-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathwebui_command.go
72 lines (65 loc) · 2.3 KB
/
webui_command.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package main
import (
"os"
"time"
"github.com/ccremer/clustercode/pkg/webui"
"github.com/lestrrat-go/jwx/v2/jwt"
"github.com/urfave/cli/v2"
)
const apiUrlFlag = "api-url"
func newWebuiCommand() *cli.Command {
command := &webui.Command{}
return &cli.Command{
Name: "webui",
Usage: "Start clustercode frontend web server",
Before: discoverKubernetesAPI,
Action: func(ctx *cli.Context) error {
command.Log = AppLogger(ctx).WithName(ctx.Command.Name)
return command.Execute(ctx.Context)
},
Flags: []cli.Flag{
&cli.StringFlag{Name: apiUrlFlag, EnvVars: envVars("API_URL"),
Usage: "Full base URL of the Kubernetes API server that is being proxied. If empty, the proxy is disabled. If set to 'auto', it will try to discover it using the service account token.",
Value: "auto",
Destination: &command.ApiURL,
},
&cli.BoolFlag{Name: "api-tls-skip-verify", EnvVars: envVars("API_TLS_SKIP_VERIFY"),
Usage: "Whether the certificate verification of the Kubernetes API server should be verified",
Destination: &command.ApiTLSSkipVerify,
},
&cli.PathFlag{Name: "sa-token-path", EnvVars: envVars("API_SA_TOKEN_PATH"),
Usage: "Path to the Kubernetes Service Account token secret for auto-discovery",
Value: "/var/run/secrets/kubernetes.io/serviceaccount/token",
},
&cli.DurationFlag{Name: "auth-cookie-max-age", EnvVars: envVars("AUTH_COOKIE_MAX_AGE"),
Usage: "Duration of authentication cookie(s) when logging in to web UI. Accepts units [h, m, s]. If 0 or negative, cookies are disabled",
Value: 24 * time.Hour,
Destination: &command.AuthCookieMaxAge,
},
},
}
}
func discoverKubernetesAPI(ctx *cli.Context) error {
_ = LogMetadata(ctx)
log := AppLogger(ctx).WithName(ctx.Command.Name)
if ctx.String(apiUrlFlag) != "auto" {
return nil
}
path := ctx.String("sa-token-path")
raw, err := os.ReadFile(path)
if err != nil {
log.Info("Cannot read the token", "error", err.Error())
return ctx.Set(apiUrlFlag, "")
}
token, err := jwt.Parse(raw, jwt.WithVerify(false))
if err != nil {
log.Info("Cannot parse the token", "error", err.Error())
return ctx.Set(apiUrlFlag, "")
}
aud := token.Audience()
if len(aud) > 0 {
log.Info("Discovered Kubernetes API URL", "url", aud[0])
return ctx.Set(apiUrlFlag, aud[0])
}
return nil
}