@blogic-cz/agent-tools 0.14.30 → 0.14.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -240,6 +240,10 @@
|
|
|
240
240
|
"description": "Optional timeout for establishing a tunnel, in milliseconds.",
|
|
241
241
|
"type": "number"
|
|
242
242
|
},
|
|
243
|
+
"apiProbeTimeoutMs": {
|
|
244
|
+
"description": "Timeout in milliseconds for the Kubernetes API-server reachability probe run before a tunnel attempt. Lets the direct (no-VPN) attempt fail fast instead of waiting out tunnelTimeoutMs when the API server is unreachable. Set to 0 to disable. Defaults to 2000.",
|
|
245
|
+
"type": "number"
|
|
246
|
+
},
|
|
243
247
|
"remotePort": {
|
|
244
248
|
"description": "Optional remote database port used by the tunnel.",
|
|
245
249
|
"type": "number"
|
package/src/config/types.ts
CHANGED
|
@@ -103,6 +103,15 @@ export type DatabaseConfig = ProfilePrerequisites & {
|
|
|
103
103
|
service?: string;
|
|
104
104
|
};
|
|
105
105
|
tunnelTimeoutMs?: number;
|
|
106
|
+
/**
|
|
107
|
+
* Timeout in milliseconds for the cheap Kubernetes API-server reachability probe
|
|
108
|
+
* run before attempting a tunnel. When the API server is unreachable (VPN down and
|
|
109
|
+
* not on the office network) `kubectl port-forward` hangs silently on TCP connect, so
|
|
110
|
+
* a short probe lets the direct (no-VPN) attempt fail fast and fall back to connecting
|
|
111
|
+
* the VPN instead of waiting out `tunnelTimeoutMs`. Set to 0 to disable the probe.
|
|
112
|
+
* Defaults to 2000.
|
|
113
|
+
*/
|
|
114
|
+
apiProbeTimeoutMs?: number;
|
|
106
115
|
remotePort?: number;
|
|
107
116
|
};
|
|
108
117
|
|
package/src/db-tool/service.ts
CHANGED
|
@@ -51,6 +51,27 @@ export function resolveDbAccessMode(
|
|
|
51
51
|
};
|
|
52
52
|
}
|
|
53
53
|
|
|
54
|
+
/**
|
|
55
|
+
* Build the kubectl args for the lightweight API-server reachability probe.
|
|
56
|
+
* Hitting `/version` via `--raw` is the cheapest authenticated round-trip; `--request-timeout`
|
|
57
|
+
* bounds it so an unreachable server (VPN down, off the office network) fails fast instead of
|
|
58
|
+
* letting a subsequent `kubectl port-forward` hang on a silent TCP connect.
|
|
59
|
+
*/
|
|
60
|
+
export function buildApiProbeArgs(
|
|
61
|
+
kubeconfig: string | undefined,
|
|
62
|
+
context: string,
|
|
63
|
+
timeoutMs: number,
|
|
64
|
+
): string[] {
|
|
65
|
+
return [
|
|
66
|
+
...(kubeconfig ? ["--kubeconfig", kubeconfig] : []),
|
|
67
|
+
"--context",
|
|
68
|
+
context,
|
|
69
|
+
"get",
|
|
70
|
+
"--raw=/version",
|
|
71
|
+
`--request-timeout=${timeoutMs}ms`,
|
|
72
|
+
];
|
|
73
|
+
}
|
|
74
|
+
|
|
54
75
|
export class DbService extends Context.Service<
|
|
55
76
|
DbService,
|
|
56
77
|
{
|
|
@@ -89,6 +110,7 @@ export class DbService extends Context.Service<
|
|
|
89
110
|
const kubectlNamespace = dbConfig.kubectl?.namespace;
|
|
90
111
|
const kubectlService = dbConfig.kubectl?.service ?? "postgresql";
|
|
91
112
|
const tunnelTimeoutMs = dbConfig.tunnelTimeoutMs ?? 5000;
|
|
113
|
+
const apiProbeTimeoutMs = dbConfig.apiProbeTimeoutMs ?? 2000;
|
|
92
114
|
const remotePort = dbConfig.remotePort ?? 5432;
|
|
93
115
|
|
|
94
116
|
const zshrcEnvCache = yield* Ref.make<Record<string, string> | null>(null);
|
|
@@ -326,6 +348,35 @@ export class DbService extends Context.Service<
|
|
|
326
348
|
return proc;
|
|
327
349
|
});
|
|
328
350
|
|
|
351
|
+
/**
|
|
352
|
+
* Cheap pre-flight check: is the Kubernetes API server reachable right now?
|
|
353
|
+
* Returns true when the probe is disabled (apiProbeTimeoutMs <= 0) or no context is
|
|
354
|
+
* configured, so behaviour is unchanged unless a probe can meaningfully run. A false
|
|
355
|
+
* result lets the direct (no-VPN) tunnel attempt bail fast and fall back to the VPN
|
|
356
|
+
* prerequisite instead of waiting out tunnelTimeoutMs on a silently hanging port-forward.
|
|
357
|
+
*/
|
|
358
|
+
const probeApiServerReachable = Effect.fn("DbService.probeApiServerReachable")(function* (
|
|
359
|
+
config: DbConfig,
|
|
360
|
+
) {
|
|
361
|
+
if (!kubectlContext || apiProbeTimeoutMs <= 0) {
|
|
362
|
+
return true;
|
|
363
|
+
}
|
|
364
|
+
|
|
365
|
+
const kubeconfig = yield* resolveKubeconfig(config.port).pipe(
|
|
366
|
+
Effect.orElseSucceed(() => undefined),
|
|
367
|
+
);
|
|
368
|
+
|
|
369
|
+
const result = yield* executeShellCommand(
|
|
370
|
+
ChildProcess.make(
|
|
371
|
+
"kubectl",
|
|
372
|
+
buildApiProbeArgs(kubeconfig, kubectlContext, apiProbeTimeoutMs),
|
|
373
|
+
{ stdout: "pipe", stderr: "pipe" },
|
|
374
|
+
),
|
|
375
|
+
).pipe(Effect.catch(() => Effect.succeed({ stdout: "", stderr: "", exitCode: 1 })));
|
|
376
|
+
|
|
377
|
+
return result.exitCode === 0;
|
|
378
|
+
});
|
|
379
|
+
|
|
329
380
|
const buildPsqlCommand = (
|
|
330
381
|
config: DbConfig,
|
|
331
382
|
sql: string,
|
|
@@ -606,6 +657,14 @@ export class DbService extends Context.Service<
|
|
|
606
657
|
|
|
607
658
|
return Effect.scoped(
|
|
608
659
|
Effect.gen(function* () {
|
|
660
|
+
const reachable = yield* probeApiServerReachable(config);
|
|
661
|
+
if (!reachable) {
|
|
662
|
+
return yield* new DbTunnelError({
|
|
663
|
+
message: `Kubernetes API server not reachable within ${apiProbeTimeoutMs}ms; skipping tunnel attempt (VPN likely not connected and not on the office network).`,
|
|
664
|
+
port: config.port,
|
|
665
|
+
});
|
|
666
|
+
}
|
|
667
|
+
|
|
609
668
|
const tunnelProc = yield* startTunnelProcess(config).pipe(
|
|
610
669
|
Effect.mapError(
|
|
611
670
|
(platformError) =>
|