Merge pull request #1 from plkokanov/add-quic-reverse-http-tunnel-code

Add quic reverse http tunnel code from `mvladev/quic-reverse-http-tunnel` and update dependencies

.github/dependabot.yaml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+# Create PRs for github.com/quic-go/quic-go dependency updates
+- package-ecosystem: gomod
+  directory: /
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 5
+  allow:
+  - dependency-name: "github.com/quic-go/quic-go"
+# Create PRs for golang version updates
+- package-ecosystem: docker
+  directory: /
+  schedule:
+    interval: daily

.gitignore

@@ -0,0 +1,21 @@
+/tmp
+/dev
+/local
+**/dev
+/bin
+
+*.coverprofile
+*.html
+.vscode
+.idea
+.DS_Store
+*~
+
+TODO
+
+# Virtual go & fuse
+.virtualgo
+.fuse_hidden*
+
+# GitGuardian
+.cache_ggshield

.reuse/dep5

@@ -1,7 +1,8 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Gardener <repo name>
+Upstream-Name: Gardener fork of mvladev/quic-reverse-http-tunnel
 Upstream-Contact: The Gardener project <[email protected]>
-Source: https://github.com/gardener/<repo name>
+Source: https://github.com/gardener/quic-reverse-http-tunnel
+Comment: This is a fork of mvladev/quic-reverse-http-tunnel (https://github.com/mvladev/quic-reverse-http-tunnel)
 
 # --------------------------------------------------
 # source code
@@ -16,16 +17,3 @@ License: Apache-2.0
 Files: *.md
 Copyright: 2017-2024 SAP SE or an SAP affiliate company and Gardener contributors
 License: CC-BY-4.0
-
-# --------------------------------------------------
-# third-party
-
-# --- copied source code ---
-# Files: 
-# Copyright: 
-# License: 
-
-# --- vendor folder dependencies ---
-# Files:
-# Copyright:
-# License:

CODEOWNERS

@@ -1,2 +1,2 @@
-# <repo name> maintainers
-*   @gardener/<maintainer team>
+# quic-reverse-http-tunnel maintainers
+*   @gardener/quic-reverse-http-tunnel-maintainers

Dockerfile

@@ -0,0 +1,31 @@
+# Modifications Copyright 2024 SAP SE or an SAP affiliate company and Gardener contributors
+
+############# builder
+FROM golang:1.21.7 AS builder
+ARG GOPROXY=https://proxy.golang.org,direct
+ENV GOPROXY=$GOPROXY
+WORKDIR /go/src/github.com/gardener/quic-reverse-http-tunnel
+COPY . .
+RUN make install
+
+
+############# distroless-static
+FROM gcr.io/distroless/static-debian12:nonroot as distroless-static
+
+############# server
+FROM distroless-static AS server
+COPY --from=builder /go/bin/server /server
+WORKDIR /
+ENTRYPOINT ["/server"]
+
+############# client
+FROM distroless-static AS client
+COPY --from=builder /go/bin/client /client
+WORKDIR /
+ENTRYPOINT ["/client"]
+
+############# client-tcp
+FROM distroless-static AS client-tcp
+COPY --from=builder /go/bin/client-tcp /client-tcp
+WORKDIR /
+ENTRYPOINT ["/client-tcp"]

Makefile

@@ -0,0 +1,71 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+REGISTRY              := ghcr.io/gardener/quic-reverse-http-tunnel
+CLIENT_IMAGE_NAME     := $(REGISTRY)/quic-client
+CLIENT_TCP_IMAGE_NAME := $(REGISTRY)/quic-client-tcp
+SERVER_IMAGE_NAME     := $(REGISTRY)/quic-server
+VERSION               := v0.1.4
+
+LOCAL_CERTS_DIR := dev/certs
+LOCAL_CERTS     := $(LOCAL_CERTS_DIR)/ca.crt $(LOCAL_CERTS_DIR)/ca.key $(LOCAL_CERTS_DIR)/client.crt $(LOCAL_CERTS_DIR)/client.key $(LOCAL_CERTS_DIR)/tls.crt $(LOCAL_CERTS_DIR)/tls.key
+
+#########################################
+# Rules for local development scenarios #
+#########################################
+
+$(LOCAL_CERTS):
+	@bash hack/gencerts.sh $(LOCAL_CERTS_DIR)
+
+.PHONY: start-server
+start-server: $(LOCAL_CERTS)
+	@go run cmd/server/main.go \
+		--listen-tcp 0.0.0.0:10443 \
+		--listen-quic 0.0.0.0:8888 \
+		--cert-file $(LOCAL_CERTS_DIR)/tls.crt \
+		--cert-key $(LOCAL_CERTS_DIR)/tls.key \
+		--client-ca-file $(LOCAL_CERTS_DIR)/ca.crt \
+		--v=2
+
+.PHONY: start-client
+start-client: $(LOCAL_CERTS)
+	@go run cmd/client/main.go \
+		--server=localhost:8888 \
+		--ca-file $(LOCAL_CERTS_DIR)/ca.crt \
+		--cert-file $(LOCAL_CERTS_DIR)/client.crt \
+		--cert-key $(LOCAL_CERTS_DIR)/client.key \
+		--v=2
+
+.PHONY: start-client-tcp
+start-client-tcp: $(LOCAL_CERTS)
+	@go run cmd/client-tcp/main.go \
+		--server=localhost:8888 \
+		--ca-file $(LOCAL_CERTS_DIR)/ca.crt \
+		--cert-file $(LOCAL_CERTS_DIR)/client.crt \
+		--cert-key $(LOCAL_CERTS_DIR)/client.key \
+		--upstream=www.example.com:80 \
+		--v=2
+
+#################################################################
+# Rules related to binary build, Docker image build and release #
+#################################################################
+
+.PHONY: docker-images
+docker-images:
+	@docker build --platform linux/amd64,linux/arm64 -t $(CLIENT_IMAGE_NAME):$(VERSION) -t $(CLIENT_IMAGE_NAME):latest -f Dockerfile --target client .
+	@docker build --platform linux/amd64,linux/arm64 -t $(CLIENT_TCP_IMAGE_NAME):$(VERSION) -t $(CLIENT_TCP_IMAGE_NAME):latest -f Dockerfile --target client-tcp .
+	@docker build --platform linux/amd64,linux/arm64 -t $(SERVER_IMAGE_NAME):$(VERSION) -t $(SERVER_IMAGE_NAME):latest -f Dockerfile --target server .
+
+.PHONY: push-docker-images
+push-docker-images:
+	@docker push $(CLIENT_IMAGE_NAME):$(VERSION)
+	@docker push $(CLIENT_TCP_IMAGE_NAME):$(VERSION)
+	@docker push $(SERVER_IMAGE_NAME):$(VERSION)
+	@docker push $(CLIENT_IMAGE_NAME):latest
+	@docker push $(CLIENT_TCP_IMAGE_NAME):latest
+	@docker push $(SERVER_IMAGE_NAME):latest
+
+.PHONY: install
+install:
+	@CGO_ENABLED=0 GOOS=$(go env GOOS) GOARCH=$(go env GOARCH) GO111MODULE=on go install ./...

README.md

@@ -1,101 +1,73 @@
-# <repo name>
+# quic-reverse-http-tunnel
 
-[![reuse compliant](https://reuse.software/badge/reuse-compliant.svg)](https://reuse.software/)
+[![REUSE status](https://api.reuse.software/badge/github.com/gardener/quic-reverse-http-tunnel)](https://api.reuse.software/info/github.com/gardener/quic-reverse-http-tunnel)
 
-## How to use this repository template
+## What it does
 
-This template repository can be used to seed new git repositories in the gardener github organisation.
+It's a reverse HTTP Tunnel using QUIC:
 
-- [Create the new repository](https://docs.github.com/en/free-pro-team@latest/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template)
-  based on this template repository
-- Replacing placeholders:
-  - In file `.reuse/dep5` replace placeholder `<repo name>` with the name of your new repository.
-  - In file `CODEOWNERS` replace `<repo name>` and `<maintainer team>`. Use the name of the github team in [gardener teams](https://github.com/orgs/gardener/teams) defining maintainers of the new repository.
-- Set the repository description in the "About" section of your repository
-- Describe the new component in additional sections in this `README.md`
-- Ask the [Owner of the gardener github organisation](https://github.com/orgs/gardener/people?query=role%3Aowner)
-  - to double-check the initial content of this repository
-  - to create the maintainer team for this new repository
-  - to make this repository public
-  - protect at least the master branch requiring mandatory code review by the maintainers defined in CODEOWNERS
-  - grant admin permission to the maintainers team of the new repository defined in CODEOWNERS
-
-## Maintain copyright and license information
-By default all source code files are under `Apache 2.0` and all markdown files are under `Creative Commons` license.
-
-When creating new source code files the license and copyright information should be provided using corresponding SPDX headers.
-
-Example for go source code files (replace `<year>` with the current year)
-```
-/*
- * SPDX-FileCopyrightText: <year> SAP SE or an SAP affiliate company and Gardener contributors
- *
- * SPDX-License-Identifier: Apache-2.0
- */
+```text
+K8S apiserver / curl --- TCP ----> [proxy-server] ---- QUIC ----> [proxy-agent]---TCP--> [kubelet]
 ```
 
-### Third-party source code
+1. the proxy-server listens for `tcp` (no HTTP server running) and `quic`.
+1. The proxy-agent talks to the server and opens a `quic` session.
+1. It starts a HTTP tunnel server that listens on that session for new streams.
+1. When the API server / curl talks to the proxy-server, it creates a new `quic` stream and sends the data to the proxy-agent.
+1. The HTTP server in the proxy-agent that listens on new quic streams accepts the stream, opens TCP connection to the requested host (from the CONNECT) and pipes the data back.
 
-If you copy third-party code into this repository or fork a repository, you must keep the license and copyright information (usually defined in the header of the file).
+The proxy can also run as a simple passthrough proxy via `client-tcp`
+## Building and running
 
-In addition you should adapt the `.reuse/dep5` file and assign the correct copyright and license information.
+Run the server:
 
-**Example `dep5` file if you copy source code into your repository:**
+```console
+$ make start-server
+2020/11/01 02:11:39 quick listener on 0.0.0.0:8888
+2020/11/01 02:11:39 tcp listener on 0.0.0.0:10443
+2020/11/01 02:11:39 waiting for new quic client session
+2020/11/01 02:11:39 waiting for tcp client connections
 ```
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Gardener <repo name>
-Upstream-Contact: The Gardener project <[email protected]>
-Source: https://github.com/gardener/<repo name>
 
-# --------------------------------------------------
-# source code
+in another terminal run the client:
 
-Files: *
-Copyright: 2017-2024 SAP SE or an SAP affiliate company and Gardener contributors
-License: Apache-2.0
+```console
+$ make start-client
+2020/11/01 02:13:31 dialing quic server...
+2020/11/01 02:13:31 starting http server
+```
 
-# --------------------------------------------------
-# documentation
+and in third try to access it:
 
-Files: *.md
-Copyright: 2017-2024 SAP SE or an SAP affiliate company and Gardener contributors
-License: CC-BY-4.0
+```console
+curl -p --proxy localhost:10443 http://www.example.com
+```
 
-# --------------------------------------------------
-# third-party
+If you want to test the passthrough proxy instead:
 
-# --- copied source code ---
-Files: pkg/utils/validation/kubernetes/core/*
-Copyright: 2014 The Kubernetes Authors.
-License: Apache-2.0
-```
-**Example `dep5` file if you have forked a repository:**
-```
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Gardener fork of kubernetes/autoscaler
-Upstream-Contact: The Gardener project <[email protected]>
-Source: https://github.com/gardener/autoscaler
-Comment: This is a fork of kubernetes/autoscaler (https://github.com/kubernetes/autoscaler)
-
-# --------------------------------------------------
-# source code
-
-Files: *
-Copyright: 2016-2018 The Kubernetes Authors.
-License: Apache-2.0
-
-Files: .ci/*
-Copyright: 2024 SAP SE or an SAP affiliate company and Gardener contributors
-License: Apache-2.0
+```console
+$ make start-client-tcp
+2020/11/25 12:07:07 dialing quic server...
+2020/11/25 12:07:07 connected to quic server
 ```
 
-#### Modifications
-In case you modify copied/forked source code you must state this in the header via the following text:
+## Docker images
 
-**Modifications Copyright <year> SAP SE or an SAP affiliate company and Gardener contributors**
+Docker images are available at:
 
+- `ghcr.io/gardener/quic-reverse-http-tunnel/quic-server:latest`
+- `ghcr.io/gardener/quic-reverse-http-tunnel/quic-client:latest`
+- `ghcr.io/gardener/quic-reverse-http-tunnel/quic-client-tcp:latest`
 
-### Get your reuse badge
-To get your project reuse compliant you should register it [here](https://api.reuse.software/register) using your SAP email address. After confirming your email, an inital reuse check is done by the reuse API.
+If you want to use a specific version tag, the latest version is specified in the `VERSION` variable in the repository's [`Makefile`](./Makefile).
 
-To add the badge to your project's `README.md` file, use the snipped provided by the reuse API.
+When you want to update the docker images and push a new version:
+1. Bump the `VERSION` variable in the repository's [`Makefile`](./Makefile)
+1. Run the following command to build new images:
+    ```console
+    make docker-images
+    ```
+1. Run the following command to push the images to `ghcr.io/gardener/quic-reverse-http-tunnel`
+    ```console
+    make push-docker-images
+    ```