feat(ui): bump ui version to v2.9.2

And validate should failed if git tree is dirty

.github/workflows/push.yaml

@@ -3,6 +3,7 @@ name: Push to Master
 on:
   push:
     branches:
+      - release/v*
       - main
     tags:
       - 'v*.*.*'  # Matches any tag that starts with 'v' and follows semantic versioning
@@ -21,7 +22,7 @@ jobs:
           registry: registry.cn-shenzhen.aliyuncs.com
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_TOKEN }}
-        if: ${{ env.ALIYUN == 'true' }}
+        if: ${{ vars.ALIYUN == 'true' }}
       - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
@@ -50,6 +51,7 @@ jobs:
           IMAGE_OVERRIDE: ${{ vars.IMAGE || 'kube-explorer' }}
         run: |
           tag_name=latest;
+          if [[ ${GITHUB_REF} == refs/heads/release/* ]]; then tag_name=${GITHUB_REF#refs/heads/release/}-head; fi;
           if [[ ${GITHUB_REF} == refs/tags/* ]]; then tag_name=${GITHUB_REF#refs/tags/}; fi; 
           echo "image_name=${REPO_OVERRIDE}/${IMAGE_OVERRIDE}:${tag_name}" >> $GITHUB_OUTPUT;
       -
@@ -71,11 +73,11 @@ jobs:
           tags: registry.cn-shenzhen.aliyuncs.com/${{ steps.image-name.outputs.image_name }}
           context: package
           push: true
-        if: ${{ env.ALIYUN == 'true' }}
+        if: ${{ vars.ALIYUN == 'true' }}
       - name: Release
         uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         with:
-          files: dist/*
+          files: dist/kube-explorer-*
           body_path: dist/release-note
           draft: true

Dockerfile.dapper

@@ -1,6 +1,6 @@
 FROM aevea/release-notary:0.9.2 as tools
 
-FROM registry.suse.com/bci/golang:1.22
+FROM registry.suse.com/bci/golang:1.23
 ARG PROXY
 ARG GOPROXY
 ARG DAPPER_HOST_ARCH
@@ -16,12 +16,13 @@ RUN curl -sL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${
     mv /tmp/upx /usr/bin/
 
 RUN if [ "${ARCH}" == "amd64" ]; then \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.54.2; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.61.0; \
     fi
 COPY --from=tools /app/release-notary /usr/local/bin/
-ENV CATTLE_DASHBOARD_UI_VERSION="v2.8.0-kube-explorer-ui-rc3"
-    
-ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GOPROXY SKIP_COMPRESS GITHUB_REPOSITORY GITHUB_TOKEN
+ENV CATTLE_DASHBOARD_UI_VERSION="v2.9.2-kube-explorer-ui-rc1"
+ENV CATTLE_API_UI_VERSION="1.1.11"
+
+ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GOPROXY SKIP_COMPRESS GITHUB_REPOSITORY GITHUB_TOKEN GITHUB_REF
 ENV DAPPER_SOURCE /go/src/github.com/cnrancher/kube-explorer
 ENV DAPPER_OUTPUT ./bin ./dist
 ENV DAPPER_DOCKER_SOCKET true

deploy/kubectl/path-prefix/Readme.md

@@ -0,0 +1,34 @@
+# Deploy kube-explorer behind proxy with path prefix
+
+> Supported since v0.5.0
+
+The kube-explorer dashboard can be exposed behind a proxy and path prefix like `http://your-domain.com/kube-explorer`.
+
+The deployment examples in this folder are:
+
+- `nginx ingress`
+- `traefik ingress`
+
+## Serve with ingress
+
+When serving with nginx/traefik ingress controller, the template ingress file needs to be modified. In the `*.tpl` file, you can spot the missing hostname like:
+
+```yaml
+spec:
+  rules:
+    - host: "${MY_IP}.sslip.io" # Replace with your actual domain
+```
+
+Replace your ip to `${MY_UP}`, this will use the [sslip.io](https://sslip.io/) dns service to resolve the hostname to the ingress ip address.
+
+For the traefik ingress, it is using `v2` version of the traefik ingress schema which use middlewares to modify the proxy request. Both `stripPrefix` and `headers` are used.  
+For the nginx ingress, the annotations `nginx.ingress.kubernetes.io/x-forwarded-prefix` and `nginx.ingress.kubernetes.io/rewrite-target` are used to strip prefix and to add proxy request header.
+
+## Serve with self-hosted proxy
+
+If serving the kube-explorer with self-hosted proxy, following modifications are required when proxying:
+
+- Rewrite the proxy request to strip the path prefix like `rewrite "(?i)/kube-explorer(/|$)(.*)" /$2 break;` in nginx configuration.
+- Add header `X-API-URL-Prefix` or `X-Forwarded-Prefix` with the path prefix when proxying request like `proxy_set_header X-Forwarded-Prefix "/kube-explorer";` in nginx configuration.
+
+Then kube-explorer will response the index.html with modified content with path prefix to the browser.

deploy/kubectl/path-prefix/nginx-ingress.yaml.tpl

@@ -0,0 +1,24 @@
+# Note: please replace the host first
+# To use sslip.io: https://sslip.io/
+# To get your public IP: curl ipinfo.io/ip
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/x-forwarded-prefix: "/kube-explorer"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+  name: kube-explorer-ingress
+  namespace: kube-system
+spec:
+  rules:
+    - host: "${MY_IP}.sslip.io" # Replace with your actual domain
+      http:
+        paths:
+          - backend:
+              service:
+                name: kube-explorer
+                port:
+                  name: http
+            path: /kube-explorer(/|$)(.*)
+            pathType: ImplementationSpecific
+

deploy/kubectl/path-prefix/traefik-ingress.yaml.tpl

@@ -0,0 +1,42 @@
+# Note: please replace the host first
+# To use sslip.io: https://sslip.io/
+# To get your public IP: curl ipinfo.io/ip
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer-ingress
+  namespace: kube-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-prefix@kubernetescrd,kube-system-add-header@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"  # Replace with your actual domain
+    http:
+      paths:
+      - path: /kube-explorer
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              name: http
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: prefix
+  namespace: kube-system
+spec:
+  stripPrefix:
+    prefixes:
+      - /kube-explorer
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: add-header
+  namespace: kube-system
+spec:
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Prefix: "/kube-explorer" # Adds

go.mod

@@ -7,7 +7,7 @@ replace k8s.io/client-go => k8s.io/client-go v0.30.1
 require (
 	github.com/gorilla/mux v1.8.1
 	github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146
-	github.com/rancher/steve v0.0.0-20240709130809-47871606146c
+	github.com/rancher/steve v0.0.0-20240911190153-79304d93b49b
 	github.com/rancher/wrangler/v3 v3.0.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/urfave/cli v1.22.15

go.sum

@@ -1029,8 +1029,8 @@ github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 h1:AlRMRs5mHJcdiK83
 github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9/go.mod h1:dyjfXBsNiroPWOdUZe7diUOUSLf6HQ/r2kEpwH/8zas=
 github.com/rancher/remotedialer v0.3.2 h1:kstZbRwPS5gPWpGg8VjEHT2poHtArs+Fc317YM8JCzU=
 github.com/rancher/remotedialer v0.3.2/go.mod h1:Ys004RpJuTLSm+k4aYUCoFiOOad37ubYev3TkOFg/5w=
-github.com/rancher/steve v0.0.0-20240709130809-47871606146c h1:PIaN0/KUyGcqEcT6GyjUidld2lgGkGxS4dmC3Je3dFs=
-github.com/rancher/steve v0.0.0-20240709130809-47871606146c/go.mod h1:Za4nSt0V6kIHRfUo6jTXKkv6ABMMCHINA8EzhzygCfk=
+github.com/rancher/steve v0.0.0-20240911190153-79304d93b49b h1:2DhkNKDgKPI2PcJRGacpJ9dX9SWgKuhwbz5GlpHS1No=
+github.com/rancher/steve v0.0.0-20240911190153-79304d93b49b/go.mod h1:cXF0TFURkjN98p/0nt7Y8F1IEtT1nZTSYrQu6HQqL14=
 github.com/rancher/wrangler/v3 v3.0.0 h1:IHHCA+vrghJDPxjtLk4fmeSCFhNe9fFzLFj3m2B0YpA=
 github.com/rancher/wrangler/v3 v3.0.0/go.mod h1:Dfckuuq7MJk2JWVBDywRlZXMxEyPxHy4XqGrPEzu5Eg=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=

internal/config/flags.go

@@ -6,7 +6,7 @@ import (
 
 var InsecureSkipTLSVerify bool
 var SystemDefaultRegistry string
-
+var APIUIVersion = "1.1.11"
 var ShellPodImage string
 
 func Flags() []cli.Flag {
@@ -24,5 +24,11 @@ func Flags() []cli.Flag {
 			Destination: &ShellPodImage,
 			Value:       "rancher/shell:v0.2.1-rc.7",
 		},
+		cli.StringFlag{
+			Name:        "apiui-version",
+			Hidden:      true,
+			Destination: &APIUIVersion,
+			Value:       APIUIVersion,
+		},
 	}
 }

internal/config/steve.go

@@ -0,0 +1,11 @@
+package config
+
+import (
+	"github.com/rancher/steve/pkg/debug"
+	stevecli "github.com/rancher/steve/pkg/server/cli"
+)
+
+var (
+	Steve stevecli.Config
+	Debug debug.Config
+)

internal/server/config.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/rancher/apiserver/pkg/types"
+	"github.com/rancher/apiserver/pkg/urlbuilder"
 	steveauth "github.com/rancher/steve/pkg/auth"
 	"github.com/rancher/steve/pkg/schema"
 	"github.com/rancher/steve/pkg/server"
@@ -17,6 +18,7 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/config"
 	"github.com/cnrancher/kube-explorer/internal/resources/cluster"
 	"github.com/cnrancher/kube-explorer/internal/ui"
+	"github.com/cnrancher/kube-explorer/internal/version"
 )
 
 func ToServer(ctx context.Context, c *cli.Config, sqlCache bool) (*server.Server, error) {
@@ -48,20 +50,31 @@ func ToServer(ctx context.Context, c *cli.Config, sqlCache bool) (*server.Server
 		return nil, err
 	}
 
+	ui, apiui := ui.New(&ui.Options{
+		ReleaseSetting: version.IsRelease,
+		Path:           func() string { return c.UIPath },
+	})
+
 	steveServer, err := server.New(ctx, restConfig, &server.Options{
 		AuthMiddleware: auth,
 		Controllers:    controllers,
-		Next:           ui.New(c.UIPath),
+		Next:           ui,
 		SQLCache:       sqlCache,
 		// router needs to hack here
 		Router: func(h router.Handlers) http.Handler {
-			return rewriteLocalCluster(router.Routes(h))
+			return handleProxyHeader(
+				rewriteLocalCluster(
+					router.Routes(h),
+				),
+			)
 		},
 	})
 	if err != nil {
 		return nil, err
 	}
 
+	steveServer.APIServer.CustomAPIUIResponseWriter(apiui.CSS(), apiui.JS(), func() string { return config.APIUIVersion })
+
 	// registrer local cluster
 	if err := cluster.Register(ctx, steveServer, c.Context); err != nil {
 		return steveServer, err
@@ -91,3 +104,12 @@ func rewriteLocalCluster(next http.Handler) http.Handler {
 		next.ServeHTTP(rw, req)
 	})
 }
+
+func handleProxyHeader(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if value := req.Header.Get("X-Forwarded-Prefix"); value != "" {
+			req.Header.Set(urlbuilder.PrefixHeader, value)
+		}
+		next.ServeHTTP(rw, req)
+	})
+}

internal/ui/apiui.go

@@ -0,0 +1,55 @@
+package ui
+
+import "github.com/rancher/apiserver/pkg/writer"
+
+type APIUI struct {
+	offline StringSetting
+	release BoolSetting
+	embed   bool
+}
+
+func apiUI(opt *Options) APIUI {
+	var rtn = APIUI{
+		offline: opt.Offline,
+		release: opt.ReleaseSetting,
+		embed:   true,
+	}
+	if rtn.offline == nil {
+		rtn.offline = StaticSetting("dynamic")
+	}
+	if rtn.release == nil {
+		rtn.release = StaticSetting(false)
+	}
+	for _, file := range []string{
+		"ui/api-ui/ui.min.css",
+		"ui/api-ui/ui.min.js",
+	} {
+		if _, err := staticContent.Open(file); err != nil {
+			rtn.embed = false
+			break
+		}
+	}
+	return rtn
+}
+
+func (a APIUI) content(name string) writer.StringGetter {
+	return func() (rtn string) {
+		switch a.offline() {
+		case "dynamic":
+			if !a.release() && !a.embed {
+				return ""
+			}
+		case "false":
+			return ""
+		}
+		return name
+	}
+}
+
+func (a APIUI) CSS() writer.StringGetter {
+	return a.content("/api-ui/ui.min.css")
+}
+
+func (a APIUI) JS() writer.StringGetter {
+	return a.content("/api-ui/ui.min.js")
+}

internal/ui/content/content.go

@@ -0,0 +1,24 @@
+package content
+
+import (
+	"io/fs"
+	"net/http"
+)
+
+type fsFunc func(name string) (fs.File, error)
+
+func (f fsFunc) Open(name string) (fs.File, error) {
+	return f(name)
+}
+
+type fsContent interface {
+	ToFileServer(basePaths ...string) http.Handler
+	Open(name string) (fs.File, error)
+}
+
+type Handler interface {
+	ServeAssets(middleware func(http.Handler) http.Handler, hext http.Handler) http.Handler
+	ServeFaviconDashboard() http.Handler
+	GetIndex() ([]byte, error)
+	Refresh()
+}

internal/ui/content/external.go

@@ -0,0 +1,97 @@
+package content
+
+import (
+	"bytes"
+	"crypto/tls"
+	"errors"
+	"io"
+	"net/http"
+	"sync"
+)
+
+const (
+	defaultIndex = "https://releases.rancher.com/dashboard/latest/index.html"
+)
+
+func NewExternal(getIndex func() string) Handler {
+	return &externalIndexHandler{
+		getIndexFunc: getIndex,
+	}
+}
+
+var (
+	insecureClient = &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		},
+	}
+	_ Handler = &externalIndexHandler{}
+)
+
+type externalIndexHandler struct {
+	sync.RWMutex
+	getIndexFunc    func() string
+	current         string
+	downloadSuccess *bool
+}
+
+func (u *externalIndexHandler) ServeAssets(_ func(http.Handler) http.Handler, next http.Handler) http.Handler {
+	return next
+}
+
+func (u *externalIndexHandler) ServeFaviconDashboard() http.Handler {
+	return http.NotFoundHandler()
+}
+
+func (u *externalIndexHandler) GetIndex() ([]byte, error) {
+	if u.canDownload() {
+		var buffer bytes.Buffer
+		if err := serveIndex(&buffer, u.current); err != nil {
+			return nil, err
+		}
+		return buffer.Bytes(), nil
+	}
+	return nil, errors.New("external index is not available")
+}
+
+func serveIndex(resp io.Writer, url string) error {
+	r, err := insecureClient.Get(url)
+	if err != nil {
+		return err
+	}
+	defer r.Body.Close()
+
+	_, err = io.Copy(resp, r.Body)
+	return err
+}
+
+func (u *externalIndexHandler) canDownload() bool {
+	u.RLock()
+	rtn := u.downloadSuccess
+	u.RUnlock()
+	if rtn != nil {
+		return *rtn
+	}
+
+	return u.refresh()
+}
+
+func (u *externalIndexHandler) refresh() bool {
+	u.Lock()
+	defer u.RUnlock()
+
+	u.current = u.getIndexFunc()
+	if u.current == "" {
+		u.current = defaultIndex
+	}
+	t := serveIndex(io.Discard, u.current) == nil
+	u.downloadSuccess = &t
+	return t
+}
+
+func (u *externalIndexHandler) Refresh() {
+	_ = u.refresh()
+}

internal/ui/content/fs.go

@@ -0,0 +1,71 @@
+package content
+
+import (
+	"io"
+	"net/http"
+	"path/filepath"
+	"sync"
+)
+
+var _ Handler = &handler{}
+
+func newFS(content fsContent) Handler {
+	return &handler{
+		content: content,
+		cacheFS: &sync.Map{},
+	}
+}
+
+type handler struct {
+	content fsContent
+	cacheFS *sync.Map
+}
+
+func (h *handler) pathExist(path string) bool {
+	_, err := h.content.Open(path)
+	return err == nil
+}
+
+func (h *handler) serveContent(basePaths ...string) http.Handler {
+	key := filepath.Join(basePaths...)
+	if rtn, ok := h.cacheFS.Load(key); ok {
+		return rtn.(http.Handler)
+	}
+
+	rtn := h.content.ToFileServer(basePaths...)
+	h.cacheFS.Store(key, rtn)
+	return rtn
+}
+
+func (h *handler) Refresh() {
+	h.cacheFS.Range(func(key, _ any) bool {
+		h.cacheFS.Delete(key)
+		return true
+	})
+}
+
+func (h *handler) ServeAssets(middleware func(http.Handler) http.Handler, next http.Handler) http.Handler {
+	assets := middleware(h.serveContent())
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if h.pathExist(r.URL.Path) {
+			assets.ServeHTTP(w, r)
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}
+
+func (h *handler) ServeFaviconDashboard() http.Handler {
+	return h.serveContent("dashboard")
+
+}
+
+func (h *handler) GetIndex() ([]byte, error) {
+	path := filepath.Join("dashboard", "index.html")
+	f, err := h.content.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	return io.ReadAll(f)
+}

internal/ui/content/fs_embed.go

@@ -0,0 +1,43 @@
+package content
+
+import (
+	"embed"
+	"io/fs"
+	"net/http"
+	"path/filepath"
+)
+
+func NewEmbedded(staticContent embed.FS, prefix string) Handler {
+	return newFS(&embedFS{
+		pathPrefix:    prefix,
+		staticContent: staticContent,
+	})
+}
+
+var _ fsContent = &embedFS{}
+
+type embedFS struct {
+	pathPrefix    string
+	staticContent embed.FS
+}
+
+// Open implements fsContent.
+func (e *embedFS) Open(name string) (fs.File, error) {
+	return e.staticContent.Open(joinEmbedFilepath(e.pathPrefix, name))
+}
+
+// ToFileServer implements fsContent.
+func (e *embedFS) ToFileServer(basePaths ...string) http.Handler {
+	handler := fsFunc(func(name string) (fs.File, error) {
+		assetPath := joinEmbedFilepath(joinEmbedFilepath(basePaths...), name)
+		return e.Open(assetPath)
+	})
+
+	return http.FileServer(http.FS(handler))
+}
+
+func (e *embedFS) Refresh() error { return nil }
+
+func joinEmbedFilepath(paths ...string) string {
+	return filepath.ToSlash(filepath.Join(paths...))
+}

internal/ui/content/fs_filepath.go

@@ -0,0 +1,41 @@
+package content
+
+import (
+	"errors"
+	"io/fs"
+	"net/http"
+	"path/filepath"
+)
+
+func NewFilepath(getPath func() string) Handler {
+	return newFS(&filepathFS{
+		getPath: getPath,
+	})
+}
+
+var _ fsContent = &filepathFS{}
+
+type filepathFS struct {
+	getPath func() string
+}
+
+func (f *filepathFS) ToFileServer(basePaths ...string) http.Handler {
+	root := f.getPath()
+	if root == "" {
+		return http.NotFoundHandler()
+	}
+	path := filepath.Join(append([]string{string(root)}, basePaths...)...)
+	return http.FileServer(http.Dir(path))
+}
+
+func (f *filepathFS) Open(name string) (fs.File, error) {
+	root := f.getPath()
+	if root == "" {
+		return nil, errors.New("filepath fs is not ready")
+	}
+	return http.Dir(root).Open(name)
+}
+
+func (f *filepathFS) Refresh() error {
+	return nil
+}

internal/ui/dev.go

@@ -0,0 +1,7 @@
+//go:build !embed
+
+package ui
+
+import "embed"
+
+var staticContent embed.FS

internal/ui/embed.go

@@ -4,88 +4,9 @@ package ui
 
 import (
 	"embed"
-	"io"
-	"io/fs"
-	"net/http"
-	"path/filepath"
-
-	"github.com/sirupsen/logrus"
 )
 
 // content holds our static web server content.
 //
 //go:embed all:ui/*
 var staticContent embed.FS
-
-type fsFunc func(name string) (fs.File, error)
-
-func (f fsFunc) Open(name string) (fs.File, error) {
-	return f(name)
-}
-
-func pathExist(path string) bool {
-	_, err := staticContent.Open(path)
-	return err == nil
-}
-
-func openFile(path string) (fs.File, error) {
-	file, err := staticContent.Open(path)
-	if err != nil {
-		logrus.Errorf("openEmbedFile %s err: %v", path, err)
-	}
-	return file, err
-}
-
-func serveEmbed(basePaths ...string) http.Handler {
-	handler := fsFunc(func(name string) (fs.File, error) {
-		logrus.Debugf("serveEmbed name: %s", name)
-		assetPath := joinEmbedFilepath(append(basePaths, name)...)
-		logrus.Debugf("serveEmbed final path: %s", assetPath)
-		return openFile(assetPath)
-	})
-
-	return http.FileServer(http.FS(handler))
-}
-
-func serveEmbedIndex(basePath string) http.Handler {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		path := joinEmbedFilepath(basePath, "dashboard", "index.html")
-		logrus.Debugf("serveEmbedIndex : %s", path)
-		f, _ := staticContent.Open(path)
-		io.Copy(rw, f)
-		f.Close()
-	})
-}
-
-func (u *Handler) ServeAsset() http.Handler {
-	return u.middleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		serveEmbed(u.pathSetting()).ServeHTTP(rw, req)
-	}))
-}
-
-func (u *Handler) ServeFaviconDashboard() http.Handler {
-	return u.middleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		serveEmbed(u.pathSetting(), "dashboard").ServeHTTP(rw, req)
-	}))
-}
-
-func (u *Handler) IndexFileOnNotFound() http.Handler {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		path := joinEmbedFilepath(u.pathSetting(), req.URL.Path)
-		if pathExist(path) {
-			u.ServeAsset().ServeHTTP(rw, req)
-		} else {
-			u.IndexFile().ServeHTTP(rw, req)
-		}
-	})
-}
-
-func (u *Handler) IndexFile() http.Handler {
-	return u.indexMiddleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		serveEmbedIndex(u.pathSetting()).ServeHTTP(rw, req)
-	}))
-}
-
-func joinEmbedFilepath(paths ...string) string {
-	return filepath.ToSlash(filepath.Join(paths...))
-}

internal/ui/external.go

@@ -1,42 +0,0 @@
-//go:build !embed
-
-package ui
-
-import (
-	"net/http"
-	"os"
-	"path/filepath"
-)
-
-func (u *Handler) ServeAsset() http.Handler {
-	return u.middleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		http.FileServer(http.Dir(u.pathSetting())).ServeHTTP(rw, req)
-	}))
-}
-
-func (u *Handler) ServeFaviconDashboard() http.Handler {
-	return u.middleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		http.FileServer(http.Dir(filepath.Join(u.pathSetting(), "dashboard"))).ServeHTTP(rw, req)
-	}))
-}
-
-func (u *Handler) IndexFileOnNotFound() http.Handler {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		// we ignore directories here because we want those to come from the CDN when running in that mode
-		if stat, err := os.Stat(filepath.Join(u.pathSetting(), req.URL.Path)); err == nil && !stat.IsDir() {
-			u.ServeAsset().ServeHTTP(rw, req)
-		} else {
-			u.IndexFile().ServeHTTP(rw, req)
-		}
-	})
-}
-
-func (u *Handler) IndexFile() http.Handler {
-	return u.indexMiddleware(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		if path, isURL := u.path(); isURL {
-			_ = serveIndex(rw, path)
-		} else {
-			http.ServeFile(rw, req, filepath.Join(path, "index.html"))
-		}
-	}))
-}

internal/ui/handler.go

@@ -1,43 +1,30 @@
 package ui
 
 import (
-	"crypto/tls"
-	"io"
 	"net/http"
-	"sync"
 
+	"github.com/cnrancher/kube-explorer/internal/ui/content"
 	"github.com/rancher/apiserver/pkg/middleware"
 	"github.com/sirupsen/logrus"
 )
 
-const (
-	defaultPath = "./ui"
-)
-
-var (
-	insecureClient = &http.Client{
-		Transport: &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
-		},
-	}
-)
-
 type StringSetting func() string
 type BoolSetting func() bool
 
+func StaticSetting[T any](input T) func() T {
+	return func() T {
+		return input
+	}
+}
+
 type Handler struct {
+	contentHandlers map[string]content.Handler
 	pathSetting     func() string
 	indexSetting    func() string
 	releaseSetting  func() bool
 	offlineSetting  func() string
 	middleware      func(http.Handler) http.Handler
 	indexMiddleware func(http.Handler) http.Handler
-
-	downloadOnce    sync.Once
-	downloadSuccess bool
 }
 
 type Options struct {
@@ -45,7 +32,7 @@ type Options struct {
 	Path StringSetting
 	// The HTTP URL of the index file to download
 	Index StringSetting
-	// Whether or not to run the UI offline, should return true/false/dynamic
+	// Whether or not to run the UI offline, should return true/false/dynamic/embed
 	Offline StringSetting
 	// Whether or not is it release, if true UI will run offline if set to dynamic
 	ReleaseSetting BoolSetting
@@ -57,10 +44,11 @@ func NewUIHandler(opts *Options) *Handler {
 	}
 
 	h := &Handler{
-		indexSetting:   opts.Index,
-		offlineSetting: opts.Offline,
-		pathSetting:    opts.Path,
-		releaseSetting: opts.ReleaseSetting,
+		contentHandlers: make(map[string]content.Handler),
+		indexSetting:    opts.Index,
+		offlineSetting:  opts.Offline,
+		pathSetting:     opts.Path,
+		releaseSetting:  opts.ReleaseSetting,
 		middleware: middleware.Chain{
 			middleware.Gzip,
 			middleware.FrameOptions,
@@ -75,67 +63,75 @@ func NewUIHandler(opts *Options) *Handler {
 	}
 
 	if h.indexSetting == nil {
-		h.indexSetting = func() string {
-			return "https://releases.rancher.com/dashboard/latest/index.html"
-		}
+		h.indexSetting = StaticSetting("")
 	}
 
 	if h.offlineSetting == nil {
-		h.offlineSetting = func() string {
-			return "dynamic"
-		}
+		h.offlineSetting = StaticSetting("dynamic")
 	}
 
 	if h.pathSetting == nil {
-		h.pathSetting = func() string {
-			return defaultPath
-		}
+		h.pathSetting = StaticSetting("")
 	}
 
 	if h.releaseSetting == nil {
-		h.releaseSetting = func() bool {
-			return false
-		}
+		h.releaseSetting = StaticSetting(false)
 	}
 
+	h.contentHandlers["embed"] = content.NewEmbedded(staticContent, "ui")
+	h.contentHandlers["false"] = content.NewExternal(h.indexSetting)
+	h.contentHandlers["true"] = content.NewFilepath(h.pathSetting)
+
 	return h
 }
 
-func (u *Handler) path() (path string, isURL bool) {
-	switch u.offlineSetting() {
-	case "dynamic":
-		if u.releaseSetting() {
-			return u.pathSetting(), false
+func (h *Handler) content() content.Handler {
+	offline := h.offlineSetting()
+	if handler, ok := h.contentHandlers[offline]; ok {
+		return handler
+	}
+	embedHandler := h.contentHandlers["embed"]
+	filepathHandler := h.contentHandlers["true"]
+	externalHandler := h.contentHandlers["false"]
+	// default to dynamic
+	switch {
+	case h.pathSetting() != "":
+		if _, err := filepathHandler.GetIndex(); err == nil {
+			return filepathHandler
 		}
-		if u.canDownload(u.indexSetting()) {
-			return u.indexSetting(), true
-		}
-		return u.pathSetting(), false
-	case "true":
-		return u.pathSetting(), false
+		fallthrough
+	case h.releaseSetting():
+		// release must use embed first
+		return embedHandler
 	default:
-		return u.indexSetting(), true
-	}
-}
-
-func (u *Handler) canDownload(url string) bool {
-	u.downloadOnce.Do(func() {
-		if err := serveIndex(io.Discard, url); err == nil {
-			u.downloadSuccess = true
-		} else {
-			logrus.Errorf("Failed to download %s, falling back to packaged UI", url)
+		// try embed
+		if _, err := embedHandler.GetIndex(); err == nil {
+			return embedHandler
 		}
-	})
-	return u.downloadSuccess
-}
-
-func serveIndex(resp io.Writer, url string) error {
-	r, err := insecureClient.Get(url)
-	if err != nil {
-		return err
+		return externalHandler
 	}
-	defer r.Body.Close()
-
-	_, err = io.Copy(resp, r.Body)
-	return err
+}
+
+func (h *Handler) ServeAssets(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.content().ServeAssets(h.middleware, next).ServeHTTP(w, r)
+	})
+}
+
+func (h *Handler) ServeFaviconDashboard() http.Handler {
+	return h.middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.content().ServeFaviconDashboard().ServeHTTP(w, r)
+	}))
+}
+
+func (h *Handler) IndexFile() http.Handler {
+	return h.indexMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rtn, err := h.content().GetIndex()
+		if err != nil {
+			logrus.Warnf("failed to serve index with error %v", err)
+			http.NotFoundHandler().ServeHTTP(w, r)
+			return
+		}
+		_, _ = w.Write(rtn)
+	}))
 }

internal/ui/proxy.go

@@ -0,0 +1,116 @@
+package ui
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strconv"
+
+	"github.com/rancher/apiserver/pkg/urlbuilder"
+	"k8s.io/apimachinery/pkg/util/proxy"
+)
+
+type RoundTripFunc func(*http.Request) (*http.Response, error)
+
+func (r RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return r(req)
+}
+
+func proxyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		scheme := urlbuilder.GetScheme(r)
+		host := urlbuilder.GetHost(r, scheme)
+		pathPrepend := r.Header.Get(urlbuilder.PrefixHeader)
+
+		if scheme == r.URL.Scheme && host == r.URL.Host && pathPrepend == "" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		proxyRoundtrip := proxy.Transport{
+			Scheme:      scheme,
+			Host:        host,
+			PathPrepend: pathPrepend,
+			RoundTripper: RoundTripFunc(func(r *http.Request) (*http.Response, error) {
+				rw := &dummyResponseWriter{
+					next:   w,
+					header: make(http.Header),
+				}
+				next.ServeHTTP(rw, r)
+				return rw.getResponse(r), nil
+			}),
+		}
+		//proxyRoundtripper will write the response in RoundTrip func
+		resp, _ := proxyRoundtrip.RoundTrip(r)
+		responseToWriter(resp, w)
+	})
+
+}
+
+var _ http.ResponseWriter = &dummyResponseWriter{}
+var _ http.Hijacker = &dummyResponseWriter{}
+
+type dummyResponseWriter struct {
+	next http.ResponseWriter
+
+	header     http.Header
+	body       bytes.Buffer
+	statusCode int
+}
+
+// Hijack implements http.Hijacker.
+func (drw *dummyResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	if h, ok := drw.next.(http.Hijacker); ok {
+		return h.Hijack()
+	}
+	return nil, nil, fmt.Errorf("")
+}
+
+// Header implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) Header() http.Header {
+	return drw.header
+}
+
+// Write implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) Write(b []byte) (int, error) {
+	return drw.body.Write(b)
+}
+
+// WriteHeader implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) WriteHeader(statusCode int) {
+	drw.statusCode = statusCode
+}
+
+// GetStatusCode returns the status code written to the response.
+func (drw *dummyResponseWriter) GetStatusCode() int {
+	if drw.statusCode == 0 {
+		return 200
+	}
+	return drw.statusCode
+}
+
+func (drw *dummyResponseWriter) getResponse(req *http.Request) *http.Response {
+	return &http.Response{
+		Status:     strconv.Itoa(drw.GetStatusCode()),
+		StatusCode: drw.GetStatusCode(),
+		Proto:      "HTTP/1.1",
+		ProtoMajor: 1,
+		ProtoMinor: 1,
+		Request:    req,
+		Header:     drw.header,
+		Body:       io.NopCloser(&drw.body),
+	}
+}
+
+func responseToWriter(resp *http.Response, writer http.ResponseWriter) {
+	for k, v := range resp.Header {
+		writer.Header()[k] = v
+	}
+	if resp.StatusCode != http.StatusOK {
+		writer.WriteHeader(resp.StatusCode)
+	}
+	_, _ = io.Copy(writer, resp.Body)
+}

internal/ui/routers.go

@@ -4,29 +4,11 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/cnrancher/kube-explorer/internal/version"
 	"github.com/gorilla/mux"
 )
 
-func New(path string) http.Handler {
-	vue := NewUIHandler(&Options{
-		Path: func() string {
-			if path == "" {
-				return defaultPath
-			}
-			return path
-		},
-		Offline: func() string {
-			if path != "" {
-				return "true"
-			}
-			return "dynamic"
-		},
-		ReleaseSetting: func() bool {
-			return version.IsRelease()
-		},
-	})
-
+func New(opt *Options) (http.Handler, APIUI) {
+	vue := NewUIHandler(opt)
 	router := mux.NewRouter()
 	router.UseEncodedPath()
 
@@ -35,7 +17,8 @@ func New(path string) http.Handler {
 	router.Handle("/dashboard/", vue.IndexFile())
 	router.Handle("/favicon.png", vue.ServeFaviconDashboard())
 	router.Handle("/favicon.ico", vue.ServeFaviconDashboard())
-	router.PathPrefix("/dashboard/").Handler(vue.IndexFileOnNotFound())
+	router.PathPrefix("/dashboard/").Handler(vue.ServeAssets(vue.IndexFile()))
+	router.PathPrefix("/api-ui/").Handler(vue.ServeAssets(http.NotFoundHandler()))
 	router.PathPrefix("/k8s/clusters/local").HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		url := strings.TrimPrefix(req.URL.Path, "/k8s/clusters/local")
 		if url == "" {
@@ -44,5 +27,5 @@ func New(path string) http.Handler {
 		http.Redirect(rw, req, url, http.StatusFound)
 	})
 
-	return router
+	return proxyMiddleware(router), apiUI(opt)
 }

main.go

@@ -3,9 +3,9 @@ package main
 import (
 	"os"
 
+	"github.com/cnrancher/kube-explorer/internal/version"
 	"github.com/rancher/steve/pkg/debug"
 	stevecli "github.com/rancher/steve/pkg/server/cli"
-	"github.com/rancher/steve/pkg/version"
 	"github.com/rancher/wrangler/v3/pkg/signals"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -14,19 +14,14 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/server"
 )
 
-var (
-	config      stevecli.Config
-	debugconfig debug.Config
-)
-
 func main() {
 	app := cli.NewApp()
 	app.Name = "kube-explorer"
 	app.Version = version.FriendlyVersion()
 	app.Usage = ""
 	app.Flags = joinFlags(
-		stevecli.Flags(&config),
-		debug.Flags(&debugconfig),
+		stevecli.Flags(&keconfig.Steve),
+		debug.Flags(&keconfig.Debug),
 		keconfig.Flags(),
 	)
 	app.Action = run
@@ -38,12 +33,12 @@ func main() {
 
 func run(_ *cli.Context) error {
 	ctx := signals.SetupSignalContext()
-	debugconfig.MustSetupDebug()
-	s, err := server.ToServer(ctx, &config, false)
+	keconfig.Debug.MustSetupDebug()
+	s, err := server.ToServer(ctx, &keconfig.Steve, false)
 	if err != nil {
 		return err
 	}
-	return s.ListenAndServe(ctx, config.HTTPSListenPort, config.HTTPListenPort, nil)
+	return s.ListenAndServe(ctx, keconfig.Steve.HTTPSListenPort, keconfig.Steve.HTTPListenPort, nil)
 }
 
 func joinFlags(flags ...[]cli.Flag) []cli.Flag {

package/Dockerfile

@@ -1,7 +1,8 @@
-FROM registry.suse.com/bci/bci-minimal:15.6
+FROM registry.suse.com/bci/bci-base:15.6
 ARG TARGETARCH
 ARG TARGETOS
 ENV ARCH=${TARGETARCH:-"amd64"} OS=${TARGETOS:-"linux"}
-COPY entrypoint.sh /usr/bin/
+RUN zypper install -y catatonit
 COPY kube-explorer-${OS}-${ARCH} /usr/bin/kube-explorer
-ENTRYPOINT ["entrypoint.sh"]
+ENTRYPOINT [ "/usr/bin/catatonit", "--" ]
+CMD [ "kube-explorer" ]

package/entrypoint.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-kube-explorer "${@}"

scripts/build

@@ -11,7 +11,8 @@ OS_ARCH_ARG_DARWIN="amd64 arm64"
 OS_ARCH_ARG_WINDOWS="amd64"
 
 LD_INJECT_VALUES="-X github.com/cnrancher/kube-explorer/internal/version.Version=$VERSION
-                  -X github.com/cnrancher/kube-explorer/internal/version.GitCommit=$COMMIT"
+                  -X github.com/cnrancher/kube-explorer/internal/version.GitCommit=$COMMIT
+                  -X github.com/cnrancher/kube-explorer/internal/config.APIUIVersion=$CATTLE_API_UI_VERSION"
 
 [ "$(uname)" != "Darwin" ] && LINKFLAGS="-extldflags -static -s"
 

scripts/download

@@ -10,9 +10,13 @@ else
     TAR_CMD="tar"
 fi
 
+rm -rf internal/ui/ui/*
+
 mkdir -p internal/ui/ui/dashboard 
 cd internal/ui/ui/dashboard || exit 1;
-curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.8-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | $TAR_CMD xvzf - --strip-components=2
+curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.9-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | $TAR_CMD xvzf - --strip-components=2
 cp index.html ../index.html
 
-
+mkdir ../api-ui
+cd ../api-ui || exit 1;
+curl -sL https://releases.rancher.com/api-ui/${CATTLE_API_UI_VERSION}.tar.gz | $TAR_CMD xvzf - --strip-components=1

scripts/validate

@@ -18,3 +18,14 @@ go mod tidy
 
 echo Verifying modules
 go mod verify
+
+dirty_files="$(git status --porcelain --untracked-files=no)"
+if [ -n "$dirty_files" ]; then
+  echo "Encountered dirty repo! Aborting."
+  echo "If you're seeing this, it means there are uncommitted changes in the repo."
+  echo "If you're seeing this in CI, it probably means that your Go modules aren't tidy, or more generally that running"
+  echo "validation would result in changes to the repo. Make sure you're up to date with the upstream branch and run"
+  echo "'go mod tidy' and commit the changes, if any. The offending changed files are as follows:"
+  echo "$dirty_files"
+  exit 1
+fi

scripts/version

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+if [[ ${GITHUB_REF} == refs/tags/* ]]; then
+    DRONE_TAG=${DRONE_TAG:-${GITHUB_REF#refs/tags/}}
+fi
+
 if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
     DIRTY="-dirty"
 fi