTerminal(int(os.Stdin.Fd())),
|
||||
now: time.Now,
|
||||
environ: os.Environ,
|
||||
|
||||
defaultDialer: defaultDialer,
|
||||
connTracker: connTracker,
|
||||
}
|
||||
|
||||
for _, env := range config.Env {
|
||||
@ -229,6 +237,11 @@ type Authenticator struct {
|
||||
now func() time.Time
|
||||
environ func() []string
|
||||
|
||||
// defaultDialer is used for clients which don't specify a custom dialer
|
||||
defaultDialer *connrotation.Dialer
|
||||
// connTracker tracks all connections opened that we need to close when rotating a client certificate
|
||||
connTracker *connrotation.ConnectionTracker
|
||||
|
||||
// Cached results.
|
||||
//
|
||||
// The mutex also guards calling the plugin. Since the plugin could be
|
||||
@ -236,8 +249,6 @@ type Authenticator struct {
|
||||
mu sync.Mutex
|
||||
cachedCreds *credentials
|
||||
exp time.Time
|
||||
|
||||
onRotateList []func()
|
||||
}
|
||||
|
||||
type credentials struct {
|
||||
@ -266,20 +277,12 @@ func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
|
||||
}
|
||||
c.TLS.GetCert = a.cert
|
||||
|
||||
var dial func(ctx context.Context, network, addr string) (net.Conn, error)
|
||||
var d *connrotation.Dialer
|
||||
if c.Dial != nil {
|
||||
dial = c.Dial
|
||||
// if c has a custom dialer, we have to wrap it
|
||||
d = connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
|
||||
} else {
|
||||
dial = (&net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).DialContext
|
||||
}
|
||||
d := connrotation.NewDialer(dial)
|
||||
|
||||
a.mu.Lock()
|
||||
defer a.mu.Unlock()
|
||||
a.onRotateList = append(a.onRotateList, d.CloseAll)
|
||||
onRotateListLength := len(a.onRotateList)
|
||||
if onRotateListLength > onRotateListWarningLength {
|
||||
klog.Warningf("constructing many client instances from the same exec auth config can cause performance problems during cert rotation and can exhaust available network connections; %d clients constructed calling %q", onRotateListLength, a.cmd)
|
||||
d = a.defaultDialer
|
||||
}
|
||||
|
||||
c.Dial = d.DialContext
|
||||
@ -398,7 +401,9 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
|
||||
cmd.Stdin = a.stdin
|
||||
}
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
err = cmd.Run()
|
||||
incrementCallsMetric(err)
|
||||
if err != nil {
|
||||
return a.wrapCmdRunErrorLocked(err)
|
||||
}
|
||||
|
||||
@ -458,9 +463,7 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
|
||||
if oldCreds.cert != nil && oldCreds.cert.Leaf != nil {
|
||||
metrics.ClientCertRotationAge.Observe(time.Now().Sub(oldCreds.cert.Leaf.NotBefore))
|
||||
}
|
||||
for _, onRotate := range a.onRotateList {
|
||||
onRotate()
|
||||
}
|
||||
a.connTracker.CloseAll()
|
||||
}
|
||||
|
||||
expiry := time.Time{}
|
||||
|
||||
49
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics.go
generated
vendored
49
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics.go
generated
vendored
@ -17,12 +17,39 @@ limitations under the License.
|
||||
package exec
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os/exec"
|
||||
"reflect"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"k8s.io/client-go/tools/metrics"
|
||||
)
|
||||
|
||||
// The following constants shadow the special values used in the prometheus metrics implementation.
|
||||
const (
|
||||
// noError indicates that the plugin process was successfully started and exited with an exit
|
||||
// code of 0.
|
||||
noError = "no_error"
|
||||
// pluginExecutionError indicates that the plugin process was successfully started and then
|
||||
// it returned a non-zero exit code.
|
||||
pluginExecutionError = "plugin_execution_error"
|
||||
// pluginNotFoundError indicates that we could not find the exec plugin.
|
||||
pluginNotFoundError = "plugin_not_found_error"
|
||||
// clientInternalError indicates that we attempted to start the plugin process, but failed
|
||||
// for some reason.
|
||||
clientInternalError = "client_internal_error"
|
||||
|
||||
// successExitCode represents an exec plugin invocation that was successful.
|
||||
successExitCode = 0
|
||||
// failureExitCode represents an exec plugin invocation that was not successful. This code is
|
||||
// used in some failure modes (e.g., plugin not found, client internal error) so that someone
|
||||
// can more easily monitor all unsuccessful invocations.
|
||||
failureExitCode = 1
|
||||
)
|
||||
|
||||
type certificateExpirationTracker struct {
|
||||
mu sync.RWMutex
|
||||
m map[*Authenticator]time.Time
|
||||
@ -58,3 +85,25 @@ func (c *certificateExpirationTracker) set(a *Authenticator, t time.Time) {
|
||||
c.metricSet(&earliest)
|
||||
}
|
||||
}
|
||||
|
||||
// incrementCallsMetric increments a global metrics counter for the number of calls to an exec
|
||||
// plugin, partitioned by exit code. The provided err should be the return value from
|
||||
// exec.Cmd.Run().
|
||||
func incrementCallsMetric(err error) {
|
||||
execExitError := &exec.ExitError{}
|
||||
execError := &exec.Error{}
|
||||
switch {
|
||||
case err == nil: // Binary execution succeeded.
|
||||
metrics.ExecPluginCalls.Increment(successExitCode, noError)
|
||||
|
||||
case errors.As(err, &execExitError): // Binary execution failed (see "os/exec".Cmd.Run()).
|
||||
metrics.ExecPluginCalls.Increment(execExitError.ExitCode(), pluginExecutionError)
|
||||
|
||||
case errors.As(err, &execError): // Binary does not exist (see exec.Error).
|
||||
metrics.ExecPluginCalls.Increment(failureExitCode, pluginNotFoundError)
|
||||
|
||||
default: // We don't know about this error type.
|
||||
klog.V(2).InfoS("unexpected exec plugin return error type", "type", reflect.TypeOf(err).String(), "err", err)
|
||||
metrics.ExecPluginCalls.Increment(failureExitCode, clientInternalError)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user