Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-02 12:25:22 +02:00
Code Issues Releases Activity

fix(transport): portainer generated kubeconfig causes kubectl exec fail [R8S-430] (#929)

Browse source
This commit is contained in:
Steven Kang 2025-07-24 13:11:13 +12:00 committed by GitHub
parent bba3751268
commit bdb2e2f417
12 changed files with 417 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

23
api/http/proxy/factory/kubernetes/transport.go
View file

@ -26,15 +26,17 @@ type baseTransport struct {
endpoint *portainer.Endpoint
k8sClientFactory *cli.ClientFactory
dataStore dataservices.DataStore
jwtService portainer.JWTService
}
func newBaseTransport(httpTransport *http.Transport, tokenManager *tokenManager, endpoint *portainer.Endpoint, k8sClientFactory *cli.ClientFactory, dataStore dataservices.DataStore) *baseTransport {
func newBaseTransport(httpTransport *http.Transport, tokenManager *tokenManager, endpoint *portainer.Endpoint, k8sClientFactory *cli.ClientFactory, dataStore dataservices.DataStore, jwtService portainer.JWTService) *baseTransport {
return &baseTransport{
httpTransport: httpTransport,
tokenManager: tokenManager,
endpoint: endpoint,
k8sClientFactory: k8sClientFactory,
dataStore: dataStore,
jwtService: jwtService,
}
}
@ -82,7 +84,7 @@ func (transport *baseTransport) proxyNamespacedRequest(request *http.Request, fu
switch {
case strings.HasPrefix(requestPath, "pods"):
return transport.proxyPodsRequest(request, namespace, requestPath)
return transport.proxyPodsRequest(request, namespace)
case strings.HasPrefix(requestPath, "deployments"):
return transport.proxyDeploymentsRequest(request, namespace, requestPath)
case requestPath == "" && request.Method == "DELETE":
@ -92,6 +94,23 @@ func (transport *baseTransport) proxyNamespacedRequest(request *http.Request, fu
}
}
// addTokenForExec injects a kubeconfig token into the request header
// this is only used with kubeconfig for kubectl exec requests
func (transport *baseTransport) addTokenForExec(request *http.Request) error {
tokenData, err := security.RetrieveTokenData(request)
if err != nil {
return err
}
token, err := transport.jwtService.GenerateTokenForKubeconfig(tokenData)
if err != nil {
return err
}
request.Header.Set("Authorization", "Bearer "+token)
return nil
}
func (transport *baseTransport) executeKubernetesRequest(request *http.Request) (*http.Response, error) {
resp, err := transport.httpTransport.RoundTrip(request)