登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 服务器应用 > 容器/虚拟机 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
36 Star 396 Fork 71

GVPrancher / rancher

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
server.go 4.46 KB
一键复制 编辑 原始数据 按行查看 历史
Darren Shepherd 提交于 2018-03-03 21:53 . Refactor kubeconfig and loopback access for helm
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
package server



import (

	"context"

	"net/http"



	"github.com/gorilla/mux"

	"github.com/rancher/rancher/pkg/api/customization/clusteregistrationtokens"

	managementapi "github.com/rancher/rancher/pkg/api/server"

	"github.com/rancher/rancher/pkg/auth/providers/publicapi"

	authrequests "github.com/rancher/rancher/pkg/auth/requests"

	"github.com/rancher/rancher/pkg/auth/tokens"

	"github.com/rancher/rancher/pkg/clustermanager"

	"github.com/rancher/rancher/pkg/controllers/user/pipeline/hooks"

	rancherdialer "github.com/rancher/rancher/pkg/dialer"

	"github.com/rancher/rancher/pkg/dynamiclistener"

	"github.com/rancher/rancher/pkg/httpproxy"

	k8sProxy "github.com/rancher/rancher/pkg/k8sproxy"

	"github.com/rancher/rancher/pkg/rkenodeconfigserver"

	"github.com/rancher/rancher/server/capabilities"

	"github.com/rancher/rancher/server/ui"

	managementSchema "github.com/rancher/types/apis/management.cattle.io/v3/schema"

	"github.com/rancher/types/config"

	"github.com/rancher/types/config/dialer"

	utilnet "k8s.io/apimachinery/pkg/util/net"

	"k8s.io/kubernetes/cmd/kube-apiserver/app"

)



var (

	whiteList = []string{

		"*.amazonaws.com",

		"*.amazonaws.com.cn",

		"forums.rancher.com",

		"api.exoscale.ch",

		"api.ubiquityhosting.com",

		"api.digitalocean.com",

		"*.otc.t-systems.com",

		"api.profitbricks.com",

		"api.packet.net",

	}

)



func Start(ctx context.Context, httpPort, httpsPort int, apiContext *config.ScaledContext, clusterManager *clustermanager.Manager) error {

	tokenAPI, err := tokens.NewAPIHandler(ctx, apiContext)

	if err != nil {

		return err

	}



	publicAPI, err := publicapi.NewHandler(ctx, apiContext)

	if err != nil {

		return err

	}



	managementAPI, err := managementapi.New(ctx, apiContext, clusterManager)

	if err != nil {

		return err

	}



	root := mux.NewRouter()

	root.UseEncodedPath()



	app.DefaultProxyDialer = utilnet.DialFunc(apiContext.Dialer.LocalClusterDialer())



	localClusterAuth, err := k8sProxy.NewLocalProxy(apiContext, apiContext.Dialer, root)

	if err != nil {

		return err

	}



	k8sProxy := k8sProxy.New(apiContext, apiContext.Dialer)



	rawAuthedAPIs := newAuthed(tokenAPI, managementAPI, k8sProxy)



	authedHandler, err := authrequests.NewAuthenticationFilter(ctx, apiContext, rawAuthedAPIs)

	if err != nil {

		return err

	}



	webhookHandler := hooks.New(apiContext)



	connectHandler, connectConfigHandler := connectHandlers(apiContext.Dialer)



	root.Handle("/", ui.UI(managementAPI))

	root.PathPrefix("/v3-public").Handler(publicAPI)

	root.Handle("/v3/import/{token}.yaml", http.HandlerFunc(clusteregistrationtokens.ClusterImportHandler))

	root.Handle("/v3/connect", connectHandler)

	root.Handle("/v3/connect/config", connectConfigHandler)

	root.Handle("/v3/settings/cacerts", rawAuthedAPIs).Methods(http.MethodGet)

	root.PathPrefix("/v3").Handler(authedHandler)

	root.PathPrefix("/hooks").Handler(webhookHandler)

	root.PathPrefix("/k8s/clusters/").Handler(authedHandler)

	root.PathPrefix("/meta").Handler(authedHandler)

	root.NotFoundHandler = ui.UI(http.NotFoundHandler())



	// UI

	uiContent := ui.Content()

	root.PathPrefix("/assets").Handler(uiContent)

	root.PathPrefix("/translations").Handler(uiContent)

	root.Handle("/humans.txt", uiContent)

	root.Handle("/index.html", uiContent)

	root.Handle("/robots.txt", uiContent)

	root.Handle("/VERSION.txt", uiContent)



	registerHealth(root)



	dynamiclistener.Start(ctx, apiContext, httpPort, httpsPort, localClusterAuth)

	return nil

}



func newAuthed(tokenAPI http.Handler, managementAPI http.Handler, k8sproxy http.Handler) *mux.Router {

	authed := mux.NewRouter()

	authed.UseEncodedPath()

	authed.PathPrefix("/meta/proxy").Handler(newProxy())

	authed.PathPrefix("/meta").Handler(managementAPI)

	authed.PathPrefix("/v3/gkeMachineTypes").Handler(capabilities.NewGKEMachineTypesHandler())

	authed.PathPrefix("/v3/gkeVersions").Handler(capabilities.NewGKEVersionsHandler())

	authed.PathPrefix("/v3/gkeZones").Handler(capabilities.NewGKEZonesHandler())

	authed.PathPrefix("/v3/identit").Handler(tokenAPI)

	authed.PathPrefix("/v3/token").Handler(tokenAPI)

	authed.PathPrefix("/k8s/clusters/").Handler(k8sproxy)

	authed.PathPrefix(managementSchema.Version.Path).Handler(managementAPI)



	return authed

}



func connectHandlers(dialer dialer.Factory) (http.Handler, http.Handler) {

	if f, ok := dialer.(*rancherdialer.Factory); ok {

		return f.TunnelServer, rkenodeconfigserver.Handler(f.TunnelAuthorizer)

	}



	return http.NotFoundHandler(), http.NotFoundHandler()

}



func newProxy() http.Handler {

	return httpproxy.NewProxy("/proxy/", func() []string {

		return whiteList

	})

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.0.0-alpha17
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
344bd9b3 5694891 D2dac590 5694891