Remove Gorilla WebSocket Intercept

Author: cooper-grc

docs/openapi/gateway.swagger.json

@@ -996,29 +996,6 @@
         }
       }
     },
-    "gatewayAttachToContainerRequest": {
-      "type": "object",
-      "properties": {
-        "containerId": {
-          "type": "string"
-        }
-      }
-    },
-    "gatewayAttachToContainerResponse": {
-      "type": "object",
-      "properties": {
-        "output": {
-          "type": "string"
-        },
-        "done": {
-          "type": "boolean"
-        },
-        "exitCode": {
-          "type": "integer",
-          "format": "int32"
-        }
-      }
-    },
     "gatewayAuthorizeResponse": {
       "type": "object",
       "properties": {
@@ -1056,20 +1033,6 @@
         }
       }
     },
-    "gatewayCheckpointContainerResponse": {
-      "type": "object",
-      "properties": {
-        "ok": {
-          "type": "boolean"
-        },
-        "checkpointId": {
-          "type": "string"
-        },
-        "errorMsg": {
-          "type": "string"
-        }
-      }
-    },
     "gatewayCordonWorkerResponse": {
       "type": "object",
       "properties": {
@@ -1837,20 +1800,6 @@
         }
       }
     },
-    "gatewayPutObjectResponse": {
-      "type": "object",
-      "properties": {
-        "ok": {
-          "type": "boolean"
-        },
-        "objectId": {
-          "type": "string"
-        },
-        "errorMsg": {
-          "type": "string"
-        }
-      }
-    },
     "gatewayScaleDeploymentResponse": {
       "type": "object",
       "properties": {
@@ -2005,39 +1954,6 @@
         }
       }
     },
-    "gatewaySyncContainerWorkspaceOperation": {
-      "type": "string",
-      "enum": [
-        "WRITE",
-        "DELETE",
-        "MOVED"
-      ],
-      "default": "WRITE"
-    },
-    "gatewaySyncContainerWorkspaceRequest": {
-      "type": "object",
-      "properties": {
-        "containerId": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        },
-        "newPath": {
-          "type": "string"
-        },
-        "isDir": {
-          "type": "boolean"
-        },
-        "data": {
-          "type": "string",
-          "format": "byte"
-        },
-        "op": {
-          "$ref": "#/definitions/gatewaySyncContainerWorkspaceOperation"
-        }
-      }
-    },
     "gatewayTask": {
       "type": "object",
       "properties": {

docs/openapi/pod.swagger.json

@@ -857,6 +857,46 @@
           "PodService"
         ]
       }
+    },
+    "/pods/{stubId}/events": {
+      "get": {
+        "operationId": "PodService_SandboxListEvents",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/podPodSandboxListEventsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "stubId",
+            "in": "path",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "searchAfter",
+            "in": "query",
+            "required": false,
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "collectionFormat": "multi"
+          }
+        ],
+        "tags": [
+          "PodService"
+        ]
+      }
     }
   },
   "definitions": {
@@ -1103,6 +1143,36 @@
         }
       }
     },
+    "podPodSandboxEvent": {
+      "type": "object",
+      "properties": {
+        "id": {
+          "type": "string"
+        },
+        "time": {
+          "type": "string"
+        },
+        "type": {
+          "type": "string"
+        },
+        "status": {
+          "type": "string"
+        },
+        "containerId": {
+          "type": "string"
+        },
+        "workerId": {
+          "type": "string"
+        },
+        "stubId": {
+          "type": "string"
+        },
+        "exitCode": {
+          "type": "integer",
+          "format": "int32"
+        }
+      }
+    },
     "podPodSandboxExecResponse": {
       "type": "object",
       "properties": {
@@ -1194,6 +1264,30 @@
         }
       }
     },
+    "podPodSandboxListEventsResponse": {
+      "type": "object",
+      "properties": {
+        "ok": {
+          "type": "boolean"
+        },
+        "errorMsg": {
+          "type": "string"
+        },
+        "events": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "$ref": "#/definitions/podPodSandboxEvent"
+          }
+        },
+        "nextCursor": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "podPodSandboxListFilesResponse": {
       "type": "object",
       "properties": {

manifests/kustomize/components/monitoring/victoria-metrics.yaml

@@ -46,7 +46,7 @@ valuesInline:
       regex: true
     - source_labels: [__meta_kubernetes_pod_container_port_number]
       action: keep
-      regex: 9090
+      regex: (9090|8112)
 ---
 apiVersion: builtin
 kind: HelmChartInflationGenerator

pkg/abstractions/pod/pod.proto

@@ -157,6 +157,12 @@ service PodService {
       get : "/pods/{container_id}/urls"
     };
   }
+  rpc SandboxListEvents(PodSandboxListEventsRequest)
+      returns (PodSandboxListEventsResponse) {
+    option (google.api.http) = {
+      get : "/pods/{stub_id}/events"
+    };
+  }
 }
 
 message CreatePodRequest {
@@ -418,4 +424,27 @@ message PodSandboxListUrlsResponse {
   bool ok = 1;
   map<int32, string> urls = 2;
   string error_msg = 3;
+}
+
+message PodSandboxListEventsRequest {
+  string stub_id = 1;
+  repeated string search_after = 2;
+}
+
+message PodSandboxListEventsResponse {
+  bool ok = 1;
+  string error_msg = 2;
+  repeated PodSandboxEvent events = 3;
+  repeated string next_cursor = 4;
+}
+
+message PodSandboxEvent {
+  string id = 1;
+  string time = 2;
+  string type = 3;
+  string status = 4;
+  string container_id = 5;
+  string worker_id = 6;
+  string stub_id = 7;
+  int32 exit_code = 8;
 }

pkg/abstractions/pod/proxy.go

@@ -298,90 +298,40 @@ func (pb *PodProxyBuffer) handleConnection(conn *connection) {
 	}
 	defer pb.decrementContainerConnections(container.id)
 
-	// If it's a websocket request, upgrade the connection
-	if websocket.IsWebSocketUpgrade(request) {
-		pb.proxyWebSocket(conn, container, targetHost, subPath)
-		return
-	}
-
-	// Otherwise, use regular HTTP proxying
 	targetURL, err := url.Parse("http://" + targetHost)
 	if err != nil {
 		conn.ctx.String(http.StatusInternalServerError, "Invalid target URL")
 		return
 	}
 
+	isWebSocket := websocket.IsWebSocketUpgrade(request)
+
 	proxy := httputil.NewSingleHostReverseProxy(targetURL)
 	proxy.Transport = &http.Transport{
 		DialContext: func(ctx context.Context, networkType, addr string) (net.Conn, error) {
 			conn, err := network.ConnectToHost(ctx, addr, containerDialTimeoutDurationS, pb.tailscale, pb.tsConfig)
 			if err == nil {
-				abstractions.SetConnOptions(conn, true, connectionKeepAliveInterval, connectionReadTimeout)
+				readTimeout := connectionReadTimeout
+				if isWebSocket {
+					readTimeout = -1 // No read deadline for WebSocket connections
+				}
+				abstractions.SetConnOptions(conn, true, connectionKeepAliveInterval, readTimeout)
 			}
 			return conn, err
 		},
 	}
+	proxy.FlushInterval = -1 // Flush immediately for streaming/SSE
 
 	defer func() {
 		if r := recover(); r != nil {
 			log.Error().Err(err).Str("stubId", pb.stubId).Str("workspace", pb.workspace.Name).Msg("handled abort in pod proxy")
 		}
 	}()
 
-	proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) {}
-	proxy.ServeHTTP(response, request)
-}
-
-func (pb *PodProxyBuffer) proxyWebSocket(conn *connection, container container, addr string, path string) error {
-	subprotocols := websocket.Subprotocols(conn.ctx.Request())
-
-	upgrader := websocket.Upgrader{
-		CheckOrigin: func(r *http.Request) bool {
-			return true // Allow all origins
-		},
-		Subprotocols: subprotocols,
-	}
-
-	clientConn, err := upgrader.Upgrade(conn.ctx.Response().Writer, conn.ctx.Request(), nil)
-	if err != nil {
-		return err
+	proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) {
+		log.Error().Err(err).Str("stubId", pb.stubId).Msg("pod proxy error")
 	}
-	defer clientConn.Close()
-
-	wsURL := url.URL{Scheme: "ws", Host: addr, Path: path, RawQuery: conn.ctx.Request().URL.RawQuery}
-	dstDialer := websocket.Dialer{
-		NetDialContext: network.GetDialer(addr, pb.tailscale, pb.tsConfig),
-		Subprotocols:   subprotocols,
-	}
-
-	serverConn, _, err := dstDialer.Dial(wsURL.String(), nil)
-	if err != nil {
-		return err
-	}
-	defer serverConn.Close()
-
-	wg := sync.WaitGroup{}
-	wg.Add(2)
-
-	proxyMessages := func(src, dst *websocket.Conn) {
-		defer wg.Done()
-
-		for {
-			messageType, message, err := src.ReadMessage()
-			if err != nil {
-				break
-			}
-			if err := dst.WriteMessage(messageType, message); err != nil {
-				break
-			}
-		}
-	}
-
-	go proxyMessages(clientConn, serverConn)
-	go proxyMessages(serverConn, clientConn)
-
-	wg.Wait()
-	return nil
+	proxy.ServeHTTP(response, request)
 }
 
 func (pb *PodProxyBuffer) discoverContainers() {