Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix (kubernetes-client-api) : Config should use proxy-url in kubeconfig's cluster configuration #6289

Merged
merged 1 commit into from
Aug 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* Fix #6052: Removed dependency on no longer maintained com.github.mifmif:generex

#### New Features
* Fix #6150: Config uses `proxy-url` in kubeconfig's cluster configuration

#### _**Note**_: Breaking changes
* Check detailed migration documentation for breaking changes in [7.0.0](./doc/MIGRATION-v7.md)
Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ System properties are preferred over environment variables. The following system
| `kubernetes.keystore.passphrase` / `KUBERNETES_KEYSTORE_PASSPHRASE` | | |
| `kubernetes.backwardsCompatibilityInterceptor.disable` / `KUBERNETES_BACKWARDSCOMPATIBILITYINTERCEPTOR_DISABLE` | Disable the `BackwardsCompatibilityInterceptor` | `true` |
| `no.proxy` / `NO_PROXY` | comma-separated list of domain extensions [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) should not be used for | |
| `http.proxy` / `HTTP_PROXY` | URL to the [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) for HTTP requests (See [Proxy precedence](./doc/FAQ.md#how-does-kubernetesclient-loads-proxy-url-from-various-sources)) | |
| `https.proxy` / `HTTPS_PROXY` | URL to the [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) for HTTPS requests (See [Proxy precedence](./doc/FAQ.md#how-does-kubernetesclient-loads-proxy-url-from-various-sources)) | |

Alternatively you can use the `ConfigBuilder` to create a config object for the Kubernetes client:

Expand Down
11 changes: 11 additions & 0 deletions doc/FAQ.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,17 @@ we should provide it like this:
NO_PROXY: localhost,127.0.0.1,.google.com,.github.com
```

### How does KubernetesClient loads proxy URL from various sources?

KubernetesClient loads proxy URL from the following sources (in decreasing order of precedence):
- `ConfigBuilder.withHttpProxy` / `ConfigBuilder.withHttpsProxy`
- Cluster's `proxy-url` in `~/.kube/config`
- System Properties or Environment Variables
- `HTTP_PROXY` : Should be used for HTTP requests (when Kubernetes ApiServer is serving plain HTTP requests)
- `HTTPS_PROXY` : Should be used for HTTPS requests (when Kubernetes ApiServer is serving HTTPS)

URLs with `http`, `https`, and `socks5` schemes are supported.

### Optimistic Locking Behavior

Unfortunately it's a little complicated as it depends on what operation you are doing - we'll work towards ensuring the Javadocs are as informative as possible. Here is quick overview:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ public class Config {
private static final int DEFAULT_WATCH_RECONNECT_INTERVAL = 1000;
private static final int DEFAULT_CONNECTION_TIMEOUT = 10 * 1000;
private static final String DEFAULT_CLIENT_KEY_PASSPHRASE = "changeit";
private static final String SOCKS5_PROTOCOL_PREFIX = "socks5://";

private Boolean trustCerts;
private Boolean disableHostnameVerification;
Expand Down Expand Up @@ -696,11 +697,17 @@ public static void configFromSysPropsOrEnvVars(Config config) {

config.setHttp2Disable(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP2_DISABLE, config.isHttp2Disable()));

config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpProxy()));
config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpsProxy()));

config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTPS_PROXY, config.getHttpsProxy()));
config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP_PROXY, config.getHttpProxy()));
// Only set http(s) proxy fields if they're not set. This is done in order to align behavior of
// KubernetesClient with kubectl / client-go . Please see https://github.com/fabric8io/kubernetes-client/issues/6150
// Precedence is given to proxy-url read from kubeconfig .
if (Utils.isNullOrEmpty(config.getHttpProxy())) {
config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpProxy()));
config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP_PROXY, config.getHttpProxy()));
}
if (Utils.isNullOrEmpty(config.getHttpsProxy())) {
config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpsProxy()));
config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTPS_PROXY, config.getHttpsProxy()));
}

config.setProxyUsername(Utils.getSystemPropertyOrEnvVar(KUBERNETES_PROXY_USERNAME, config.getProxyUsername()));
config.setProxyPassword(Utils.getSystemPropertyOrEnvVar(KUBERNETES_PROXY_PASSWORD, config.getProxyPassword()));
Expand Down Expand Up @@ -926,6 +933,18 @@ private static void mergeKubeConfigContents(Config config, String context, io.fa
if (currentAuthInfo != null) {
mergeKubeConfigAuthInfo(config, currentCluster, currentAuthInfo);
}
String proxyUrl = currentCluster.getProxyUrl();
if (Utils.isNotNullOrEmpty(proxyUrl)) {
if (proxyUrl.startsWith(SOCKS5_PROTOCOL_PREFIX) && config.getMasterUrl().startsWith(HTTPS_PROTOCOL_PREFIX)) {
config.setHttpsProxy(proxyUrl);
} else if (proxyUrl.startsWith(SOCKS5_PROTOCOL_PREFIX)) {
config.setHttpProxy(proxyUrl);
} else if (proxyUrl.startsWith(HTTP_PROTOCOL_PREFIX)) {
config.setHttpProxy(proxyUrl);
} else if (proxyUrl.startsWith(HTTPS_PROTOCOL_PREFIX)) {
config.setHttpsProxy(proxyUrl);
}
}
}
}

Expand Down
Loading
Loading