fix: the usage is not compatible with old version

Added a lock file to hold make sure that it's safe to rebuild socket file

.github/workflows/push.yaml

@@ -3,6 +3,7 @@ name: Push to Master
 on:
   push:
     branches:
+      - release/v*
       - main
       - "release/v*"
     tags:

Dockerfile.dapper

@@ -1,7 +1,7 @@
 FROM goreleaser/goreleaser:v2.3.2 as goreleaser
 FROM aevea/release-notary:0.9.2 as tools
 
-FROM registry.suse.com/bci/golang:1.22
+FROM registry.suse.com/bci/golang:1.23
 ARG PROXY
 ARG GOPROXY
 ARG DAPPER_HOST_ARCH
@@ -16,11 +16,11 @@ RUN curl -sL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${
     mv /tmp/upx /usr/bin/
 
 RUN if [ "${ARCH}" == "amd64" ]; then \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.54.2; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.61.0; \
     fi
 COPY --from=goreleaser /usr/bin/goreleaser /usr/bin/goreleaser 
 COPY --from=tools /app/release-notary /usr/local/bin/
-ENV CATTLE_DASHBOARD_UI_VERSION="v2.8.5-kube-explorer-ui-rc1"
+ENV CATTLE_DASHBOARD_UI_VERSION="v2.9.2-kube-explorer-ui-rc1"
 ENV CATTLE_API_UI_VERSION="1.1.11"
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GOPROXY GITHUB_TOKEN GITHUB_REF GITHUB_REF_NAME BUILD_TARGET SKIP_PACKAGE

README.md

@@ -10,7 +10,7 @@ Please download the binary from the [release page](https://github.com/cnrancher/
 
 To run an HTTP only server:
 
-```
+```bash
 ./kube-explorer --kubeconfig=xxxx --http-listen-port=9898 --https-listen-port=0
 ```
 
@@ -22,20 +22,47 @@ Then, open the browser to visit http://x.x.x.x:9898 .
 
 To debug on an AMD64 Linux host:
 
-```
+```bash
 make dev
 
 # $basedir=/opt/ui/dist/
 # prepare the file trees like this
 # $basedir/dashboard/
+# $basedir/api-ui/
 # $basedir/index.html
 
 # good to go!
-./kube-explorer --debug  --ui-path /opt/ui/dist/ --http-listen-port=9898 --https-listen-port=0
+./bin/kube-explorer --debug  --ui-path /opt/ui/dist/ --http-listen-port=9898 --https-listen-port=0
 ```
 
 To build all cross-platform binaries:
 
+```bash
+CROSS=tag make
 ```
-CROSS=1 make
-```
+
+## Supported features
+
+- Specified system default registry for shell image, e.g. `--system-default-registry`
+- Specified shell image name, e.g. `--pod-image`
+- Deployed behind proxy
+  - [Behind ingress with dns name](./deploy/kubectl/README.md)
+  - [Behind ingress with dns name and path prefix](./deploy/kubectl/path-prefix/Readme.md)
+  - Base auth via ingress such as [nginx](./deploy/kubectl/nginx-auth/README.md), [traefik-v1](./deploy/kubectl/traefik-v1-auth/README.md) and [traefik-v2](./deploy/kubectl/traefik-v2-auth/README.md)
+
+## Support Matrix
+
+Currently, there are several major versions under maintenance, each tailored to different Kubernetes version ranges due to the use of varying steve and client-go versions.
+
+| Major | Target Rancher Branch | K8s version range |
+| ----- | --------------------- | ----------------- |
+| v0.4  | v2.8.x                | >= 1.25 <= 1.28   |
+| v0.5  | v2.9.x                | >= 1.27 <= 1.30   |
+
+Please use the proper kube-explorer version for your k8s setup.
+
+## Related Projects
+
+- kube-explorer ui([https://github.com/cnrancher/kube-explorer-ui](https://github.com/cnrancher/kube-explorer-ui))
+- autok3s([https://github.com/cnrancher/autok3s](https://github.com/cnrancher/autok3s))
+- api-ui([https://github.com/rancher/api-ui](https://github.com/rancher/api-ui))

go.mod

@@ -2,21 +2,15 @@ module github.com/cnrancher/kube-explorer
 
 go 1.22.0
 
-replace (
-	github.com/rancher/steve => github.com/rancher/steve v0.0.0-20240529152548-9fb3e50aa806
-	k8s.io/api => k8s.io/api v0.28.6
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.6
-	k8s.io/apimachinery => k8s.io/apimachinery v0.28.6
-	k8s.io/apiserver => k8s.io/apiserver v0.28.6
-	k8s.io/client-go => github.com/rancher/client-go v1.28.6-rancher1
-
-)
+replace k8s.io/client-go => k8s.io/client-go v0.30.1
 
 require (
+	github.com/Microsoft/go-winio v0.6.2
 	github.com/gorilla/mux v1.8.1
-	github.com/rancher/apiserver v0.0.0-20240207153744-69b3c2b56f3f
-	github.com/rancher/steve v0.0.0-20240529152548-9fb3e50aa806
-	github.com/rancher/wrangler/v2 v2.1.4
+	github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146
+	github.com/rancher/dynamiclistener v0.6.0-rc2
+	github.com/rancher/steve v0.0.0-20240911190153-79304d93b49b
+	github.com/rancher/wrangler/v3 v3.0.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/urfave/cli v1.22.15
 	golang.org/x/text v0.14.0
@@ -34,6 +28,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
@@ -48,30 +43,32 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/rancher/dynamiclistener v0.4.0-rc2 // indirect
 	github.com/rancher/kubernetes-provider-detector v0.1.5 // indirect
 	github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1 // indirect
 	github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 // indirect
 	github.com/rancher/remotedialer v0.3.2 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/urfave/cli/v2 v2.27.1 // indirect
@@ -106,6 +103,13 @@ require (
 	k8s.io/kube-aggregator v0.30.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
+	modernc.org/libc v1.49.3 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/sqlite v1.29.10 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
 	sigs.k8s.io/cli-utils v0.35.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

internal/config/flags.go

@@ -8,6 +8,7 @@ var InsecureSkipTLSVerify bool
 var SystemDefaultRegistry string
 var APIUIVersion = "1.1.11"
 var ShellPodImage string
+var BindAddress string
 
 func Flags() []cli.Flag {
 	return []cli.Flag{
@@ -30,5 +31,10 @@ func Flags() []cli.Flag {
 			Destination: &APIUIVersion,
 			Value:       APIUIVersion,
 		},
+		cli.StringFlag{
+			Name:        "bind-address",
+			Destination: &BindAddress,
+			Usage:       `Bind address with url format. The supported schemes are unix, tcp and namedpipe, e.g. unix:///path/to/kube-explorer.sock or namedpipe:/\.\pipe\kube-explorer`,
+		},
 	}
 }

internal/resources/cluster/shell.go

@@ -10,7 +10,7 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/config"
 	"github.com/rancher/steve/pkg/podimpersonation"
 	"github.com/rancher/steve/pkg/stores/proxy"
-	"github.com/rancher/wrangler/v2/pkg/schemas/validation"
+	"github.com/rancher/wrangler/v3/pkg/schemas/validation"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/user"

internal/server/config.go

@@ -12,8 +12,8 @@ import (
 	"github.com/rancher/steve/pkg/server"
 	"github.com/rancher/steve/pkg/server/cli"
 	"github.com/rancher/steve/pkg/server/router"
-	"github.com/rancher/wrangler/v2/pkg/kubeconfig"
-	"github.com/rancher/wrangler/v2/pkg/ratelimit"
+	"github.com/rancher/wrangler/v3/pkg/kubeconfig"
+	"github.com/rancher/wrangler/v3/pkg/ratelimit"
 
 	"github.com/cnrancher/kube-explorer/internal/config"
 	"github.com/cnrancher/kube-explorer/internal/resources/cluster"
@@ -21,7 +21,7 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/version"
 )
 
-func ToServer(ctx context.Context, c *cli.Config) (*server.Server, error) {
+func ToServer(ctx context.Context, c *cli.Config, sqlCache bool) (*server.Server, error) {
 	var (
 		auth steveauth.Middleware
 	)
@@ -59,6 +59,7 @@ func ToServer(ctx context.Context, c *cli.Config) (*server.Server, error) {
 		AuthMiddleware: auth,
 		Controllers:    controllers,
 		Next:           ui,
+		SQLCache:       sqlCache,
 		// router needs to hack here
 		Router: func(h router.Handlers) http.Handler {
 			return handleProxyHeader(

internal/server/listener.go

@@ -0,0 +1,52 @@
+package server
+
+import (
+	"context"
+	"log"
+	"net"
+	"net/http"
+
+	"github.com/cnrancher/kube-explorer/internal/config"
+	dynamicserver "github.com/rancher/dynamiclistener/server"
+	"github.com/rancher/steve/pkg/server"
+	"github.com/sirupsen/logrus"
+)
+
+func Serve(ctx context.Context, server *server.Server) error {
+	listener, ipOrPath, err := ensureListener(ctx)
+	if err != nil {
+		return err
+	}
+	if listener != nil {
+		defer listener.Close()
+		return serveSocket(ctx, ipOrPath, listener, server)
+	}
+	return server.ListenAndServe(ctx, config.Steve.HTTPSListenPort, config.Steve.HTTPListenPort, &dynamicserver.ListenOpts{
+		BindHost: ipOrPath,
+	})
+}
+
+func serveSocket(ctx context.Context, socketPath string, listener net.Listener, handler http.Handler) error {
+	logger := logrus.StandardLogger()
+	errorLog := log.New(logger.WriterLevel(logrus.DebugLevel), "", log.LstdFlags)
+	socketServer := &http.Server{
+		Handler:  handler,
+		ErrorLog: errorLog,
+		BaseContext: func(_ net.Listener) context.Context {
+			return ctx
+		},
+	}
+	go func() {
+		logrus.Infof("Listening on %s", socketPath)
+		err := socketServer.Serve(listener)
+		if err != http.ErrServerClosed && err != nil {
+			logrus.Fatalf("https server failed: %v", err)
+		}
+	}()
+	go func() {
+		<-ctx.Done()
+		_ = socketServer.Shutdown(context.Background())
+	}()
+	<-ctx.Done()
+	return ctx.Err()
+}

internal/server/listener_unix.go

@@ -0,0 +1,99 @@
+//go:build unix
+// +build unix
+
+package server
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/cnrancher/kube-explorer/internal/config"
+	"github.com/sirupsen/logrus"
+)
+
+var _ net.Listener = &closerListener{}
+
+type closerListener struct {
+	listener net.Listener
+	lockFile *os.File
+}
+
+func (l *closerListener) Accept() (net.Conn, error) {
+	return l.listener.Accept()
+}
+
+func (l *closerListener) Close() error {
+	return errors.Join(
+		l.listener.Close(),
+		l.lockFile.Close(),
+		os.RemoveAll(l.lockFile.Name()),
+	)
+}
+
+func (l *closerListener) Addr() net.Addr {
+	return l.listener.Addr()
+}
+
+func ensureListener(ctx context.Context) (net.Listener, string, error) {
+	if config.BindAddress == "" {
+		return nil, "", nil
+	}
+	u, err := url.Parse(config.BindAddress)
+	if err != nil {
+		return nil, "", err
+	}
+	switch u.Scheme {
+	case "":
+		return nil, config.BindAddress, nil
+	case "tcp":
+		return nil, u.Host, nil
+	case "unix":
+		listener, err := createCloserListener(ctx, u.Path)
+		if err != nil {
+			return nil, "", err
+		}
+		return listener, u.Path, err
+	default:
+		return nil, "", fmt.Errorf("Unsupported scheme %s, only tcp and unix are supported in UNIX OS", u.Scheme)
+	}
+}
+
+func createCloserListener(ctx context.Context, socketPath string) (net.Listener, error) {
+	lockFilePath := getLockFileName(socketPath)
+	lockFile, err := os.OpenFile(lockFilePath, os.O_RDONLY|os.O_CREATE, 0600)
+	if err != nil {
+		return nil, err
+	}
+
+	lockErr := syscall.Flock(int(lockFile.Fd()), syscall.LOCK_EX|syscall.LOCK_NB)
+	if lockErr != nil {
+		return nil, fmt.Errorf("Socket file %s is in use, exiting", socketPath)
+	}
+
+	if _, err := os.Stat(socketPath); err == nil {
+		logrus.Infof("Removing stale socket file %s", socketPath)
+		_ = os.Remove(socketPath)
+	}
+
+	var lc net.ListenConfig
+	listener, err := lc.Listen(ctx, "unix", socketPath)
+	if err != nil {
+		return nil, err
+	}
+
+	return &closerListener{
+		listener: listener,
+		lockFile: lockFile,
+	}, nil
+}
+
+func getLockFileName(socketPath string) string {
+	return strings.TrimSuffix(socketPath, filepath.Ext(socketPath)) + ".lock"
+}

internal/server/listener_windows.go

@@ -0,0 +1,35 @@
+//go:build windows
+// +build windows
+
+package server
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/url"
+
+	"github.com/Microsoft/go-winio"
+	"github.com/cnrancher/kube-explorer/internal/config"
+)
+
+func ensureListener(_ context.Context) (net.Listener, string, error) {
+	if config.BindAddress == "" {
+		return nil, "", nil
+	}
+	u, err := url.Parse(config.BindAddress)
+	if err != nil {
+		return nil, "", err
+	}
+	switch u.Scheme {
+	case "":
+		return nil, config.BindAddress, nil
+	case "tcp":
+		return nil, u.Host, nil
+	case "namedpipe":
+		listener, err := winio.ListenPipe(u.Path, nil)
+		return listener, u.Path, err
+	default:
+		return nil, "", fmt.Errorf("Unsupported scheme %s, only tcp and namedpipe are supported in windows", u.Scheme)
+	}
+}

main.go

@@ -3,10 +3,10 @@ package main
 import (
 	"os"
 
+	"github.com/cnrancher/kube-explorer/internal/version"
 	"github.com/rancher/steve/pkg/debug"
 	stevecli "github.com/rancher/steve/pkg/server/cli"
-	"github.com/rancher/steve/pkg/version"
-	"github.com/rancher/wrangler/v2/pkg/signals"
+	"github.com/rancher/wrangler/v3/pkg/signals"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 
@@ -34,11 +34,11 @@ func main() {
 func run(_ *cli.Context) error {
 	ctx := signals.SetupSignalContext()
 	keconfig.Debug.MustSetupDebug()
-	s, err := server.ToServer(ctx, &keconfig.Steve)
+	s, err := server.ToServer(ctx, &keconfig.Steve, false)
 	if err != nil {
 		return err
 	}
-	return s.ListenAndServe(ctx, keconfig.Steve.HTTPSListenPort, keconfig.Steve.HTTPListenPort, nil)
+	return server.Serve(ctx, s)
 }
 
 func joinFlags(flags ...[]cli.Flag) []cli.Flag {

scripts/dev

@@ -1,8 +1,10 @@
 #!/bin/bash
 set -e
 
-cd $(dirname $0)
-./download
+cd "$(dirname $0)/.."
+./scripts/download
+
+source $(dirname $0)/version
 
 [ "$(uname)" != "Darwin" ] && LINKFLAGS="-extldflags -static -s"
 

scripts/download

@@ -14,7 +14,7 @@ rm -rf internal/ui/ui/*
 
 mkdir -p internal/ui/ui/dashboard 
 cd internal/ui/ui/dashboard || exit 1;
-curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.8-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | $TAR_CMD xvzf - --strip-components=2
+curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.9-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | $TAR_CMD xvzf - --strip-components=2
 cp index.html ../index.html
 
 mkdir ../api-ui