Merge pull request #246 from edio/feature/proxy

Implement accessing Kubernetes API via proxy
kube-rs · Jun 3, 2020 · cf4773e · cf4773e
2 parents 2843481 + b37a5a5
commit cf4773e
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/kube/examples/proxy.rs b/kube/examples/proxy.rs
@@ -0,0 +1,31 @@
+#[macro_use] extern crate log;
+use k8s_openapi::api::core::v1::Namespace;
+
+use kube::{api::{Api, ListParams}, Client, Config};
+use kube::config::KubeConfigOptions;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    std::env::set_var("RUST_LOG", "info,kube=debug");
+    env_logger::init();
+
+    let proxy_url = std::env::var("http_proxy").ok();
+    if let Some(p) = &proxy_url {
+        info!("http_proxy is {}", p);
+    } else {
+        warn!("You can set HTTP(s) proxy for this example with http_proxy environment variable");
+    }
+
+    let mut config = Config::from_kubeconfig(&KubeConfigOptions::default()).await?;
+    let proxy  = proxy_url.map(|url| reqwest::Proxy::https(&url)).map_or(Ok(None), |p| p.map(Some))?;
+    let config = proxy.map(|p| config.proxy(p)).unwrap_or(config);
+    let client = Client::new(config);
+
+    // Verify we can access kubernetes through proxy
+    let ns_api: Api<Namespace> = Api::all(client);
+    let namespaces = ns_api.list(&ListParams::default()).await?;
+    assert!(namespaces.items.len() > 0);
+    info!("Found {} namespaces", namespaces.items.len());
+
+    Ok(())
+}
diff --git a/kube/src/client/mod.rs b/kube/src/client/mod.rs
@@ -321,6 +321,10 @@ impl From<Config> for reqwest::ClientBuilder {
     fn from(config: Config) -> Self {
         let mut builder = Self::new();
 
+        if let Some(i) = &config.proxy {
+            builder = builder.proxy(i.clone())
+        }
+
         if let Some(i) = config.identity() {
             builder = builder.identity(i)
         }

diff --git a/kube/src/config/mod.rs b/kube/src/config/mod.rs
@@ -78,6 +78,8 @@ pub struct Config {
     pub timeout: std::time::Duration,
     /// Whether to accept invalid ceritifacts
     pub accept_invalid_certs: bool,
+    /// Proxy to send requests to Kubernetes API through
+    pub(crate) proxy: Option<reqwest::Proxy>,
     /// The identity to use for communicating with the Kubernetes API
     /// along wit the password to decrypt it.
     ///
@@ -91,6 +93,20 @@ pub struct Config {
 }
 
 impl Config {
+    /// Return a copy of this config with proxy configured
+    ///
+    /// ```rust
+    /// # fn main() {
+    /// # async fn run() -> Result<(), Box< dyn std::error::Error>> {
+    /// let mut config = kube::Config::from_kubeconfig(&kube::config::KubeConfigOptions::default()).await?;
+    /// let proxy = reqwest::Proxy::http("https://localhost:8080")?;
+    /// let config = config.proxy(proxy);
+    /// # Ok(())
+    /// # }}
+    /// ```
+    pub fn proxy(&mut self, proxy: reqwest::Proxy) -> Self {
+        Config { proxy: Some(proxy), ..(self.clone()) }
+    }
     /// Construct a new config where only the `cluster_url` is set by the user.
     /// and everything else receives a default value.
     ///
@@ -104,6 +120,7 @@ impl Config {
             headers: HeaderMap::new(),
             timeout: DEFAULT_TIMEOUT,
             accept_invalid_certs: false,
+            proxy: None,
             identity: None,
             auth_header: Authentication::None,
         }
@@ -163,6 +180,7 @@ impl Config {
             headers: HeaderMap::new(),
             timeout: DEFAULT_TIMEOUT,
             accept_invalid_certs: false,
+            proxy: None,
             identity: None,
             auth_header: Authentication::Token(format!("Bearer {}", token)),
         })
@@ -226,6 +244,7 @@ impl Config {
             headers: HeaderMap::new(),
             timeout: DEFAULT_TIMEOUT,
             accept_invalid_certs,
+            proxy: None,
             identity: identity.map(|i| (i, String::from(IDENTITY_PASSWORD))),
             auth_header: load_auth_header(&loader)?,
         })