forked from ccremer/clustercode
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwebui_command.go
More file actions
72 lines (65 loc) · 2.3 KB
/
webui_command.go
File metadata and controls
72 lines (65 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package main
import (
"os"
"time"
"github.com/ccremer/clustercode/pkg/webui"
"github.com/lestrrat-go/jwx/v2/jwt"
"github.com/urfave/cli/v2"
)
const apiUrlFlag = "api-url"
func newWebuiCommand() *cli.Command {
command := &webui.Command{}
return &cli.Command{
Name: "webui",
Usage: "Start clustercode frontend web server",
Before: discoverKubernetesAPI,
Action: func(ctx *cli.Context) error {
command.Log = AppLogger(ctx).WithName(ctx.Command.Name)
return command.Execute(ctx.Context)
},
Flags: []cli.Flag{
&cli.StringFlag{Name: apiUrlFlag, EnvVars: envVars("API_URL"),
Usage: "Full base URL of the Kubernetes API server that is being proxied. If empty, the proxy is disabled. If set to 'auto', it will try to discover it using the service account token.",
Value: "auto",
Destination: &command.ApiURL,
},
&cli.BoolFlag{Name: "api-tls-skip-verify", EnvVars: envVars("API_TLS_SKIP_VERIFY"),
Usage: "Whether the certificate verification of the Kubernetes API server should be verified",
Destination: &command.ApiTLSSkipVerify,
},
&cli.PathFlag{Name: "sa-token-path", EnvVars: envVars("API_SA_TOKEN_PATH"),
Usage: "Path to the Kubernetes Service Account token secret for auto-discovery",
Value: "/var/run/secrets/kubernetes.io/serviceaccount/token",
},
&cli.DurationFlag{Name: "auth-cookie-max-age", EnvVars: envVars("AUTH_COOKIE_MAX_AGE"),
Usage: "Duration of authentication cookie(s) when logging in to web UI. Accepts units [h, m, s]. If 0 or negative, cookies are disabled",
Value: 24 * time.Hour,
Destination: &command.AuthCookieMaxAge,
},
},
}
}
func discoverKubernetesAPI(ctx *cli.Context) error {
_ = LogMetadata(ctx)
log := AppLogger(ctx).WithName(ctx.Command.Name)
if ctx.String(apiUrlFlag) != "auto" {
return nil
}
path := ctx.String("sa-token-path")
raw, err := os.ReadFile(path)
if err != nil {
log.Info("Cannot read the token", "error", err.Error())
return ctx.Set(apiUrlFlag, "")
}
token, err := jwt.Parse(raw, jwt.WithVerify(false))
if err != nil {
log.Info("Cannot parse the token", "error", err.Error())
return ctx.Set(apiUrlFlag, "")
}
aud := token.Audience()
if len(aud) > 0 {
log.Info("Discovered Kubernetes API URL", "url", aud[0])
return ctx.Set(apiUrlFlag, aud[0])
}
return nil
}