feat: Support infra-specific httpproxy patches (#141)

Co-authored-by: Jimmi Dyson <[email protected]>

Author: dlipovetsky

pkg/handlers/httpproxy/inject.go

@@ -31,6 +31,10 @@ import (
 const (
 	// HandlerNamePatch is the name of the inject handler.
 	HandlerNamePatch = "HTTPProxyPatch"
+
+	// instanceMetadataIP is the IPv4 address used to retrieve
+	// instance metadata in AWS, Azure, OpenStack, etc.
+	instanceMetadataIP = "169.254.169.254"
 )
 
 type httpProxyPatchHandler struct {
@@ -189,17 +193,47 @@ func generateNoProxy(cluster *capiv1.Cluster) []string {
 		serviceDomain = cluster.Spec.ClusterNetwork.ServiceDomain
 	}
 
-	noProxy = append(noProxy, []string{
+	noProxy = append(
+		noProxy,
 		"kubernetes",
 		"kubernetes.default",
 		".svc",
-	}...)
-
-	// append .svc.<SERVICE_DOMAIN>
-	noProxy = append(
-		noProxy,
+		// append .svc.<SERVICE_DOMAIN>
 		fmt.Sprintf(".svc.%s", strings.TrimLeft(serviceDomain, ".")),
 	)
 
+	if cluster.Spec.InfrastructureRef == nil {
+		return noProxy
+	}
+
+	// Add infra-specific entries
+	switch cluster.Spec.InfrastructureRef.Kind {
+	case "AWSCluster", "AWSManagedCluster":
+		noProxy = append(
+			noProxy,
+			// Exclude the instance metadata service
+			instanceMetadataIP,
+			// Exclude the control plane endpoint
+			".elb.amazonaws.com",
+		)
+	case "AzureCluster", "AzureManagedControlPlane":
+		noProxy = append(
+			noProxy,
+			// Exclude the instance metadata service
+			instanceMetadataIP,
+		)
+	case "GCPCluster":
+		noProxy = append(
+			noProxy,
+			// Exclude the instance metadata service
+			instanceMetadataIP,
+			// Exclude aliases for instance metadata service.
+			// See https://cloud.google.com/vpc/docs/special-configurations
+			"metadata",
+			"metadata.google.internal",
+		)
+	default:
+		// Unknown infrastructure. Do nothing.
+	}
 	return noProxy
 }

pkg/handlers/httpproxy/inject_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apiserver/pkg/storage/names"
 	capiv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
@@ -134,6 +135,90 @@ func TestGenerateNoProxy(t *testing.T) {
 				"kubernetes.default", ".svc", ".svc.cluster.local",
 			},
 		},
+		{
+			name: "Unknown infrastructure cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "SomeFakeInfrastructureCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local",
+			},
+		},
+		{
+			name: "AWS cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "AWSCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local", "169.254.169.254", ".elb.amazonaws.com",
+			},
+		},
+		{
+			name: "AWS managed (EKS) cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "AWSManagedCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local", "169.254.169.254", ".elb.amazonaws.com",
+			},
+		},
+		{
+			name: "Azure cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "AzureCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local", "169.254.169.254",
+			},
+		},
+		{
+			name: "Azure managed (AKS) cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "AzureCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local", "169.254.169.254",
+			},
+		},
+		{
+			name: "GCP cluster",
+			cluster: &capiv1.Cluster{
+				Spec: capiv1.ClusterSpec{
+					InfrastructureRef: &v1.ObjectReference{
+						Kind: "GCPCluster",
+					},
+				},
+			},
+			expectedNoProxy: []string{
+				"localhost", "127.0.0.1", "kubernetes", "kubernetes.default",
+				".svc", ".svc.cluster.local", "169.254.169.254", "metadata", "metadata.google.internal",
+			},
+		},
 		{
 			name: "custom service network",
 			cluster: &capiv1.Cluster{