Allow KubeApi connect directly to remote k8s (#3766)

* allow KubeApi to connect directly to remote k8s Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * backward compat Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * backward compat Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>

Allow KubeApi connect directly to remote k8s (#3766)
* allow KubeApi to connect directly to remote k8s Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * backward compat Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * backward compat Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
3262b139 · Jari Kolehmainen · GitHub · 7bd0fed9 · 3262b139 · 3262b139
Unverified Commit 3262b139 authored 3 years ago by Jari Kolehmainen Committed by GitHub 3 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 93 additions and 5 deletions
+93 -5
--- a/src/common/k8s-api/__tests__/kube-api.test.ts
+++ b/src/common/k8s-api/__tests__/kube-api.test.ts
@@ -19,10 +19,36 @@
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

-import { KubeApi } from "../kube-api";
+import { Pod } from "../endpoints/pods.api";
+import { forRemoteCluster, KubeApi } from "../kube-api";
 import { KubeJsonApi } from "../kube-json-api";
 import { KubeObject } from "../kube-object";

+describe("forRemoteCluster", () => {
+  it("builds api client", async (done) => {
+    const api = forRemoteCluster({
+      cluster: {
+        server: "https://127.0.0.1:6443"
+      },
+      user: {
+        token: "daa"
+      }
+    }, Pod);
+
+    (fetch as any).mockResponse(async (request: any) => {
+      expect(request.url).toEqual("https://127.0.0.1:6443/api/v1/pods");
+
+      done();
+
+      return {
+        body: ""
+      };
+    });
+
+    await api.list();
+  });
+});
+
 describe("KubeApi", () => {
  let request: KubeJsonApi;


--- a/src/common/k8s-api/kube-api.ts
+++ b/src/common/k8s-api/kube-api.ts
@@ -35,6 +35,7 @@ import { KubeJsonApi, KubeJsonApiData } from "./kube-json-api";
 import { noop } from "../utils";
 import type { RequestInit } from "node-fetch";
 import AbortController from "abort-controller";
+import { Agent, AgentOptions } from "https";

 export interface IKubeApiOptions<T extends KubeObject> {
  /**
@@ -89,13 +90,31 @@ export interface IKubeResourceList {
  }[];
 }

-export interface IKubeApiCluster {
+export interface ILocalKubeApiConfig {
  metadata: {
    uid: string;
  }
 }

-export function forCluster<T extends KubeObject>(cluster: IKubeApiCluster, kubeClass: KubeObjectConstructor<T>): KubeApi<T> {
+/**
+ * @deprecated
+ */
+export interface IKubeApiCluster extends ILocalKubeApiConfig {}
+
+export interface IRemoteKubeApiConfig {
+  cluster: {
+    server: string;
+    caData?: string;
+    skipTLSVerify?: boolean;
+  }
+  user: {
+    token?: string;
+    clientCertificateData?: string;
+    clientKeyData?: string;
+  }
+}
+
+export function forCluster<T extends KubeObject>(cluster: ILocalKubeApiConfig, kubeClass: KubeObjectConstructor<T>): KubeApi<T> {
  const url = new URL(apiBase.config.serverAddress);
  const request = new KubeJsonApi({
    serverAddress: apiBase.config.serverAddress,
@@ -113,6 +132,49 @@ export function forCluster<T extends KubeObject>(cluster: IKubeApiCluster, kubeC
  });
 }

+export function forRemoteCluster<T extends KubeObject>(config: IRemoteKubeApiConfig, kubeClass: KubeObjectConstructor<T>): KubeApi<T> {
+  const reqInit: RequestInit = {};
+
+  if (config.user.token) {
+    reqInit.headers = {
+      "Authorization": `Bearer ${config.user.token}`
+    };
+  }
+
+  const agentOptions: AgentOptions = {};
+
+  if (config.cluster.skipTLSVerify === true) {
+    agentOptions.rejectUnauthorized = false;
+  }
+
+  if (config.user.clientCertificateData) {
+    agentOptions.cert = config.user.clientCertificateData;
+  }
+
+  if (config.user.clientKeyData) {
+    agentOptions.key = config.user.clientKeyData;
+  }
+
+  if (config.cluster.caData) {
+    agentOptions.ca = config.cluster.caData;
+  }
+
+  if (Object.keys(agentOptions).length > 0) {
+    reqInit.agent = new Agent(agentOptions);
+  }
+
+  const request = new KubeJsonApi({
+    serverAddress: config.cluster.server,
+    apiBase: "",
+    debug: isDevelopment,
+  }, reqInit);
+
+  return new KubeApi({
+    objectConstructor: kubeClass,
+    request
+  });
+}
+
 export function ensureObjectSelfLink(api: KubeApi<KubeObject>, object: KubeJsonApiData) {
  if (!object.metadata.selfLink) {
    object.metadata.selfLink = createKubeApiURL({

--- a/src/extensions/main-api/k8s-api.ts
+++ b/src/extensions/main-api/k8s-api.ts
@@ -56,6 +56,6 @@ export { ClusterRoleBinding, clusterRoleBindingApi } from "../../common/k8s-api/
 export { CustomResourceDefinition, crdApi } from "../../common/k8s-api/endpoints/crd.api";

 // types
-export type { IKubeApiCluster } from "../../common/k8s-api/kube-api";
+export type { ILocalKubeApiConfig, IRemoteKubeApiConfig, IKubeApiCluster } from "../../common/k8s-api/kube-api";
 export type { IPodContainer, IPodContainerStatus } from "../../common/k8s-api/endpoints/pods.api";
 export type { ISecretRef } from "../../common/k8s-api/endpoints/secret.api";
--- a/src/extensions/renderer-api/k8s-api.ts
+++ b/src/extensions/renderer-api/k8s-api.ts
@@ -57,7 +57,7 @@ export { CustomResourceDefinition, crdApi } from "../../common/k8s-api/endpoints
 export { KubeObjectStatusLevel } from "./kube-object-status";

 // types
-export type { IKubeApiCluster } from "../../common/k8s-api/kube-api";
+export type { ILocalKubeApiConfig, IRemoteKubeApiConfig, IKubeApiCluster } from "../../common/k8s-api/kube-api";
 export type { IPodContainer, IPodContainerStatus } from "../../common/k8s-api/endpoints";
 export type { ISecretRef } from "../../common/k8s-api/endpoints";
 export type { KubeObjectStatus } from "./kube-object-status";