Merge pull request #10498 from thockin/hostport-to-service

Fix leaking process in hostport proxy

contrib/for-demos/proxy-to-service/Dockerfile

@@ -3,6 +3,7 @@ FROM progrium/busybox
 MAINTAINER Tim Hockin "thockin@google.com"
 
 RUN opkg-install socat
+ADD start.sh start.sh
 
-# Usage: docker run -p <host-port>:<port> <this-container> <tcp|udp> <port> <service-name>
-ENTRYPOINT [ "sh", "-c", "PROTO=$(echo $0 | tr a-z A-Z); exec socat ${PROTO}-LISTEN:$1,reuseaddr,fork ${PROTO}:$2:$1" ]
+# Usage: docker run -p <host-port>:<port> <this-container> <tcp|udp> <port> <service-name> [timeout]
+ENTRYPOINT ["/start.sh"]

contrib/for-demos/proxy-to-service/Makefile

@@ -4,7 +4,7 @@
 
 .PHONY: all container push
 
-TAG = v1
+TAG = v2
 PREFIX = gcr.io/google_containers
 NAME = proxy-to-service
 

contrib/for-demos/proxy-to-service/README.md

@@ -7,7 +7,7 @@ also can not choose to expose it on some nodes but not others.  These things
 will be fixed in the future, but until then, here is a stop-gap measure you can
 use.
 
-The container image `gcr.io/google_containers/proxy-to-service:v1` is a very
+The container image `gcr.io/google_containers/proxy-to-service:v2` is a very
 small container that will do port-forwarding for you.  You can use it to
 forward a pod port or a host port to a service.  Pods can choose any port or
 host port, and are not limited in the same way Services are.
@@ -23,15 +23,15 @@ metadata:
 spec:
   containers:
   - name: proxy-udp
-    image: gcr.io/google_containers/proxy-to-service:v1
-    args: [ "udp", "53", "kube-dns.default" ]
+    image: gcr.io/google_containers/proxy-to-service:v2
+    args: [ "udp", "53", "kube-dns.default", "1" ]
     ports:
     - name: udp
       protocol: UDP
       containerPort: 53
       hostPort: 53
   - name: proxy-tcp
-    image: gcr.io/google_containers/proxy-to-service:v1
+    image: gcr.io/google_containers/proxy-to-service:v2
     args: [ "tcp", "53", "kube-dns.default" ]
     ports:
     - name: tcp
@@ -42,7 +42,14 @@ spec:
 
 This creates a pod with two containers (one for TCP, one for UDP).  Each
 container receives traffic on a port (53 here) and forwards that traffic to the
-kube-dns service.  You can run this on as many or as few nodes as you want.
+`kube-dns` service.  You can run this on as many or as few nodes as you want.
+
+Note that the UDP container has a 4th argument - this is a timeout.  Unlike
+TCP, UDP does not really have a concept of "connection terminated".  If you
+need to proxy UDP, you should choose an appropriate timeout.  You can specify a
+timeout for TCP sessions too, which will close the session after the specified
+number of seconds of inactivity.  In this case, DNS sessions are not really
+ever reused, so a short timeout is appropriate.
 
 
 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/contrib/for-demos/proxy-to-service/README.md?pixel)]()

contrib/for-demos/proxy-to-service/start.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Usage: $0 <protocol> <port> <service> [timeout]
+#   protocol: tcp|udp - case insensitive
+#   port: port number on which to receive and connect
+#   service: the destination service name or IP
+#   timeout: idle timeout in seconds (optional)
+
+if [[ -z "$1" -o -z "$2" -o -z "$3" ]]; then
+    echo "usage: $0 <protocol> <port> <service> [timeout]"
+    exit 1
+fi
+
+PROTO=$(echo $1 | tr a-z A-Z)
+TIMEOUT=""
+test -n "$4" && TIMEOUT="-T$4"
+
+CMD="socat ${TIMEOUT} ${PROTO}-LISTEN:$2,reuseaddr,fork ${PROTO}:$3:$2"
+echo "Running ${CMD}"
+exec ${CMD}

hooks/boilerplate.py

@@ -33,11 +33,16 @@ def file_passes(filename, extension, ref, regexs):
 
     data = f.read()
 
-    # remove build tags from the top of Go file
+    # remove build tags from the top of Go files
     if extension == "go":
         p = regexs["go_build_constraints"]
         (data, found) = p.subn("", data, 1)
 
+    # remove shebang from the top of shell files
+    if extension == "sh":
+        p = regexs["shebang"]
+        (data, found) = p.subn("", data, 1)
+
     data = data.splitlines()
 
     # if our test file is smaller than the reference it surely fails!
@@ -91,6 +96,8 @@ def main():
     regexs["date"] = re.compile( '(2014|2015)' )
     # strip // +build \n\n build constraints
     regexs["go_build_constraints"] = re.compile(r"^(// \+build.*\n)+\n", re.MULTILINE)
+    # strip #!.* from shell scripts
+    regexs["shebang"] = re.compile(r"^(#!.*\n)\n*", re.MULTILINE)
 
     for filename in filenames:
         if not file_passes(filename, extension, ref, regexs):

hooks/boilerplate.sh.txt

@@ -1,5 +1,3 @@
-#!/bin/bash
-
 # Copyright YEAR The Kubernetes Authors All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");