Skip to content

Commit

Permalink
Feat: support proxy-url (#141)
Browse files Browse the repository at this point in the history
Signed-off-by: Yin Da <[email protected]>
  • Loading branch information
Somefive authored Apr 17, 2023
1 parent 8ab4e3b commit b827466
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 1 deletion.
2 changes: 2 additions & 0 deletions pkg/apis/cluster/v1alpha1/clustergateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ type ClusterEndpointConst struct {
// Insecure indicates the cluster should be access'd w/o verifying
// CA certificate at client-side.
Insecure *bool `json:"insecure,omitempty"`
// ProxyURL indicates the proxy url of the server
ProxyURL *string `json:"proxy-url,omitempty"`
}

type ClusterAccessCredential struct {
Expand Down
6 changes: 6 additions & 0 deletions pkg/apis/cluster/v1alpha1/clustergateway_types_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,10 @@ func convert(caData []byte, apiServerEndpoint string, insecure bool, secret *v1.
if !ok {
endpointType = string(ClusterEndpointTypeConst)
}
var proxyURL *string
if url, useProxy := secret.Data["proxy-url"]; useProxy && len(url) > 0 {
proxyURL = pointer.String(string(url))
}
switch ClusterEndpointType(endpointType) {
case ClusterEndpointTypeClusterProxy:
c.Spec.Access.Endpoint = &ClusterEndpoint{
Expand All @@ -206,6 +210,7 @@ func convert(caData []byte, apiServerEndpoint string, insecure bool, secret *v1.
Const: &ClusterEndpointConst{
Address: apiServerEndpoint,
Insecure: &insecure,
ProxyURL: proxyURL,
},
}
} else {
Expand All @@ -214,6 +219,7 @@ func convert(caData []byte, apiServerEndpoint string, insecure bool, secret *v1.
Const: &ClusterEndpointConst{
Address: apiServerEndpoint,
CABundle: caData,
ProxyURL: proxyURL,
},
}
}
Expand Down
12 changes: 11 additions & 1 deletion pkg/apis/cluster/v1alpha1/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ package v1alpha1
import (
"context"
"net"
"net/http"
"net/url"
"strconv"
"time"

"github.com/oam-dev/cluster-gateway/pkg/config"
"github.com/pkg/errors"
"google.golang.org/grpc"
grpccredentials "google.golang.org/grpc/credentials"
Expand All @@ -16,6 +16,8 @@ import (
restclient "k8s.io/client-go/rest"
konnectivity "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client"
"sigs.k8s.io/apiserver-network-proxy/pkg/util"

"github.com/oam-dev/cluster-gateway/pkg/config"
)

var DialerGetter = func(ctx context.Context) (k8snet.DialFunc, error) {
Expand Down Expand Up @@ -72,6 +74,14 @@ func NewConfigFromCluster(ctx context.Context, c *ClusterGateway) (*restclient.C
host = u.Host
}
cfg.ServerName = host // apiserver may listen on SNI cert

if c.Spec.Access.Endpoint.Const.ProxyURL != nil {
_url, _err := url.Parse(*c.Spec.Access.Endpoint.Const.ProxyURL)
if _err != nil {
return nil, _err
}
cfg.Proxy = http.ProxyURL(_url)
}
case ClusterEndpointTypeClusterProxy:
cfg.Host = c.Name // the same as the cluster name
cfg.Insecure = true
Expand Down
41 changes: 41 additions & 0 deletions pkg/apis/cluster/v1alpha1/transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package v1alpha1
import (
"context"
"net"
"net/http"
"net/url"
"testing"
"time"

Expand All @@ -19,6 +21,8 @@ func TestClusterRestConfigConversion(t *testing.T) {
testCAData := []byte(`test-ca`)
testCertData := []byte(`test-cert`)
testKeyData := []byte(`test-key`)
proxyURLData := []byte(`socks5://localhost:1080`)
proxyURL, _ := url.Parse(string(proxyURLData))
testDialFunc := func(ctx context.Context, net, addr string) (net.Conn, error) {
return nil, nil
}
Expand Down Expand Up @@ -179,6 +183,38 @@ func TestClusterRestConfigConversion(t *testing.T) {
},
},
},
{
name: "proxy-url should work",
clusterGateway: &ClusterGateway{
ObjectMeta: metav1.ObjectMeta{
Name: "my-cluster",
},
Spec: ClusterGatewaySpec{
Access: ClusterAccess{
Endpoint: &ClusterEndpoint{
Type: ClusterEndpointTypeConst,
Const: &ClusterEndpointConst{
Address: "https://foo.bar:33",
ProxyURL: pointer.String(string(proxyURLData)),
},
},
Credential: &ClusterAccessCredential{
Type: CredentialTypeServiceAccountToken,
ServiceAccountToken: testToken,
},
},
},
},
expectedCfg: &rest.Config{
Host: "https://foo.bar:33",
Timeout: 40 * time.Second,
BearerToken: testToken,
Proxy: http.ProxyURL(proxyURL),
TLSClientConfig: rest.TLSClientConfig{
ServerName: "foo.bar",
},
},
},
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
Expand All @@ -194,6 +230,11 @@ func TestClusterRestConfigConversion(t *testing.T) {
c.expectedCfg.Dial = nil
cfg.Dial = nil
}
if cfg.Proxy != nil {
assert.NotNil(t, c.expectedCfg.Proxy)
cfg.Proxy = nil
c.expectedCfg.Proxy = nil
}
assert.Equal(t, c.expectedCfg, cfg)
})
}
Expand Down

0 comments on commit b827466

Please sign in to comment.