add proxy endpoint

deads2k · deads2k · commit 47d68be9bb66 · 2017-11-09T16:09:52.000-05:00
diff --git a/pkg/cmd/server/origin/master.go b/pkg/cmd/server/origin/master.go
@@ -16,6 +16,8 @@ import (
 	kubeapiserver "k8s.io/kubernetes/pkg/master"
 	kcorestorage "k8s.io/kubernetes/pkg/registry/core/rest"
 
+	"io/ioutil"
+
 	assetapiserver "github.com/openshift/origin/pkg/assets/apiserver"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
@@ -153,6 +155,19 @@ func (c *MasterConfig) newAssetServerHandler(genericConfig *apiserver.Config) (h
 		return http.NotFoundHandler(), nil
 	}
 
+	if WebConsoleProxy() {
+		fmt.Printf("#### installing the webconsole proxy")
+		caBundle, err := ioutil.ReadFile(c.Options.ControllerConfig.ServiceServingCert.Signer.CertFile)
+		if err != nil {
+			return nil, err
+		}
+		proxyHandler, err := NewWebConsoleProxyHandler(aggregatorapiserver.NewClusterIPServiceResolver(c.ClientGoKubeInformers.Core().V1().Services().Lister()), caBundle)
+		if err != nil {
+			return nil, err
+		}
+		return proxyHandler, nil
+	}
+
 	config, err := NewAssetServerConfigFromMasterConfig(c.Options)
 	if err != nil {
 		return nil, err
diff --git a/pkg/cmd/server/origin/master_config.go b/pkg/cmd/server/origin/master_config.go
@@ -30,6 +30,7 @@ import (
 	kubernetes "github.com/openshift/origin/pkg/cmd/server/kubernetes/master"
 	originadmission "github.com/openshift/origin/pkg/cmd/server/origin/admission"
 	originrest "github.com/openshift/origin/pkg/cmd/server/origin/rest"
+	"github.com/openshift/origin/pkg/cmd/util"
 	imageadmission "github.com/openshift/origin/pkg/image/admission"
 	imageapi "github.com/openshift/origin/pkg/image/apis/image"
 	imageinformer "github.com/openshift/origin/pkg/image/generated/informers/internalversion"
@@ -39,6 +40,8 @@ import (
 	quotainformer "github.com/openshift/origin/pkg/quota/generated/informers/internalversion"
 	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
 
+	"strings"
+
 	securityinformer "github.com/openshift/origin/pkg/security/generated/informers/internalversion"
 	"github.com/openshift/origin/pkg/service"
 	"github.com/openshift/origin/pkg/util/restoptions"
@@ -259,3 +262,10 @@ func (c *MasterConfig) WebConsoleEnabled() bool {
 func (c *MasterConfig) WebConsoleStandalone() bool {
 	return c.Options.AssetConfig.ServingInfo.BindAddress != c.Options.ServingInfo.BindAddress
 }
+
+func WebConsoleProxy() bool {
+	if false {
+		return strings.EqualFold(util.Env("OS_WEB_CONSOLE_PROXY", "false"), "true")
+	}
+	return true
+}
diff --git a/pkg/cmd/server/origin/webconsole_proxy.go b/pkg/cmd/server/origin/webconsole_proxy.go
@@ -0,0 +1,92 @@
+package origin
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	utilnet "k8s.io/apimachinery/pkg/util/net"
+	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
+	genericrest "k8s.io/apiserver/pkg/registry/generic/rest"
+	restclient "k8s.io/client-go/rest"
+)
+
+// A ServiceResolver knows how to get a URL given a service.
+type ServiceResolver interface {
+	ResolveEndpoint(namespace, name string) (*url.URL, error)
+}
+
+// proxyHandler provides a http.Handler which will proxy traffic to locations
+// specified by items implementing Redirector.
+type webConsoleProxyHandler struct {
+	// Endpoints based routing to map from cluster IP to routable IP
+	serviceResolver ServiceResolver
+
+	// proxyRoundTripper is the re-useable portion of the transport.  It does not vary with any request.
+	proxyRoundTripper http.RoundTripper
+
+	restConfig *restclient.Config
+}
+
+const (
+	serviceName      = "webconsole"
+	serviceNamespace = "openshift-web-console"
+)
+
+func NewWebConsoleProxyHandler(serviceResolver ServiceResolver, caBundle []byte) (*webConsoleProxyHandler, error) {
+	restConfig := &restclient.Config{
+		TLSClientConfig: restclient.TLSClientConfig{
+			ServerName: serviceName + "." + serviceNamespace + ".svc",
+			CAData:     caBundle,
+		},
+	}
+	proxyRoundTripper, err := restclient.TransportFor(restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &webConsoleProxyHandler{
+		serviceResolver:   serviceResolver,
+		proxyRoundTripper: proxyRoundTripper,
+		restConfig:        restConfig,
+	}, nil
+}
+
+func (r *webConsoleProxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	// write a new location based on the existing request pointed at the target service
+	location := &url.URL{}
+	location.Scheme = "https"
+	rloc, err := r.serviceResolver.ResolveEndpoint(serviceNamespace, serviceName)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("missing route (%s)", err.Error()), http.StatusInternalServerError)
+		return
+	}
+	location.Host = rloc.Host
+	location.Path = req.URL.Path
+	location.RawQuery = req.URL.Query().Encode()
+
+	// WithContext creates a shallow clone of the request with the new context.
+	newReq := req.WithContext(context.Background())
+	newReq.Header = utilnet.CloneHeader(req.Header)
+	newReq.URL = location
+
+	handler := genericrest.NewUpgradeAwareProxyHandler(location, r.proxyRoundTripper, true, false, &responder{w: w})
+	handler.ServeHTTP(w, newReq)
+}
+
+// responder implements rest.Responder for assisting a connector in writing objects or errors.
+type responder struct {
+	w http.ResponseWriter
+}
+
+// TODO this should properly handle content type negotiation
+// if the caller asked for protobuf and you write JSON bad things happen.
+func (r *responder) Object(statusCode int, obj runtime.Object) {
+	responsewriters.WriteRawJSON(statusCode, obj, r.w)
+}
+
+func (r *responder) Error(err error) {
+	http.Error(r.w, err.Error(), http.StatusInternalServerError)
+}
