Merge branch 'master' of github.com:KubeOperator/ekko

Author: zhengkunwang223

.kube/config

@@ -0,0 +1,7 @@
+<html>
+<head><title>302 Found</title></head>
+<body bgcolor="white">
+<center><h1>302 Found</h1></center>
+<hr><center>bfe/1.0.8.18</center>
+</body>
+</html>

internal/api/v1/v1.go

@@ -272,5 +272,5 @@ func AddV1Route(app iris.Party) {
 	proxy.Install(authParty)
 	ws.Install(authParty)
 	chart.Install(authParty)
-	webkubectl.Install(authParty)
+	webkubectl.Install(authParty, v1Party)
 }

internal/api/v1/webkubectl/types.go

@@ -9,5 +9,5 @@ type Session struct {
 }
 
 type SessionResponse struct {
-	SessionId string `json:"sessionId"`
+	Token string `json:"token"`
 }

internal/api/v1/webkubectl/webkubectl.go

@@ -10,7 +10,6 @@ import (
 	"github.com/google/uuid"
 	"github.com/kataras/iris/v12"
 	"github.com/kataras/iris/v12/context"
-	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 )
@@ -31,15 +30,15 @@ func NewHandler() *Handler {
 
 func (h *Handler) GetConfigFile() iris.Handler {
 	return func(ctx *context.Context) {
-		sessionId := ctx.URLParam("session")
+		sessionId := ctx.URLParam("token")
 		requireLen := len(uuid.New().String())
 		if len(sessionId) != requireLen {
 			ctx.StatusCode(iris.StatusBadRequest)
 			ctx.Values().Set("message", fmt.Sprintf("sessionId length must be %d", requireLen))
 			return
 		}
-		cfg := h.sessionCache.Get(sessionId)
-		if cfg != nil {
+		sess := h.sessionCache.Get(sessionId)
+		if sess != nil {
 			h.sessionCache.Delete(sessionId)
 		} else {
 			ctx.StatusCode(iris.StatusInternalServerError)
@@ -51,7 +50,7 @@ func (h *Handler) GetConfigFile() iris.Handler {
 		ctx.Header("Content-Disposition", "attachment;filename=config")
 		ctx.Header("Content-Transfer-Encoding", "binary")
 
-		cc := toCmdConfig(*cfg.config)
+		cc := toCmdConfig(sess)
 		bs, err := clientcmd.Write(*cc)
 		if err != nil {
 			ctx.StatusCode(iris.StatusInternalServerError)
@@ -62,20 +61,23 @@ func (h *Handler) GetConfigFile() iris.Handler {
 	}
 }
 
-func toCmdConfig(rc rest.Config) *clientcmdapi.Config {
+func toCmdConfig(sess *Session) *clientcmdapi.Config {
 	cc := clientcmdapi.NewConfig()
-	cc.Clusters["default"] = &clientcmdapi.Cluster{
-		Server: rc.Host,
+	cc.Clusters[sess.Cluster] = &clientcmdapi.Cluster{
+		Server:                sess.config.Host,
+		InsecureSkipTLSVerify: true,
 	}
-	cc.AuthInfos["default"] = &clientcmdapi.AuthInfo{
-		ClientCertificateData: rc.CAData,
-		ClientKeyData:         rc.KeyData,
-		Token:                 rc.BearerToken,
+	cc.AuthInfos[sess.User] = &clientcmdapi.AuthInfo{
+		ClientCertificateData: sess.config.CertData,
+		ClientKeyData:         sess.config.KeyData,
+		Token:                 sess.config.BearerToken,
 	}
-	cc.Contexts["default"] = &clientcmdapi.Context{
-		Cluster:  "default",
-		AuthInfo: "default",
+	contextName := fmt.Sprintf("%s@%s", sess.Cluster, sess.User)
+	cc.Contexts[contextName] = &clientcmdapi.Context{
+		Cluster:  sess.Cluster,
+		AuthInfo: sess.User,
 	}
+	cc.CurrentContext = contextName
 	return cc
 }
 
@@ -113,15 +115,15 @@ func (h *Handler) CreateSession() iris.Handler {
 			cfg.CertData = rb.Certificate
 		}
 		sess.config = cfg
+		sess.User = profile.Name
 		sessionId := uuid.New().String()
 		h.sessionCache.Put(sessionId, &sess)
-		ctx.Values().Set("data", &SessionResponse{SessionId: sessionId})
+		ctx.Values().Set("data", &SessionResponse{Token: sessionId})
 	}
 }
 
-func Install(parent iris.Party) {
+func Install(authParent, noAuthParty iris.Party) {
 	handler := NewHandler()
-	sp := parent.Party("/webkubectl")
-	sp.Get("/session", handler.GetConfigFile())
-	sp.Post("/session", handler.CreateSession())
+	authParent.Post("/webkubectl/session", handler.CreateSession())
+	noAuthParty.Get("/webkubectl/session", handler.GetConfigFile())
 }

internal/server/server.go

@@ -4,6 +4,8 @@ import (
 	"embed"
 	"fmt"
 	"net/http"
+	"net/http/httputil"
+	"net/url"
 	"os"
 	"path"
 	"strings"
@@ -72,20 +74,23 @@ func (e *KubePiSerer) setUpDB() {
 }
 
 func (e *KubePiSerer) setUpStaticFile() {
-	e.Get("/", func(ctx *context.Context) {
+	spaOption := iris.DirOptions{SPA: true, IndexName: "index.html"}
+	party := e.Party("/")
+	party.Get("/", func(ctx *context.Context) {
 		ctx.Redirect("/kubepi")
 	})
-	spaOption := iris.DirOptions{SPA: true, IndexName: "index.html"}
+	party.Use(iris.Compression)
 	dashboardFS := iris.PrefixDir("web/dashboard", http.FS(EmbedWebDashboard))
-	e.RegisterView(view.HTML(dashboardFS, ".html"))
-	e.HandleDir("/dashboard/", dashboardFS, spaOption)
+	party.RegisterView(view.HTML(dashboardFS, ".html"))
+	party.HandleDir("/dashboard/", dashboardFS, spaOption)
+
 	terminalFS := iris.PrefixDir("web/terminal", http.FS(EmbedWebTerminal))
-	e.RegisterView(view.HTML(terminalFS, ".html"))
-	e.HandleDir("/terminal/", terminalFS, spaOption)
-	kubePiFS := iris.PrefixDir("web/kubepi", http.FS(EmbedWebKubePi))
-	e.RegisterView(view.HTML(kubePiFS, ".html"))
-	e.HandleDir("/kubepi/", kubePiFS, spaOption)
+	party.RegisterView(view.HTML(terminalFS, ".html"))
+	party.HandleDir("/terminal/", terminalFS, spaOption)
 
+	kubePiFS := iris.PrefixDir("web/kubepi", http.FS(EmbedWebKubePi))
+	party.RegisterView(view.HTML(kubePiFS, ".html"))
+	party.HandleDir("/kubepi/", kubePiFS, spaOption)
 }
 
 func (e *KubePiSerer) setUpSession() {
@@ -105,6 +110,11 @@ func (e *KubePiSerer) setResultHandler() {
 		isProxyPath := func() bool {
 			p := ctx.GetCurrentRoute().Path()
 			ss := strings.Split(p, "/")
+			if len(ss) > 0 {
+				if ss[0] == "webkubectl" {
+					return true
+				}
+			}
 			if len(ss) >= 3 {
 				for i := range ss {
 					if ss[i] == "proxy" || ss[i] == "ws" {
@@ -169,18 +179,42 @@ func (e *KubePiSerer) setUpErrHandler() {
 func (e *KubePiSerer) runMigrations() {
 	migrate.RunMigrate(e.db, e.logger)
 }
+func (e *KubePiSerer) setWebkubectlProxy() {
+	handler := func(ctx *context.Context) {
+		p := ctx.Params().Get("p")
+		if strings.Contains(p, "root") {
+			ctx.Request().URL.Path = strings.ReplaceAll(ctx.Request().URL.Path, "root", "")
+			ctx.Request().RequestURI = strings.ReplaceAll(ctx.Request().RequestURI, "root", "")
+		}
+		u, _ := url.Parse("http://localhost:8080")
+		proxy := httputil.NewSingleHostReverseProxy(u)
+		proxy.ModifyResponse = func(resp *http.Response) error {
+			if resp.StatusCode == iris.StatusMovedPermanently {
+				// 重定向重写
+				if resp.Header.Get("Location") == "/webkubectl/" {
+					resp.Header.Set("Location", "/webkubectl/root")
+				}
+			}
+			return nil
+		}
+		proxy.ServeHTTP(ctx.ResponseWriter(), ctx.Request())
+	}
+	e.Any("/webkubectl/{p:path}", handler)
+	e.Any("webkubectl", handler)
+}
 
 func (e *KubePiSerer) bootstrap() *KubePiSerer {
 	e.Application = iris.New()
-	e.Application.Use(iris.Compression)
 	e.setUpStaticFile()
 	e.setUpConfig()
 	e.setUpLogger()
 	e.setUpDB()
 	e.setUpSession()
 	e.setResultHandler()
 	e.setUpErrHandler()
+	e.setWebkubectlProxy()
 	e.runMigrations()
+	e.startTty()
 	return e
 }
 

internal/server/tty_darwin.go

@@ -0,0 +1,22 @@
+// +build darwin
+
+package server
+
+import (
+	"os"
+	"os/exec"
+)
+
+func (e *KubePiSerer) startTty() {
+	cmd := "/Users/shenchenyang/go/bin/gotty"
+	params := []string{"--permit-write", "bash", "init-kube.sh"}
+	go func() {
+		c := exec.Command(cmd, params...)
+		c.Stdout = os.Stdout
+		c.Stderr = os.Stderr
+		if err := c.Run(); err != nil {
+			e.logger.Error(err)
+		}
+	}()
+
+}

internal/server/tty_linux.go

@@ -0,0 +1,16 @@
+// +build linux
+
+package server
+
+func (e *KubePiSerer) startTty() {
+	cmd := "gotty"
+	params := []string{"--permit-write", "bash", "unshare", "--fork", "--pid", "--mount-proc", "--mount", "init-kube.sh"}
+	go func() {
+		c := exec.Command(cmd, params...)
+		c.Stdout = os.Stdout
+		c.Stderr = os.Stderr
+		if err := c.Run(); err != nil {
+			e.logger.Error(err)
+		}
+	}()
+}

thirdparty/gotty/.kube/config

@@ -0,0 +1,19 @@
+apiVersion: v1
+clusters:
+- cluster:
+    insecure-skip-tls-verify: true
+    server: https://172.16.10.41:8443
+  name: abcd
+contexts:
+- context:
+    cluster: abcd
+    user: admin
+  name: abcd@admin
+current-context: abcd@admin
+kind: Config
+preferences: {}
+users:
+- name: admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lKQVBraVB1OVZxTjhHTUEwR0NTcUdTSWIzRFFFQkN3VUFNQlV4RXpBUkJnTlYKQkFNTUNtdDFZbVZ5Ym1WMFpYTXdJQmNOTWpFd056SXpNRFkwTkRFeVdoZ1BNakV5TVRBMk1qa3dOalEwTVRKYQpNRFF4R1RBWEJnTlZCQU1NRUd0MVltVnlibVYwWlhNdFlXUnRhVzR4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0CllYTjBaWEp6TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6eEhRTUN3OWh5STYKeGVaNEVmbXcwV0xqWE0rZnV6Q0t1bHByeXhQZVAzTVh3VmRrK2MybEUrZG9oTENDMDZ1QlBzVXJ1RVN6NGhvVApyQ1ZCOGpLb21UUWpXb2ExRWtUaDRBZUZHQUNjandNcU53Uk16TG9aeWxUSUs2eXdxNzNyVnlYSjQyVUVyR0pzCnpPd1ZpYVlaQ0k4MW13aWttaFBaaDhMSk1JZ1JSMzVtbXFBSmU0OTlZd2ZzWnRTNXljalUyaGd4dDduamxDVjkKQ1cxWEJUS1ppbWlNeDBWN3BidjBmaHp5UHpVcnBqM1p1azJtSzZzcUYyaFNpMFB5alVyWkFJSVNzYmtyOVRuUAo2MFhPZUt2Tkw2dk1Gc3F1aXpKbWZvUXh5R2UvbUoxSjRLRGgxNzAwN3pSa3ZiMVc0dnJtODFYQ1U0T0p5TmEwCmVnRTl6OG9iQ1FJREFRQUJvekl3TURBSkJnTlZIUk1FQWpBQU1BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlYKSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbHNLSmF0QzNsbFF5VjNBdwpZbUNMT1ZuTzkxQXlzTEhPa0xJQVAwblFYRldiQzBXeG1ja09uS2tseCsxZ29xV2o2a2Z2UC9xT3JJZitPaUcwClhGazJIQ21UM2pzTlA3ck9DUnZBUVpQQ3VLeVVUejJoYXQ4Z25LOFhIemU4QzBOTmxQaG94eE1ieVRWNXRKbUkKbFRkNFNpWlVrcWVUSU44OEQ5WkgvTWlVbHN2aTllNWg3U3BkdC9RcU9BNlp1T0V4RjI5dlMvU29hNDVTUnNuTgpaU3Y5WU84bUEvSS9iRHE3cFAyUVR2TjF1T1ZMTUF1K0QzQlNkQllwUU1BTnZkMkM1TkFBYmZVcUdBTldhZlhXClFNeHhDaE9ybjlWRWRYSG1DSzJSdUN4STRYVXdzZVo3dFpUNnJZV0NEc2p1T0ZCc2VDYTR6aEQ2c0pBM3RQeWgKNXQ5QXBBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenhIUU1DdzloeUk2eGVaNEVmbXcwV0xqWE0rZnV6Q0t1bHByeXhQZVAzTVh3VmRrCitjMmxFK2RvaExDQzA2dUJQc1VydUVTejRob1RyQ1ZCOGpLb21UUWpXb2ExRWtUaDRBZUZHQUNjandNcU53Uk0KekxvWnlsVElLNnl3cTczclZ5WEo0MlVFckdKc3pPd1ZpYVlaQ0k4MW13aWttaFBaaDhMSk1JZ1JSMzVtbXFBSgplNDk5WXdmc1p0UzV5Y2pVMmhneHQ3bmpsQ1Y5Q1cxWEJUS1ppbWlNeDBWN3BidjBmaHp5UHpVcnBqM1p1azJtCks2c3FGMmhTaTBQeWpVclpBSUlTc2JrcjlUblA2MFhPZUt2Tkw2dk1Gc3F1aXpKbWZvUXh5R2UvbUoxSjRLRGgKMTcwMDd6Umt2YjFXNHZybTgxWENVNE9KeU5hMGVnRTl6OG9iQ1FJREFRQUJBb0lCQUJQdkRoQ2xJYU14cTJERAp5QWxLOVRlakFtbzczbytobzZrKzdTT1duUTJVb2RQTit2MkZTMy80QmZySUYwQVRRWlR1WEVBWDlRMHVIM2l4CitZQThXaml0YVQzY3UrK3ZTK05LTmdqU2ZqL1NPUzBrcjlRQmtsd0UvMlFjOHNFRnZuTWNReXd0M0Y1UDkxTmUKNHMvbWVvQjFjTjZrM1Z1cno0UWZQMGo1d0ZnV2FhdEdab1hxeis3OXVwcHArY3p2bzRieUh5bmFEVTZjTVFlagp0c0RFMy9lcHpQNGxFaGU3VG5kVUo0RS9Qb2haN05LT1lVOTRQOUt2ZDBoVG5leWVEdERFVk5Va2x1RGo0TDh6Ck8vR2QyYVpsTjZsMjhCY1VMK3JSbGcydUJCaXJPdXlPckMzb3hhdFdxVm9jUlZVM0tJV0lNK05ib0FpTjNFQ2gKT1F5Mi93RUNnWUVBNk0wTEpXYXdCK09KOEZPMXFlMEtPZUJFckluY0U0NEFvNEFvMStTUzF2YlNvbkJQclRLSgpwNFN5REFqVnlLY0djbDlJOThaaTJiN1VqWWcyaU16cDNpSE1jQ2lmb3gxVW9oVkQ3Z0F4SXY0K0kzUFFVV3ZIClc3WmhrSzl2N285ZEtVNTI0Y1NFa0FqWmRCTEYrbFZ5Rmw2RTBmK0dOVzlCcVdUNEovY1NRdUVDZ1lFQTQ3UlgKQk8rY0VSUDZGZUEyM3piT3ZIZitod0dXbC9YYU0raHVVTVRhcGQza004bERUSDF5UGU5ZXNUNUJOTlkzRW5MegpVZGgva1ZwWjA3V044MkVHRWV5K1FPTmR5THVLdFFrRGFiVTdNUStYc2JLODhzVVZKQStjaHhPd3NiazRNTTl6Cm5obEU2bHp5d0VUUERQWXorcUd3dENFMC9EV2lwUGg5bUVOdkJTa0NnWUVBc3k0dWFBa1RiOTc0S2x1anRUaFcKNkpqdkFvWFJOOVBTTmdYTWFlN3AvajVYZk9OSTBCdlh5M0hjd0ZxRWdUM2RQbWFNZVBqZTJJMkNkN1RobElWegpjNTg4QlErZlh5S1NJM2FPcEQ3Tmt3dHd0RVROai8yT29jNU1aZHBDSXJHQm1PdGxvUHRxdEptN0ZSWGwvM21JCnFDTHp3OVlTYkVwSGxhTzdSTGRyL01FQ2dZQWh3dHBvSS9LNjRZQmgvL1dDMFFpRUR6S1E1OTVoTjVXYnZxbWsKbGh0cEhtWTRlMjNjQ0htSXoxWDE1Nm9aWUcyWDhhMDhCR0tkdFl5K0JCeEE2ckRRdFk1YjVwcEFLZlpkOHpFcgpXakNsakk5TVRKa1JVY0Zac0dyZjZENTVpMkhXY3R2TXBDaUFxemxlNHBUa2NoaXczNHBvbXNmVllVcDFOVmJCCjNiVzNTUUtCZ0V2YWVUQ1RWU0tTTjlqTE1aem5sd0R5YllEaTFHVDVMdVBtSGkrNlVaeFpKUFVvVjIweEw4Y2gKL2Z2bGk2NSs4RTdteDVGT3V0RVkyWUJKd01DOXpRczVabjVHSHMwUm45Sm1uNE83TzM1R05SSGpBdjdiK3J2NwpwMHBLeXRBT3ZQSTQ4U3FjM0xwSzVUc1E3ZCtEWThZYUw5TjVCV00vTmVFM3VMWW15bG5OCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

thirdparty/gotty/init-kube.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+
+
+
+
+#if [ "${WELCOME_BANNER}" ]; then
+#    echo ${WELCOME_BANNER}
+#fi
+#
+arg1=$1
+#
+#mkdir -p /nonexistent
+#mount -t tmpfs -o size=${SESSION_STORAGE_SIZE} tmpfs /nonexistent
+#cd /nonexistent
+#cp /root/.bashrc ./
+#cp /etc/vim/vimrc.local .vimrc
+#echo 'source /opt/kubectl-aliases/.kubectl_aliases' >> .bashrc
+#echo -e 'PS1="> "\nalias ll="ls -la"' >> .bashrc
+mkdir -p .kube
+#
+#export HOME=/nonexistent
+#
+echo "download kubeconfig file..."
+
+code=`curl -w %{http_code} -s -o .kube/config http://localhost/api/v1/webkubectl/session?token=${arg1}`
+
+if [[ $code == '200' ]];
+then
+    echo "download kubeconfig success"
+else
+    echo "download kubeconfig failed"
+    exit
+fi
+
+
+#
+#chown -R nobody:nogroup .kube
+#export TMPDIR=/nonexistent
+#
+#envs=`env`
+#for env in ${envs[@]}; do
+#    if [[ $env == GOTTY* ]];
+#    then
+#        unset ${env%%=*}
+#    fi
+#done
+#
+#unset WELCOME_BANNER PPROF_ENABLED KUBECTL_INSECURE_SKIP_TLS_VERIFY SESSION_STORAGE_SIZE KUBECTL_VERSION
+#
+#exec su -s /bin/bash nobody
+exec /bin/bash

thirdparty/gotty/server/handlers.go

@@ -127,20 +127,7 @@ func (server *Server) processWSConn(ctx context.Context, conn *websocket.Conn) e
 	windowTitle := ""
 	params := query.Query()
 	params.Del("arg")
-	arg := ""
-	if len(params.Get("token")) > 0 {
-		ttyParameter := server.cache.Get(params.Get("token"))
-		cachedKey := params.Get("token")
-		if ttyParameter != nil {
-			windowTitle = ttyParameter.Title
-			arg = ttyParameter.Arg
-			server.cache.Delete(cachedKey)
-		} else {
-			arg = "ERROR:Invalid Token"
-		}
-	} else {
-		arg = "ERROR:No Token Provided"
-	}
+	arg := params.Get("token")
 	params.Add("arg", arg)
 	log.Println("arg: " + arg)
 	var slave Slave

thirdparty/gotty/server/server.go

@@ -115,7 +115,7 @@ func (server *Server) Run(ctx context.Context, options ...RunOption) error {
 	}
 
 	counter := newCounter(time.Duration(server.options.Timeout) * time.Second)
-	path := "/terminal/"
+	path := "/webkubectl/"
 	customPath := os.Getenv("TERMINAL_PATH")
 	if len(customPath) > 0 {
 		path = customPath

web/dashboard/src/api/webkubectl.js

@@ -0,0 +1,7 @@
+import {post} from "@/plugins/request";
+
+const baseUrl = "/api/v1/webkubectl/session"
+
+export function getTerminalSession(clusterName) {
+    return post(`${baseUrl}`, {cluster: clusterName})
+}

web/dashboard/src/business/app-layout/header-components/TerminalEnter.vue

@@ -0,0 +1,31 @@
+<template>
+  <div style="margin-right: 20px;margin-top: 5px">
+    <el-button size="mini" @click="onOpenTerminal"><i class="el-icon-arrow-right"/>Terminal</el-button>
+  </div>
+</template>
+
+<script>
+import {getTerminalSession} from "@/api/webkubectl";
+
+export default {
+  name: "TerminalEnter",
+  data() {
+    return {}
+  },
+  methods: {
+    onOpenTerminal() {
+      const clusterName = this.$store.getters.cluster
+      getTerminalSession(clusterName).then(data => {
+        const token = data.data.token
+        const url = `/webkubectl/root?token=${token}`
+        console.log(url)
+        open(url, "_black")
+      })
+    }
+  }
+}
+</script>
+
+<style scoped>
+
+</style>