cortexproject · pracucci · May 14, 2020 · Apr 9, 2020 · Apr 13, 2020 · Apr 13, 2020
diff --git a/cmd/query-tee/main.go b/cmd/query-tee/main.go
@@ -3,23 +3,23 @@ package main
 import (
 	"flag"
 	"os"
-	"time"
 
 	"github.com/go-kit/kit/log/level"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/weaveworks/common/logging"
 	"github.com/weaveworks/common/server"
 
 	"github.com/cortexproject/cortex/pkg/util"
+	"github.com/cortexproject/cortex/pkg/util/httpclient"
 )
 
 type Config struct {
-	ServerServicePort  int
-	ServerMetricsPort  int
-	BackendEndpoints   string
-	PreferredBackend   string
-	BackendReadTimeout time.Duration
-	LogLevel           logging.Level
+	ServerServicePort int
+	ServerMetricsPort int
+	BackendEndpoints  string
+	PreferredBackend  string
+	ClientConfig      httpclient.Config
+	LogLevel          logging.Level
 }
 
 func main() {
@@ -29,7 +29,7 @@ func main() {
 	flag.IntVar(&cfg.ServerMetricsPort, "server.metrics-port", 9900, "The port where metrics are exposed.")
 	flag.StringVar(&cfg.BackendEndpoints, "backend.endpoints", "", "Comma separated list of backend endpoints to query.")
 	flag.StringVar(&cfg.PreferredBackend, "backend.preferred", "", "The hostname of the preferred backend when selecting the response to send back to the client.")
-	flag.DurationVar(&cfg.BackendReadTimeout, "backend.read-timeout", 90*time.Second, "The timeout when reading the response from a backend.")
+	cfg.ClientConfig.RegisterFlags(flag.CommandLine)
 	cfg.LogLevel.RegisterFlags(flag.CommandLine)
 	flag.Parse()
 

diff --git a/cmd/query-tee/proxy.go b/cmd/query-tee/proxy.go
@@ -16,6 +16,8 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
+
+	"github.com/cortexproject/cortex/pkg/util/flagext"
 )
 
 var (
@@ -69,7 +71,9 @@ func NewProxy(cfg Config, logger log.Logger, registerer prometheus.Registerer) (
 			preferred = preferredIdx == idx
 		}
 
-		p.backends = append(p.backends, NewProxyBackend(name, u, cfg.BackendReadTimeout, preferred))
+		clientConfig := cfg.ClientConfig
+		clientConfig.Endpoint = flagext.URLValue{URL: u}
+		p.backends = append(p.backends, NewProxyBackend(name, &clientConfig, preferred))
 	}
 
 	// At least 1 backend is required

diff --git a/cmd/query-tee/proxy_backend.go b/cmd/query-tee/proxy_backend.go
@@ -5,46 +5,50 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
-	"net/url"
 	"path"
 	"time"
 
 	"github.com/pkg/errors"
+
+	"github.com/cortexproject/cortex/pkg/util/httpclient"
 )
 
 // ProxyBackend holds the information of a single backend.
 type ProxyBackend struct {
-	name     string
-	endpoint *url.URL
-	client   *http.Client
-	timeout  time.Duration
+	name         string
+	clientConfig *httpclient.Config
+	client       *http.Client
 
 	// Whether this is the preferred backend from which picking up
 	// the response and sending it back to the client.
 	preferred bool
 }
 
 // NewProxyBackend makes a new ProxyBackend
-func NewProxyBackend(name string, endpoint *url.URL, timeout time.Duration, preferred bool) *ProxyBackend {
+func NewProxyBackend(name string, config *httpclient.Config, preferred bool) *ProxyBackend {
+	roundTripper := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   config.ClientTimeout,
+			KeepAlive: 30 * time.Second,
+		}).DialContext,
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 100, // see https://github.com/golang/go/issues/13801
+		IdleConnTimeout:     config.BackendReadTimeout,
+	}
+	if tlsConfig := config.GetTLSConfig(); tlsConfig != nil {
+		roundTripper.TLSClientConfig = tlsConfig
+	}
+
 	return &ProxyBackend{
-		name:      name,
-		endpoint:  endpoint,
-		timeout:   timeout,
-		preferred: preferred,
+		name:         name,
+		clientConfig: config,
+		preferred:    preferred,
 		client: &http.Client{
 			CheckRedirect: func(_ *http.Request, _ []*http.Request) error {
 				return errors.New("the query-tee proxy does not follow redirects")
 			},
-			Transport: &http.Transport{
-				Proxy: http.ProxyFromEnvironment,
-				DialContext: (&net.Dialer{
-					Timeout:   30 * time.Second,
-					KeepAlive: 30 * time.Second,
-				}).DialContext,
-				MaxIdleConns:        100,
-				MaxIdleConnsPerHost: 100, // see https://github.com/golang/go/issues/13801
-				IdleConnTimeout:     90 * time.Second,
-			},
+			Transport: roundTripper,
 		},
 	}
 }
@@ -65,19 +69,19 @@ func (b *ProxyBackend) createBackendRequest(orig *http.Request) (*http.Request,
 	}
 
 	// Replace the endpoint with the backend one.
-	req.URL.Scheme = b.endpoint.Scheme
-	req.URL.Host = b.endpoint.Host
+	req.URL.Scheme = b.clientConfig.Endpoint.Scheme
+	req.URL.Host = b.clientConfig.Endpoint.Host
 
 	// Prepend the endpoint path to the request path.
-	req.URL.Path = path.Join(b.endpoint.Path, req.URL.Path)
+	req.URL.Path = path.Join(b.clientConfig.Endpoint.Path, req.URL.Path)
 
 	// Replace the auth:
 	// - If the endpoint has user and password, use it.
 	// - If the endpoint has user only, keep it and use the request password (if any).
 	// - If the endpoint has no user and no password, use the request auth (if any).
 	clientUser, clientPass, clientAuth := orig.BasicAuth()
-	endpointUser := b.endpoint.User.Username()
-	endpointPass, _ := b.endpoint.User.Password()
+	endpointUser := b.clientConfig.Endpoint.User.Username()
+	endpointPass, _ := b.clientConfig.Endpoint.User.Password()
 
 	if endpointUser != "" && endpointPass != "" {
 		req.SetBasicAuth(endpointUser, endpointPass)
@@ -92,7 +96,7 @@ func (b *ProxyBackend) createBackendRequest(orig *http.Request) (*http.Request,
 
 func (b *ProxyBackend) doBackendRequest(req *http.Request) (int, []byte, error) {
 	// Honor the read timeout.
-	ctx, cancel := context.WithTimeout(context.Background(), b.timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), b.clientConfig.ClientTimeout)
 	defer cancel()
 
 	// Execute the request.

diff --git a/cmd/query-tee/proxy_backend_test.go b/cmd/query-tee/proxy_backend_test.go
@@ -9,6 +9,8 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/cortexproject/cortex/pkg/util/httpclient"
 )
 
 func Test_ProxyBackend_createBackendRequest_HTTPBasicAuthentication(t *testing.T) {
@@ -61,7 +63,7 @@ func Test_ProxyBackend_createBackendRequest_HTTPBasicAuthentication(t *testing.T
 			orig := httptest.NewRequest("GET", "/test", nil)
 			orig.SetBasicAuth(testData.clientUser, testData.clientPass)
 
-			b := NewProxyBackend("test", u, time.Second, false)
+			b := NewProxyBackend("test", httpclient.ConfigFromURLAndTimeout(u, time.Second), false)
 			r, err := b.createBackendRequest(orig)
 			require.NoError(t, err)
 

diff --git a/cmd/query-tee/proxy_test.go b/cmd/query-tee/proxy_test.go
@@ -13,6 +13,8 @@ import (
 	"github.com/go-kit/kit/log"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/cortexproject/cortex/pkg/util/httpclient"
 )
 
 func Test_NewProxy(t *testing.T) {
@@ -146,11 +148,13 @@ func Test_Proxy_RequestsForwarding(t *testing.T) {
 
 			// Start the proxy.
 			cfg := Config{
-				BackendEndpoints:   strings.Join(backendURLs, ","),
-				PreferredBackend:   strconv.Itoa(testData.preferredBackendIdx),
-				ServerServicePort:  0,
-				ServerMetricsPort:  0,
-				BackendReadTimeout: time.Second,
+				BackendEndpoints:  strings.Join(backendURLs, ","),
+				PreferredBackend:  strconv.Itoa(testData.preferredBackendIdx),
+				ServerServicePort: 0,
+				ServerMetricsPort: 0,
+				ClientConfig: httpclient.Config{
+					ClientTimeout: time.Second,
+				},
 			}
 
 			p, err := NewProxy(cfg, log.NewNopLogger(), nil)