Remove expected kube_server, app, database and installer watc…

…hers for remote proxies (#17212) V10 Leaf clusters when connecting to a V11 Root cluster failed to initialize because they do not have `kube_server` resources defined. This PR bumps the OLD remote proxy to versions <11 and removes the expected `kube_server` watcher. It also removes `types.KindInstaller`, `types.KindDatabase`, and `types.KindApp` watchers from Remote Proxies since they do not affect remote reverse tunnels tracked from leaf clusters. Fix incompatibility with pre/post v10.2.1 versions as the `types.KindInstaller` feature did not exist in older versions. Fixes #17211 Fixes #17219
gravitational · Oct 10, 2022 · 335faae · 335faae
1 parent acad233
commit 335faae
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 17 deletions.
diff --git a/lib/cache/cache.go b/lib/cache/cache.go
@@ -171,20 +171,17 @@ func ForRemoteProxy(cfg Config) Config {
 		{Kind: types.KindTunnelConnection},
 		{Kind: types.KindAppServer},
 		{Kind: types.KindAppServer, Version: types.V2},
-		{Kind: types.KindApp},
 		{Kind: types.KindRemoteCluster},
 		{Kind: types.KindKubeService},
 		{Kind: types.KindDatabaseServer},
-		{Kind: types.KindDatabase},
 		{Kind: types.KindKubeServer},
-		{Kind: types.KindInstaller},
-		{Kind: types.KindKubernetesCluster},
 	}
 	cfg.QueueSize = defaults.ProxyQueueSize
 	return cfg
 }
 
 // ForOldRemoteProxy sets up watch configuration for older remote proxies.
+// The Watches defined here are a copy of those defined in ForRemoteProxy in the v10 branch.
 func ForOldRemoteProxy(cfg Config) Config {
 	cfg.target = "remote-proxy-old"
 	cfg.Watches = []types.WatchKind{
@@ -202,11 +199,11 @@ func ForOldRemoteProxy(cfg Config) Config {
 		{Kind: types.KindAuthServer},
 		{Kind: types.KindReverseTunnel},
 		{Kind: types.KindTunnelConnection},
+		{Kind: types.KindAppServer},
 		{Kind: types.KindAppServer, Version: types.V2},
 		{Kind: types.KindRemoteCluster},
 		{Kind: types.KindKubeService},
 		{Kind: types.KindDatabaseServer},
-		{Kind: types.KindKubeServer},
 	}
 	cfg.QueueSize = defaults.ProxyQueueSize
 	return cfg

diff --git a/lib/reversetunnel/srv.go b/lib/reversetunnel/srv.go
@@ -1167,12 +1167,11 @@ func newRemoteSite(srv *server, domainName string, sconn ssh.Conn) (*remoteSite,
 }
 
 // createRemoteAccessPoint creates a new access point for the remote cluster.
-// Checks if the cluster that is connecting is a pre-v8 cluster. If it is,
-// don't assume the newer organization of cluster configuration resources
-// (RFD 28) because older proxy servers will reject that causing the cache
-// to go into a re-sync loop.
+// Checks if the cluster that is connecting is a pre-v11 cluster. If it is,
+// we disable the watcher for types.KindKubeServer and types.KindKubeCluster resources
+// since both resources are not supported in a v10 leaf cluster.
 func createRemoteAccessPoint(srv *server, clt auth.ClientI, version, domainName string) (auth.RemoteProxyAccessPoint, error) {
-	ok, err := utils.MinVerWithoutPreRelease(version, utils.VersionBeforeAlpha("8.0.0"))
+	ok, err := utils.MinVerWithoutPreRelease(version, utils.VersionBeforeAlpha("11.0.0"))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}

diff --git a/lib/reversetunnel/srv_test.go b/lib/reversetunnel/srv_test.go
@@ -168,19 +168,20 @@ func TestCreateRemoteAccessPoint(t *testing.T) {
 			assertion: require.Error,
 		},
 		{
-			name:      "remote running 9.0.0",
+			name:      "remote running 11.0.0",
 			assertion: require.NoError,
-			version:   "9.0.0",
+			version:   "11.0.0",
 		},
 		{
-			name:      "remote running 8.0.0",
-			assertion: require.NoError,
-			version:   "8.0.0",
+			name:           "remote running 10.0.0",
+			assertion:      require.NoError,
+			version:        "10.0.0",
+			oldRemoteProxy: true,
 		},
 		{
-			name:           "remote running 7.0.0",
+			name:           "remote running 9.0.0",
 			assertion:      require.NoError,
-			version:        "7.0.0",
+			version:        "9.0.0",
 			oldRemoteProxy: true,
 		},
 		{