feat: Switch to steve v2.8 version

And validate should failed if git tree is dirty

deploy/kubectl/path-prefix/Readme.md

@@ -0,0 +1,34 @@
+# Deploy kube-explorer behind proxy with path prefix
+
+> Supported since v0.5.0
+
+The kube-explorer dashboard can be exposed behind a proxy and path prefix like `http://your-domain.com/kube-explorer`.
+
+The deployment examples in this folder are:
+
+- `nginx ingress`
+- `traefik ingress`
+
+## Serve with ingress
+
+When serving with nginx/traefik ingress controller, the template ingress file needs to be modified. In the `*.tpl` file, you can spot the missing hostname like:
+
+```yaml
+spec:
+  rules:
+    - host: "${MY_IP}.sslip.io" # Replace with your actual domain
+```
+
+Replace your ip to `${MY_UP}`, this will use the [sslip.io](https://sslip.io/) dns service to resolve the hostname to the ingress ip address.
+
+For the traefik ingress, it is using `v2` version of the traefik ingress schema which use middlewares to modify the proxy request. Both `stripPrefix` and `headers` are used.  
+For the nginx ingress, the annotations `nginx.ingress.kubernetes.io/x-forwarded-prefix` and `nginx.ingress.kubernetes.io/rewrite-target` are used to strip prefix and to add proxy request header.
+
+## Serve with self-hosted proxy
+
+If serving the kube-explorer with self-hosted proxy, following modifications are required when proxying:
+
+- Rewrite the proxy request to strip the path prefix like `rewrite "(?i)/kube-explorer(/|$)(.*)" /$2 break;` in nginx configuration.
+- Add header `X-API-URL-Prefix` or `X-Forwarded-Prefix` with the path prefix when proxying request like `proxy_set_header X-Forwarded-Prefix "/kube-explorer";` in nginx configuration.
+
+Then kube-explorer will response the index.html with modified content with path prefix to the browser.

deploy/kubectl/path-prefix/nginx-ingress.yaml.tpl

@@ -0,0 +1,24 @@
+# Note: please replace the host first
+# To use sslip.io: https://sslip.io/
+# To get your public IP: curl ipinfo.io/ip
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/x-forwarded-prefix: "/kube-explorer"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+  name: kube-explorer-ingress
+  namespace: kube-system
+spec:
+  rules:
+    - host: "${MY_IP}.sslip.io" # Replace with your actual domain
+      http:
+        paths:
+          - backend:
+              service:
+                name: kube-explorer
+                port:
+                  name: http
+            path: /kube-explorer(/|$)(.*)
+            pathType: ImplementationSpecific
+

deploy/kubectl/path-prefix/traefik-ingress.yaml.tpl

@@ -0,0 +1,42 @@
+# Note: please replace the host first
+# To use sslip.io: https://sslip.io/
+# To get your public IP: curl ipinfo.io/ip
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer-ingress
+  namespace: kube-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-prefix@kubernetescrd,kube-system-add-header@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"  # Replace with your actual domain
+    http:
+      paths:
+      - path: /kube-explorer
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              name: http
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: prefix
+  namespace: kube-system
+spec:
+  stripPrefix:
+    prefixes:
+      - /kube-explorer
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: add-header
+  namespace: kube-system
+spec:
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Prefix: "/kube-explorer" # Adds

go.mod

@@ -2,13 +2,21 @@ module github.com/cnrancher/kube-explorer
 
 go 1.22.0
 
-replace k8s.io/client-go => k8s.io/client-go v0.30.1
+replace (
+	github.com/rancher/steve => github.com/rancher/steve v0.0.0-20240529152548-9fb3e50aa806
+	k8s.io/api => k8s.io/api v0.28.6
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.6
+	k8s.io/apimachinery => k8s.io/apimachinery v0.28.6
+	k8s.io/apiserver => k8s.io/apiserver v0.28.6
+	k8s.io/client-go => github.com/rancher/client-go v1.28.6-rancher1
+
+)
 
 require (
 	github.com/gorilla/mux v1.8.1
-	github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146
-	github.com/rancher/steve v0.0.0-20240709130809-47871606146c
-	github.com/rancher/wrangler/v3 v3.0.0
+	github.com/rancher/apiserver v0.0.0-20240207153744-69b3c2b56f3f
+	github.com/rancher/steve v0.0.0-20240529152548-9fb3e50aa806
+	github.com/rancher/wrangler/v2 v2.1.4
 	github.com/sirupsen/logrus v1.9.3
 	github.com/urfave/cli v1.22.15
 	golang.org/x/text v0.14.0
@@ -26,7 +34,6 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
@@ -41,33 +48,30 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
-	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/rancher/dynamiclistener v0.6.0-rc2 // indirect
+	github.com/rancher/dynamiclistener v0.4.0-rc2 // indirect
 	github.com/rancher/kubernetes-provider-detector v0.1.5 // indirect
 	github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1 // indirect
 	github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 // indirect
 	github.com/rancher/remotedialer v0.3.2 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/urfave/cli/v2 v2.27.1 // indirect
@@ -102,13 +106,6 @@ require (
 	k8s.io/kube-aggregator v0.30.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
-	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
-	modernc.org/libc v1.49.3 // indirect
-	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.8.0 // indirect
-	modernc.org/sqlite v1.29.10 // indirect
-	modernc.org/strutil v1.2.0 // indirect
-	modernc.org/token v1.1.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
 	sigs.k8s.io/cli-utils v0.35.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

internal/config/flags.go

@@ -7,7 +7,6 @@ import (
 var InsecureSkipTLSVerify bool
 var SystemDefaultRegistry string
 var APIUIVersion = "1.1.11"
-
 var ShellPodImage string
 
 func Flags() []cli.Flag {

internal/resources/cluster/shell.go

@@ -10,7 +10,7 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/config"
 	"github.com/rancher/steve/pkg/podimpersonation"
 	"github.com/rancher/steve/pkg/stores/proxy"
-	"github.com/rancher/wrangler/v3/pkg/schemas/validation"
+	"github.com/rancher/wrangler/v2/pkg/schemas/validation"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/user"

internal/server/config.go

@@ -6,13 +6,14 @@ import (
 	"strings"
 
 	"github.com/rancher/apiserver/pkg/types"
+	"github.com/rancher/apiserver/pkg/urlbuilder"
 	steveauth "github.com/rancher/steve/pkg/auth"
 	"github.com/rancher/steve/pkg/schema"
 	"github.com/rancher/steve/pkg/server"
 	"github.com/rancher/steve/pkg/server/cli"
 	"github.com/rancher/steve/pkg/server/router"
-	"github.com/rancher/wrangler/v3/pkg/kubeconfig"
-	"github.com/rancher/wrangler/v3/pkg/ratelimit"
+	"github.com/rancher/wrangler/v2/pkg/kubeconfig"
+	"github.com/rancher/wrangler/v2/pkg/ratelimit"
 
 	"github.com/cnrancher/kube-explorer/internal/config"
 	"github.com/cnrancher/kube-explorer/internal/resources/cluster"
@@ -20,7 +21,7 @@ import (
 	"github.com/cnrancher/kube-explorer/internal/version"
 )
 
-func ToServer(ctx context.Context, c *cli.Config, sqlCache bool) (*server.Server, error) {
+func ToServer(ctx context.Context, c *cli.Config) (*server.Server, error) {
 	var (
 		auth steveauth.Middleware
 	)
@@ -58,10 +59,13 @@ func ToServer(ctx context.Context, c *cli.Config, sqlCache bool) (*server.Server
 		AuthMiddleware: auth,
 		Controllers:    controllers,
 		Next:           ui,
-		SQLCache:       sqlCache,
 		// router needs to hack here
 		Router: func(h router.Handlers) http.Handler {
-			return rewriteLocalCluster(router.Routes(h))
+			return handleProxyHeader(
+				rewriteLocalCluster(
+					router.Routes(h),
+				),
+			)
 		},
 	})
 	if err != nil {
@@ -99,3 +103,12 @@ func rewriteLocalCluster(next http.Handler) http.Handler {
 		next.ServeHTTP(rw, req)
 	})
 }
+
+func handleProxyHeader(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if value := req.Header.Get("X-Forwarded-Prefix"); value != "" {
+			req.Header.Set(urlbuilder.PrefixHeader, value)
+		}
+		next.ServeHTTP(rw, req)
+	})
+}

internal/ui/handler.go

@@ -132,7 +132,6 @@ func (h *Handler) IndexFile() http.Handler {
 			http.NotFoundHandler().ServeHTTP(w, r)
 			return
 		}
-		w.WriteHeader(http.StatusOK)
 		_, _ = w.Write(rtn)
 	}))
 }

internal/ui/proxy.go

@@ -0,0 +1,116 @@
+package ui
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strconv"
+
+	"github.com/rancher/apiserver/pkg/urlbuilder"
+	"k8s.io/apimachinery/pkg/util/proxy"
+)
+
+type RoundTripFunc func(*http.Request) (*http.Response, error)
+
+func (r RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return r(req)
+}
+
+func proxyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		scheme := urlbuilder.GetScheme(r)
+		host := urlbuilder.GetHost(r, scheme)
+		pathPrepend := r.Header.Get(urlbuilder.PrefixHeader)
+
+		if scheme == r.URL.Scheme && host == r.URL.Host && pathPrepend == "" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		proxyRoundtrip := proxy.Transport{
+			Scheme:      scheme,
+			Host:        host,
+			PathPrepend: pathPrepend,
+			RoundTripper: RoundTripFunc(func(r *http.Request) (*http.Response, error) {
+				rw := &dummyResponseWriter{
+					next:   w,
+					header: make(http.Header),
+				}
+				next.ServeHTTP(rw, r)
+				return rw.getResponse(r), nil
+			}),
+		}
+		//proxyRoundtripper will write the response in RoundTrip func
+		resp, _ := proxyRoundtrip.RoundTrip(r)
+		responseToWriter(resp, w)
+	})
+
+}
+
+var _ http.ResponseWriter = &dummyResponseWriter{}
+var _ http.Hijacker = &dummyResponseWriter{}
+
+type dummyResponseWriter struct {
+	next http.ResponseWriter
+
+	header     http.Header
+	body       bytes.Buffer
+	statusCode int
+}
+
+// Hijack implements http.Hijacker.
+func (drw *dummyResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	if h, ok := drw.next.(http.Hijacker); ok {
+		return h.Hijack()
+	}
+	return nil, nil, fmt.Errorf("")
+}
+
+// Header implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) Header() http.Header {
+	return drw.header
+}
+
+// Write implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) Write(b []byte) (int, error) {
+	return drw.body.Write(b)
+}
+
+// WriteHeader implements the http.ResponseWriter interface.
+func (drw *dummyResponseWriter) WriteHeader(statusCode int) {
+	drw.statusCode = statusCode
+}
+
+// GetStatusCode returns the status code written to the response.
+func (drw *dummyResponseWriter) GetStatusCode() int {
+	if drw.statusCode == 0 {
+		return 200
+	}
+	return drw.statusCode
+}
+
+func (drw *dummyResponseWriter) getResponse(req *http.Request) *http.Response {
+	return &http.Response{
+		Status:     strconv.Itoa(drw.GetStatusCode()),
+		StatusCode: drw.GetStatusCode(),
+		Proto:      "HTTP/1.1",
+		ProtoMajor: 1,
+		ProtoMinor: 1,
+		Request:    req,
+		Header:     drw.header,
+		Body:       io.NopCloser(&drw.body),
+	}
+}
+
+func responseToWriter(resp *http.Response, writer http.ResponseWriter) {
+	for k, v := range resp.Header {
+		writer.Header()[k] = v
+	}
+	if resp.StatusCode != http.StatusOK {
+		writer.WriteHeader(resp.StatusCode)
+	}
+	_, _ = io.Copy(writer, resp.Body)
+}

internal/ui/routers.go

@@ -27,5 +27,5 @@ func New(opt *Options) (http.Handler, APIUI) {
 		http.Redirect(rw, req, url, http.StatusFound)
 	})
 
-	return router, apiUI(opt)
+	return proxyMiddleware(router), apiUI(opt)
 }

main.go

@@ -6,7 +6,7 @@ import (
 	"github.com/rancher/steve/pkg/debug"
 	stevecli "github.com/rancher/steve/pkg/server/cli"
 	"github.com/rancher/steve/pkg/version"
-	"github.com/rancher/wrangler/v3/pkg/signals"
+	"github.com/rancher/wrangler/v2/pkg/signals"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 
@@ -34,7 +34,7 @@ func main() {
 func run(_ *cli.Context) error {
 	ctx := signals.SetupSignalContext()
 	keconfig.Debug.MustSetupDebug()
-	s, err := server.ToServer(ctx, &keconfig.Steve, false)
+	s, err := server.ToServer(ctx, &keconfig.Steve)
 	if err != nil {
 		return err
 	}

package/Dockerfile

@@ -1,7 +1,8 @@
-FROM registry.suse.com/bci/bci-minimal:15.6
+FROM registry.suse.com/bci/bci-base:15.6
 ARG TARGETARCH
 ARG TARGETOS
 ENV ARCH=${TARGETARCH:-"amd64"} OS=${TARGETOS:-"linux"}
-COPY entrypoint.sh /usr/bin/
+RUN zypper install -y catatonit
 COPY kube-explorer-${OS}-${ARCH} /usr/bin/kube-explorer
-ENTRYPOINT ["entrypoint.sh"]
+ENTRYPOINT [ "/usr/bin/catatonit", "--" ]
+CMD [ "kube-explorer" ]

package/entrypoint.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-kube-explorer "${@}"

scripts/validate

@@ -18,3 +18,14 @@ go mod tidy
 
 echo Verifying modules
 go mod verify
+
+dirty_files="$(git status --porcelain --untracked-files=no)"
+if [ -n "$dirty_files" ]; then
+  echo "Encountered dirty repo! Aborting."
+  echo "If you're seeing this, it means there are uncommitted changes in the repo."
+  echo "If you're seeing this in CI, it probably means that your Go modules aren't tidy, or more generally that running"
+  echo "validation would result in changes to the repo. Make sure you're up to date with the upstream branch and run"
+  echo "'go mod tidy' and commit the changes, if any. The offending changed files are as follows:"
+  echo "$dirty_files"
+  exit 1
+fi