mirror of
https://github.com/siderolabs/omni.git
synced 2025-08-07 18:17:00 +02:00
dfcbaae7d0
Omni is source-available under BUSL. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> Co-Authored-By: Artem Chernyshev <artem.chernyshev@talos-systems.com> Co-Authored-By: Utku Ozdemir <utku.ozdemir@siderolabs.com> Co-Authored-By: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com> Co-Authored-By: Philipp Sauter <philipp.sauter@siderolabs.com> Co-Authored-By: Noel Georgi <git@frezbo.dev> Co-Authored-By: evgeniybryzh <evgeniybryzh@gmail.com> Co-Authored-By: Tim Jones <tim.jones@siderolabs.com> Co-Authored-By: Andrew Rynhard <andrew@rynhard.io> Co-Authored-By: Spencer Smith <spencer.smith@talos-systems.com> Co-Authored-By: Christian Rolland <christian.rolland@siderolabs.com> Co-Authored-By: Gerard de Leeuw <gdeleeuw@leeuwit.nl> Co-Authored-By: Steve Francis <67986293+steverfrancis@users.noreply.github.com> Co-Authored-By: Volodymyr Mazurets <volodymyrmazureets@gmail.com>
79 lines
2.1 KiB
Go
79 lines
2.1 KiB
Go
// Copyright (c) 2024 Sidero Labs, Inc.
|
|
//
|
|
// Use of this software is governed by the Business Source License
|
|
// included in the LICENSE file.
|
|
|
|
// Package k8sproxy provides JWT-authenticated proxy to Kubernetes API server.
|
|
package k8sproxy
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
"go.uber.org/zap"
|
|
|
|
"github.com/siderolabs/omni/internal/backend/runtime"
|
|
"github.com/siderolabs/omni/internal/backend/runtime/kubernetes"
|
|
)
|
|
|
|
// clusterContextKey is a type for cluster name.
|
|
type clusterContextKey struct{}
|
|
|
|
// Handler implements the HTTP reverse proxy for Kubernetes clusters.
|
|
//
|
|
// Handler intercepts the request, verifies the authentication info and
|
|
// routes the request to matching Kubernetes cluster with impersonation headers.
|
|
//
|
|
// Handler itself implements httt.Handler interface.
|
|
type Handler struct {
|
|
multiplexer *multiplexer
|
|
chain http.Handler
|
|
}
|
|
|
|
// NewHandler creates a new Handler.
|
|
func NewHandler(keyFunc KeyProvider, clusterUUIDResolver ClusterUUIDResolver, logger *zap.Logger) (*Handler, error) {
|
|
multiplexer := newMultiplexer()
|
|
proxy := newProxyHandler(multiplexer, logger)
|
|
|
|
handler := &Handler{
|
|
multiplexer: multiplexer,
|
|
chain: AuthorizeRequest(proxy, keyFunc, clusterUUIDResolver),
|
|
}
|
|
|
|
type kubeRuntime interface {
|
|
RegisterCleanuper(kubernetes.ClusterCleanuper)
|
|
}
|
|
|
|
r, err := runtime.LookupInterface[kubeRuntime](kubernetes.Name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// register self as cluster cleanuper
|
|
r.RegisterCleanuper(handler)
|
|
|
|
return handler, nil
|
|
}
|
|
|
|
// ServeHTTP implements http.Handler interface.
|
|
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.chain.ServeHTTP(w, r)
|
|
}
|
|
|
|
// ClusterRemove implements ClusterCleanuper interface.
|
|
func (h *Handler) ClusterRemove(clusterName string) {
|
|
h.multiplexer.removeClusterConnector(clusterName)
|
|
}
|
|
|
|
// Describe implements prom.Collector interface.
|
|
func (h *Handler) Describe(ch chan<- *prometheus.Desc) {
|
|
h.multiplexer.Describe(ch)
|
|
}
|
|
|
|
// Collect implements prom.Collector interface.
|
|
func (h *Handler) Collect(ch chan<- prometheus.Metric) {
|
|
h.multiplexer.Collect(ch)
|
|
}
|
|
|
|
var _ prometheus.Collector = &Handler{}
|