fix: upon DNS refresh() failure use previous values (#17561)
DNS refresh() in-case of MinIO can safely re-use the previous values on bare-metal setups, since bare-metal arrangements do not change DNS in any manner commonly. This PR simplifies that, we only ever need DNS caching on bare-metal setups. - On containerized setups do not enable DNS caching at all, as it may have adverse effects on the overall effectiveness of k8s DNS systems. k8s DNS systems are dynamic and expect applications to avoid managing DNS caching themselves, instead provide a cleaner container native caching implementations that must be used. - update IsDocker() detection, including podman runtime - move to minio/dnscache fork for a simpler package
This commit is contained in:
Harshavardhana
GitHub
49
cmd/utils.go
49
cmd/utils.go
@@ -557,8 +557,13 @@ func ToS3ETag(etag string) string {
|
||||
|
||||
// GetDefaultConnSettings returns default HTTP connection settings.
|
||||
func GetDefaultConnSettings() xhttp.ConnSettings {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -568,8 +573,13 @@ func GetDefaultConnSettings() xhttp.ConnSettings {
|
||||
// NewInternodeHTTPTransport returns a transport for internode MinIO
|
||||
// connections.
|
||||
func NewInternodeHTTPTransport() func() http.RoundTripper {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
CipherSuites: fips.TLSCiphers(),
|
||||
@@ -582,8 +592,13 @@ func NewInternodeHTTPTransport() func() http.RoundTripper {
|
||||
// NewCustomHTTPProxyTransport is used only for proxied requests, specifically
|
||||
// only supports HTTP/1.1
|
||||
func NewCustomHTTPProxyTransport() func() *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
CipherSuites: fips.TLSCiphers(),
|
||||
@@ -596,8 +611,13 @@ func NewCustomHTTPProxyTransport() func() *http.Transport {
|
||||
// NewHTTPTransportWithClientCerts returns a new http configuration
|
||||
// used while communicating with the cloud backends.
|
||||
func NewHTTPTransportWithClientCerts(clientCert, clientKey string) *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
s := xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: defaultDialTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -609,8 +629,7 @@ func NewHTTPTransportWithClientCerts(clientCert, clientKey string) *http.Transpo
|
||||
defer cancel()
|
||||
transport, err := s.NewHTTPTransportWithClientCerts(ctx, clientCert, clientKey)
|
||||
if err != nil {
|
||||
logger.LogIf(ctx, fmt.Errorf("failed to load client key and cert, please check your endpoint configuration: %s",
|
||||
err.Error()))
|
||||
logger.LogIf(ctx, fmt.Errorf("Unable to load client key and cert, please check your client certificate configuration: %w", err))
|
||||
}
|
||||
return transport
|
||||
}
|
||||
@@ -629,9 +648,14 @@ const defaultDialTimeout = 5 * time.Second
|
||||
|
||||
// NewHTTPTransportWithTimeout allows setting a timeout.
|
||||
func NewHTTPTransportWithTimeout(timeout time.Duration) *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DialContext: newCustomDialContext(),
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: defaultDialTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -639,10 +663,8 @@ func NewHTTPTransportWithTimeout(timeout time.Duration) *http.Transport {
|
||||
}.NewHTTPTransportWithTimeout(timeout)
|
||||
}
|
||||
|
||||
type dialContext func(ctx context.Context, network, addr string) (net.Conn, error)
|
||||
|
||||
// newCustomDialContext setups a custom dialer for any external communication and proxies.
|
||||
func newCustomDialContext() dialContext {
|
||||
func newCustomDialContext() xhttp.DialContext {
|
||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
dialer := &net.Dialer{
|
||||
Timeout: 15 * time.Second,
|
||||
@@ -665,9 +687,14 @@ func newCustomDialContext() dialContext {
|
||||
// NewRemoteTargetHTTPTransport returns a new http configuration
|
||||
// used while communicating with the remote replication targets.
|
||||
func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DialContext: newCustomDialContext(),
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
EnableHTTP2: false,
|
||||
|
||||
Reference in New Issue
Block a user