Skip to content

Commit

Permalink
don't enforce kube api to be enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@tigrato
tigrato committed Sep 20, 2024
1 parent b03e463 commit ccf0518
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 12 deletions.
17 changes: 11 additions & 6 deletions lib/kube/grpc/grpc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,13 @@ func New(cfg Config) (*Server, error) {
return nil, trace.Wrap(err)
}

sni, addr, err := getWebAddrAndKubeSNI(cfg.KubeProxyAddr)
if err != nil {
return nil, trace.Wrap(err)
var sni, addr string
var err error
if cfg.KubeProxyAddr != "" {
sni, addr, err = getWebAddrAndKubeSNI(cfg.KubeProxyAddr)
if err != nil {
return nil, trace.Wrap(err)
}
}

s := &Server{cfg: cfg, proxyAddress: addr, kubeProxySNI: sni}
Expand Down Expand Up @@ -127,9 +131,7 @@ func (c *Config) CheckAndSetDefaults() error {
if c.Emitter == nil {
return trace.BadParameter("missing parameter Emitter")
}
if c.KubeProxyAddr == "" {
return trace.BadParameter("missing parameter KubeProxyAddr")
}

if c.ClusterName == "" {
return trace.BadParameter("missing parameter ClusterName")
}
Expand All @@ -146,6 +148,9 @@ func (c *Config) CheckAndSetDefaults() error {
// ListKubernetesResources returns the list of resources available for the user for
// the specified Resource kind, Kubernetes cluster and namespace.
func (s *Server) ListKubernetesResources(ctx context.Context, req *proto.ListKubernetesResourcesRequest) (*proto.ListKubernetesResourcesResponse, error) {
if s.proxyAddress == "" {
return nil, trail.ToGRPC(trace.ConnectionProblem(nil, "Kubernetes API is disabled"))
}
userContext, err := s.authorize(ctx)
if err != nil {
return nil, trail.ToGRPC(err)
Expand Down
8 changes: 2 additions & 6 deletions lib/kube/grpc/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,9 @@ func getWebAddrAndKubeSNI(proxyAddr string) (string, string, error) {
if err != nil {
return "", "", trace.Wrap(err)
}
ip := net.ParseIP(addr)
if ip == nil {
return "", "", trace.BadParameter("proxy address %q must be have address:port format", proxyAddr)
}
sni := client.GetKubeTLSServerName(addr)
// if the proxy is a unspecified address (0.0.0.0, ::), use localhost.
if ip.IsUnspecified() {
// if the proxy is an unspecified address (0.0.0.0, ::), use localhost.
if ip := net.ParseIP(addr); ip != nil && ip.IsUnspecified() {
addr = string(teleport.PrincipalLocalhost)
}
return sni, "https://" + net.JoinHostPort(addr, port), nil
Expand Down

0 comments on commit ccf0518

Please sign in to comment.