Skip to content

Commit

Permalink
Merge pull request #2111 from krmodelski/proxy-url-release-1.x
Browse files Browse the repository at this point in the history
Add proxy support
  • Loading branch information
k8s-ci-robot authored Dec 20, 2024
2 parents be116d7 + b7a2509 commit 0f5694e
Show file tree
Hide file tree
Showing 7 changed files with 347 additions and 9 deletions.
175 changes: 175 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,14 @@
"@types/tar": "^6.1.1",
"@types/ws": "^8.5.4",
"form-data": "^4.0.0",
"hpagent": "^1.2.0",
"isomorphic-ws": "^5.0.0",
"js-yaml": "^4.1.0",
"jsonpath-plus": "^10.2.0",
"node-fetch": "^2.6.9",
"openid-client": "^6.1.3",
"rfc4648": "^1.3.0",
"socks-proxy-agent": "^8.0.4",
"stream-buffers": "^3.0.2",
"tar": "^7.0.0",
"tmp-promise": "^3.0.2",
Expand Down
33 changes: 31 additions & 2 deletions src/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ import {
import { OpenIDConnectAuth } from './oidc_auth.js';
import WebSocket from 'isomorphic-ws';
import child_process from 'node:child_process';
import { SocksProxyAgent } from 'socks-proxy-agent';
import { HttpProxyAgent, HttpProxyAgentOptions, HttpsProxyAgent, HttpsProxyAgentOptions } from 'hpagent';

const SERVICEACCOUNT_ROOT: string = '/var/run/secrets/kubernetes.io/serviceaccount';
const SERVICEACCOUNT_CA_PATH: string = SERVICEACCOUNT_ROOT + '/ca.crt';
Expand Down Expand Up @@ -171,6 +173,7 @@ export class KubeConfig implements SecurityAuthentication {

public async applyToHTTPSOptions(opts: https.RequestOptions | WebSocket.ClientOptions): Promise<void> {
const user = this.getCurrentUser();
const cluster = this.getCurrentCluster();

await this.applyOptions(opts);

Expand Down Expand Up @@ -205,7 +208,7 @@ export class KubeConfig implements SecurityAuthentication {
agentOptions.secureProtocol = opts.secureProtocol;
agentOptions.sessionIdContext = opts.sessionIdContext;

opts.agent = new https.Agent(agentOptions);
opts.agent = this.createAgent(cluster, agentOptions);
}

/**
Expand Down Expand Up @@ -248,7 +251,7 @@ export class KubeConfig implements SecurityAuthentication {
agentOptions.passphrase = httpsOptions.passphrase;
agentOptions.rejectUnauthorized = httpsOptions.rejectUnauthorized;

context.setAgent(new https.Agent(agentOptions));
context.setAgent(this.createAgent(cluster, agentOptions));
}

/**
Expand Down Expand Up @@ -509,6 +512,32 @@ export class KubeConfig implements SecurityAuthentication {
return this.getContextObject(this.currentContext);
}

private createAgent(
cluster: Cluster | null,
agentOptions: https.AgentOptions,
): https.Agent | SocksProxyAgent | HttpProxyAgent | HttpsProxyAgent {
let agent: https.Agent | SocksProxyAgent | HttpProxyAgent | HttpsProxyAgent;

if (cluster && cluster.proxyUrl) {
if (cluster.proxyUrl.startsWith('socks')) {
agent = new SocksProxyAgent(cluster.proxyUrl, agentOptions);
} else if (cluster.server.startsWith('https')) {
const httpsProxyAgentOptions: HttpsProxyAgentOptions = agentOptions as HttpsProxyAgentOptions;
httpsProxyAgentOptions.proxy = cluster.proxyUrl;
agent = new HttpsProxyAgent(httpsProxyAgentOptions);
} else if (cluster.server.startsWith('http')) {
const httpProxyAgentOptions: HttpProxyAgentOptions = agentOptions as HttpProxyAgentOptions;
httpProxyAgentOptions.proxy = cluster.proxyUrl;
agent = new HttpProxyAgent(httpProxyAgentOptions);
} else {
throw new Error('Unsupported proxy type');
}
} else {
agent = new https.Agent(agentOptions);
}
return agent;
}

private applyHTTPSOptions(opts: https.RequestOptions | WebSocket.ClientOptions): void {
const cluster = this.getCurrentCluster();
const user = this.getCurrentUser();
Expand Down
Loading

0 comments on commit 0f5694e

Please sign in to comment.