fix: etcd client terseness

These changes surface the connection error that occurs inside the etcd
client when a misconfiguration occurs (such as invalid TLS certificates,
or an `address` that does not match one of the valid SANs).

controlplane/kubeadm/internal/proxy/conn.go

@@ -17,22 +17,32 @@ limitations under the License.
 package proxy
 
 import (
+	"fmt"
+	"io"
+	"io/ioutil"
 	"net"
 	"time"
 
 	"k8s.io/apimachinery/pkg/util/httpstream"
+	"k8s.io/apimachinery/pkg/util/runtime"
 )
 
 // Conn is a Kubernetes API server proxied type of net/conn
 type Conn struct {
 	stream        httpstream.Stream
+	errChan       chan error
 	readDeadline  time.Time
 	writeDeadline time.Time
 }
 
 // Read from the connection
 func (c Conn) Read(b []byte) (n int, err error) {
-	return c.stream.Read(b)
+	select {
+	case err := <-c.errChan:
+		return 0, err
+	default:
+		return c.stream.Read(b)
+	}
 }
 
 // Close the underlying proxied connection
@@ -42,7 +52,12 @@ func (c Conn) Close() error {
 
 // Write to the connection
 func (c Conn) Write(b []byte) (n int, err error) {
-	return c.stream.Write(b)
+	select {
+	case err := <-c.errChan:
+		return 0, err
+	default:
+		return c.stream.Write(b)
+	}
 }
 
 // Return a fake address representing the proxied connection
@@ -77,8 +92,24 @@ func (c Conn) SetReadDeadline(t time.Time) error {
 
 // NewConn creates a new net/conn interface based on an underlying Kubernetes
 // API server proxy connection
-func NewConn(stream httpstream.Stream) Conn {
+func NewConn(stream httpstream.Stream, errorStream httpstream.Stream) Conn {
+	errChan := make(chan error)
+
+	go func() {
+		defer runtime.HandleCrash()
+
+		message, err := ioutil.ReadAll(errorStream)
+		switch {
+		case err != nil && err != io.EOF:
+			errChan <- fmt.Errorf("error reading from error stream: %s", err)
+		case len(message) > 0:
+			errChan <- fmt.Errorf("read error from stream: %s", string(message))
+		}
+		close(errChan)
+	}()
+
 	return Conn{
-		stream: stream,
+		stream:  stream,
+		errChan: errChan,
 	}
 }

controlplane/kubeadm/internal/proxy/dial.go

@@ -83,7 +83,7 @@ func (d *Dialer) DialContextWithAddr(ctx context.Context, addr string) (net.Conn
 
 // DialContext creates proxied port-forwarded connections.
 // ctx is currently unused, but fulfils the type signature used by GRPC.
-func (d *Dialer) DialContext(_ context.Context, network string, addr string) (net.Conn, error) {
+func (d *Dialer) DialContext(_ context.Context, network string, _ string) (net.Conn, error) {
 	req := d.clientset.CoreV1().RESTClient().
 		Post().
 		Resource(d.proxy.Kind).
@@ -117,7 +117,7 @@ func (d *Dialer) DialContext(_ context.Context, network string, addr string) (ne
 		return nil, errors.Wrap(err, "error creating forwarding stream")
 	}
 
-	c := NewConn(dataStream)
+	c := NewConn(dataStream, errorStream)
 
 	return c, nil
 }

go.mod

@@ -46,3 +46,5 @@ require (
 	sigs.k8s.io/controller-runtime v0.5.0
 	sigs.k8s.io/yaml v1.1.0
 )
+
+replace google.golang.org/grpc => github.com/sethp-nr/grpc-go v0.0.0-20200228215221-53b5c65ead5f