fix(kubernetes): create proxied kubeclient EE-4326 (#7850)

2025-07-19 13:29:41 +02:00 · 2022-10-18 10:46:27 +13:00 · 2022-10-18 10:46:27 +13:00 · 0c995ae1c8
commit 0c995ae1c8
parent f6d6be90e4
18 changed files with 485 additions and 71 deletions
--- a/api/http/handler/kubernetes/ingresses.go
+++ b/api/http/handler/kubernetes/ingresses.go
@ -2,6 +2,7 @@ package kubernetes

 import (
 	"net/http"
+	"strconv"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@ -49,7 +50,13 @@ func (handler *Handler) getKubernetesIngressControllers(w http.ResponseWriter, r
 		)
 	}

-	controllers := cli.GetIngressControllers()
+	controllers, err := cli.GetIngressControllers()
+	if err != nil {
+		return httperror.InternalServerError(
+			"Failed to fetch ingressclasses",
+			err,
+		)
+	}
 	existingClasses := endpoint.Kubernetes.Configuration.IngressClasses
 	var updatedClasses []portainer.KubernetesIngressClassConfig
 	for i := range controllers {
@ -129,8 +136,23 @@ func (handler *Handler) getKubernetesIngressControllersByNamespace(w http.Respon
 		)
 	}

-	cli := handler.KubernetesClient
-	currentControllers := cli.GetIngressControllers()
+	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
+		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
+	)
+	if !ok {
+		return httperror.InternalServerError(
+			"Failed to lookup KubeClient",
+			nil,
+		)
+	}
+
+	currentControllers, err := cli.GetIngressControllers()
+	if err != nil {
+		return httperror.InternalServerError(
+			"Failed to fetch ingressclasses",
+			err,
+		)
+	}
 	kubernetesConfig := endpoint.Kubernetes.Configuration
 	existingClasses := kubernetesConfig.IngressClasses
 	ingressAvailabilityPerNamespace := kubernetesConfig.IngressAvailabilityPerNamespace
@ -229,7 +251,13 @@ func (handler *Handler) updateKubernetesIngressControllers(w http.ResponseWriter
 	}

 	existingClasses := endpoint.Kubernetes.Configuration.IngressClasses
-	controllers := cli.GetIngressControllers()
+	controllers, err := cli.GetIngressControllers()
+	if err != nil {
+		return httperror.InternalServerError(
+			"Unable to get ingress controllers",
+			err,
+		)
+	}
 	var updatedClasses []portainer.KubernetesIngressClassConfig
 	for i := range controllers {
 		controllers[i].Availability = true
@ -401,11 +429,28 @@ func (handler *Handler) getKubernetesIngresses(w http.ResponseWriter, r *http.Re
 		)
 	}

-	cli := handler.KubernetesClient
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return httperror.BadRequest(
+			"Invalid environment identifier route variable",
+			err,
+		)
+	}
+
+	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
+		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
+	)
+	if !ok {
+		return httperror.InternalServerError(
+			"Failed to lookup KubeClient",
+			nil,
+		)
+	}
+
 	ingresses, err := cli.GetIngresses(namespace)
 	if err != nil {
 		return httperror.InternalServerError(
-			"Unable to retrieve nodes limits",
+			"Unable to retrieve ingresses",
 			err,
 		)
 	}
@ -431,11 +476,28 @@ func (handler *Handler) createKubernetesIngress(w http.ResponseWriter, r *http.R
 		)
 	}

-	cli := handler.KubernetesClient
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return httperror.BadRequest(
+			"Invalid environment identifier route variable",
+			err,
+		)
+	}
+
+	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
+		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
+	)
+	if !ok {
+		return httperror.InternalServerError(
+			"Failed to lookup KubeClient",
+			nil,
+		)
+	}
+
 	err = cli.CreateIngress(namespace, payload)
 	if err != nil {
 		return httperror.InternalServerError(
-			"Unable to retrieve nodes limits",
+			"Unable to retrieve the ingress",
 			err,
 		)
 	}
@ -443,10 +505,26 @@ func (handler *Handler) createKubernetesIngress(w http.ResponseWriter, r *http.R
 }

 func (handler *Handler) deleteKubernetesIngresses(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	cli := handler.KubernetesClient
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return httperror.BadRequest(
+			"Invalid environment identifier route variable",
+			err,
+		)
+	}
+
+	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
+		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
+	)
+	if !ok {
+		return httperror.InternalServerError(
+			"Failed to lookup KubeClient",
+			nil,
+		)
+	}

 	var payload models.K8sIngressDeleteRequests
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
 	if err != nil {
 		return httperror.BadRequest("Invalid request payload", err)
 	}
@ -454,7 +532,7 @@ func (handler *Handler) deleteKubernetesIngresses(w http.ResponseWriter, r *http
 	err = cli.DeleteIngresses(payload)
 	if err != nil {
 		return httperror.InternalServerError(
-			"Unable to retrieve nodes limits",
+			"Unable to delete ingresses",
 			err,
 		)
 	}
@ -479,11 +557,28 @@ func (handler *Handler) updateKubernetesIngress(w http.ResponseWriter, r *http.R
 		)
 	}

-	cli := handler.KubernetesClient
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return httperror.BadRequest(
+			"Invalid environment identifier route variable",
+			err,
+		)
+	}
+
+	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
+		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
+	)
+	if !ok {
+		return httperror.InternalServerError(
+			"Failed to lookup KubeClient",
+			nil,
+		)
+	}
+
 	err = cli.UpdateIngress(namespace, payload)
 	if err != nil {
 		return httperror.InternalServerError(
-			"Unable to retrieve nodes limits",
+			"Unable to update the ingress",
 			err,
 		)
 	}