Enable setting proxyurl in kubeconfig via kubectl config (#105566)

* Enable setting proxyurl in kubeconfig via kubectl config This PR enables setting `proxy-url` in kubeconfig via kubectl config. * Add godoc for proxy-url unit tests
2025-09-14 13:45:06 +00:00 · 2021-12-20 21:12:56 +03:00
parent 571e067cdd
commit afdde38321
3 changed files with 94 additions and 1 deletions
--- a/staging/src/k8s.io/client-go/tools/clientcmd/overrides.go
+++ b/staging/src/k8s.io/client-go/tools/clientcmd/overrides.go
@@ -73,6 +73,7 @@ type ClusterOverrideFlags struct {
 	CertificateAuthority  FlagInfo
 	InsecureSkipTLSVerify FlagInfo
 	TLSServerName         FlagInfo
+	ProxyURL              FlagInfo
 }

 // FlagInfo contains information about how to register a flag.  This struct is useful if you want to provide a way for an extender to
@@ -160,6 +161,7 @@ const (
 	FlagUsername         = "username"
 	FlagPassword         = "password"
 	FlagTimeout          = "request-timeout"
+	FlagProxyURL         = "proxy-url"
 )

 // RecommendedConfigOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
@@ -195,6 +197,7 @@ func RecommendedClusterOverrideFlags(prefix string) ClusterOverrideFlags {
 		CertificateAuthority:  FlagInfo{prefix + FlagCAFile, "", "", "Path to a cert file for the certificate authority"},
 		InsecureSkipTLSVerify: FlagInfo{prefix + FlagInsecure, "", "false", "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure"},
 		TLSServerName:         FlagInfo{prefix + FlagTLSServerName, "", "", "If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used."},
+		ProxyURL:              FlagInfo{prefix + FlagProxyURL, "", "", "If provided, this URL will be used to connect via proxy"},
 	}
 }

@@ -234,6 +237,7 @@ func BindClusterFlags(clusterInfo *clientcmdapi.Cluster, flags *pflag.FlagSet, f
 	flagNames.CertificateAuthority.BindStringFlag(flags, &clusterInfo.CertificateAuthority)
 	flagNames.InsecureSkipTLSVerify.BindBoolFlag(flags, &clusterInfo.InsecureSkipTLSVerify)
 	flagNames.TLSServerName.BindStringFlag(flags, &clusterInfo.TLSServerName)
+	flagNames.ProxyURL.BindStringFlag(flags, &clusterInfo.ProxyURL)
 }

 // BindFlags is a convenience method to bind the specified flags to their associated variables
--- a/staging/src/k8s.io/kubectl/pkg/cmd/config/create_cluster.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/config/create_cluster.go
@@ -41,6 +41,7 @@ type createClusterOptions struct {
 	insecureSkipTLSVerify cliflag.Tristate
 	certificateAuthority  cliflag.StringFlag
 	embedCAData           cliflag.Tristate
+	proxyURL              cliflag.StringFlag
 }

 var (
@@ -60,7 +61,10 @@ var (
 		kubectl config set-cluster e2e --insecure-skip-tls-verify=true

 		# Set custom TLS server name to use for validation for the e2e cluster entry
-		kubectl config set-cluster e2e --tls-server-name=my-cluster-name`)
+		kubectl config set-cluster e2e --tls-server-name=my-cluster-name
+
+		# Set proxy url for the e2e cluster entry
+		kubectl config set-cluster e2e --proxy-url=https://1.2.3.4`)
 )

 // NewCmdConfigSetCluster returns a Command instance for 'config set-cluster' sub command
@@ -90,6 +94,7 @@ func NewCmdConfigSetCluster(out io.Writer, configAccess clientcmd.ConfigAccess)
 	cmd.MarkFlagFilename(clientcmd.FlagCAFile)
 	f = cmd.Flags().VarPF(&options.embedCAData, clientcmd.FlagEmbedCerts, "", clientcmd.FlagEmbedCerts+" for the cluster entry in kubeconfig")
 	f.NoOptDefVal = "true"
+	cmd.Flags().Var(&options.proxyURL, clientcmd.FlagProxyURL, clientcmd.FlagProxyURL+" for the cluster entry in kubeconfig")

 	return cmd
 }
@@ -157,6 +162,10 @@ func (o *createClusterOptions) modifyCluster(existingCluster clientcmdapi.Cluste
 		}
 	}

+	if o.proxyURL.Provided() {
+		modifiedCluster.ProxyURL = o.proxyURL.Value()
+	}
+
 	return modifiedCluster
 }

--- a/staging/src/k8s.io/kubectl/pkg/cmd/config/create_cluster_test.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/config/create_cluster_test.go
@@ -55,6 +55,31 @@ func TestCreateCluster(t *testing.T) {
 	test.run(t)
 }

+func TestCreateClusterWithProxy(t *testing.T) {
+	conf := clientcmdapi.Config{}
+	test := createClusterTest{
+		description: "Testing 'kubectl config set-cluster' with a new cluster",
+		config:      conf,
+		args:        []string{"my-cluster"},
+		flags: []string{
+			"--server=http://192.168.0.1",
+			"--tls-server-name=my-cluster-name",
+			"--proxy-url=http://192.168.0.2",
+		},
+		expected: `Cluster "my-cluster" set.` + "\n",
+		expectedConfig: clientcmdapi.Config{
+			Clusters: map[string]*clientcmdapi.Cluster{
+				"my-cluster": {
+					Server:        "http://192.168.0.1",
+					TLSServerName: "my-cluster-name",
+					ProxyURL:      "http://192.168.0.2",
+				},
+			},
+		},
+	}
+	test.run(t)
+}
+
 func TestModifyCluster(t *testing.T) {
 	conf := clientcmdapi.Config{
 		Clusters: map[string]*clientcmdapi.Cluster{
@@ -78,6 +103,61 @@ func TestModifyCluster(t *testing.T) {
 	test.run(t)
 }

+// TestModifyClusterWithProxy tests setting proxy-url in kubeconfig
+func TestModifyClusterWithProxy(t *testing.T) {
+	conf := clientcmdapi.Config{
+		Clusters: map[string]*clientcmdapi.Cluster{
+			"my-cluster": {Server: "https://192.168.0.1", TLSServerName: "to-be-cleared"},
+		},
+	}
+	test := createClusterTest{
+		description: "Testing 'kubectl config set-cluster' with an existing cluster",
+		config:      conf,
+		args:        []string{"my-cluster"},
+		flags: []string{
+			"--server=https://192.168.0.99",
+			"--proxy-url=https://192.168.0.100",
+		},
+		expected: `Cluster "my-cluster" set.` + "\n",
+		expectedConfig: clientcmdapi.Config{
+			Clusters: map[string]*clientcmdapi.Cluster{
+				"my-cluster": {Server: "https://192.168.0.99", ProxyURL: "https://192.168.0.100"},
+			},
+		},
+	}
+	test.run(t)
+}
+
+// TestModifyClusterWithProxyOverride tests updating proxy-url
+// in kubeconfig which already exists
+func TestModifyClusterWithProxyOverride(t *testing.T) {
+	conf := clientcmdapi.Config{
+		Clusters: map[string]*clientcmdapi.Cluster{
+			"my-cluster": {
+				Server:        "https://192.168.0.1",
+				TLSServerName: "to-be-cleared",
+				ProxyURL:      "https://192.168.0.2",
+			},
+		},
+	}
+	test := createClusterTest{
+		description: "Testing 'kubectl config set-cluster' with an existing cluster",
+		config:      conf,
+		args:        []string{"my-cluster"},
+		flags: []string{
+			"--server=https://192.168.0.99",
+			"--proxy-url=https://192.168.0.100",
+		},
+		expected: `Cluster "my-cluster" set.` + "\n",
+		expectedConfig: clientcmdapi.Config{
+			Clusters: map[string]*clientcmdapi.Cluster{
+				"my-cluster": {Server: "https://192.168.0.99", ProxyURL: "https://192.168.0.100"},
+			},
+		},
+	}
+	test.run(t)
+}
+
 func TestModifyClusterServerAndTLS(t *testing.T) {
 	conf := clientcmdapi.Config{
 		Clusters: map[string]*clientcmdapi.Cluster{