Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Add the backend plugin framework #740

Merged
merged 12 commits into from
Apr 5, 2023

Conversation

barnettZQG
Copy link
Collaborator

@barnettZQG barnettZQG commented Mar 31, 2023

Description of your changes

This PR has three goals:

  1. Proxy the Kubernetes API and external services that discover the endpoint by Kubernetes service by plugin config.
  2. The allowed route and the permission can be customized for all proxy APIs. The authorization is the same as that of OpenAPI.
  3. Generate the cluster role for every plugin that type is kube-api to limit the permission.

Plugin Definition

{
  "type": "page-app",
  "name": "Node Dashboard",
  "id": "node-dashboard",
  ...
  "backend": true,
  "proxy": true,
  "backendType": "kube-api",
  "kubePermissions": [
    {
      "apiGroups": [
        ""
      ],
      "resources": [
        "nodes",
        "nodes/status"
      ],
      "verbs": [
        "get",
        "list"
      ]
    },
    {
      "apiGroups": [
        "",
        "events.k8s.io"
      ],
      "resources": [
        "events"
      ],
      "verbs": [
        "get",
        "list"
      ]
    }
  ],
  "routes": [
    {
      "path": "/api/v1/nodes",
      "permission": {
        "resource": "node",
        "action": "list"
      }
    },
    {
      "path": "/api/v1/events",
      "permission": {
        "resource": "event",
        "action": "list"
      }
    },
    {
      "path": "/api/v1/nodes/:nodeName",
      "method": "Put",
      "permission": {
        "resource": "node",
        "action": "update"
      },
      "resourceMap": {
        "node": "nodeName"
      }
    }
  ],
  "includes": [
    {
      "workspace": {
        "name": "platform-setting"
      },
      "type": "Workspace",
      "label": "Node Manage",
      "name": "node-manage",
      "to": "/plugins/%PLUGIN_ID%",
      "permission": {
        "resource": "node",
        "action": "list"
      },
      "relatedRoute": [
        "/plugins/%PLUGIN_ID%"
      ],
      "icon": "",
      "catalog": "Resources"
    }
  ]
}
  • backendType: The options include kube-api, kube-service, and static-server
  • kubePermissions: This field defines the permission policy of the cluster role. Only available for the kube-api type.
  • routes: This field defines the allowed route. The empty route means allowing all APIs. Every route could define the needed permission.

For this example plugin config, follow APIs are available:

  • GET: /proxy/plugins/node-dashboard/api/v1/nodes
  • PUT: /proxy/plugins/node-dashboard/api/v1/nodes/node-name
  • GET: /proxy/plugins/node-dashboard/api/v1/events

I have:

  • Read and followed KubeVela's contribution process.
  • Related Docs updated properly. In a new feature or configuration option, an update to the documentation is necessary.
  • Run yarn lint to ensure the frontend changes are ready for review.
  • Run make reviewableto ensure the server changes are ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

Special notes for your reviewer

@codecov
Copy link

codecov bot commented Mar 31, 2023

Codecov Report

Patch coverage: 57.60% and no project coverage change.

Comparison is base (bceaad7) 61.08% compared to head (47a62bf) 61.09%.

Additional details and impacted files
@@           Coverage Diff            @@
##             main     #740    +/-   ##
========================================
  Coverage   61.08%   61.09%            
========================================
  Files          99      106     +7     
  Lines       18081    18543   +462     
========================================
+ Hits        11045    11328   +283     
- Misses       5693     5826   +133     
- Partials     1343     1389    +46     
Flag Coverage Δ
apiserver-unittests 33.14% <45.32%> (+0.58%) ⬆️
server-e2e-tests 49.91% <45.60%> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/plugin/loader/loader.go 45.39% <0.00%> (-6.10%) ⬇️
pkg/plugin/proxy/static_server_proxy.go 0.00% <0.00%> (ø)
pkg/plugin/types/plugin.go 40.00% <ø> (+10.00%) ⬆️
pkg/server/interfaces/api/dto/v1/types.go 73.33% <ø> (ø)
pkg/server/utils/bcode/bcode.go 55.10% <ø> (ø)
pkg/server/server.go 56.16% <39.28%> (-2.51%) ⬇️
pkg/plugin/proxy/kube_service_proxy.go 42.85% <42.85%> (ø)
pkg/plugin/proxy/proxy.go 50.00% <50.00%> (ø)
pkg/server/domain/model/plugin.go 50.00% <50.00%> (ø)
pkg/server/interfaces/api/authentication.go 48.03% <52.63%> (+2.18%) ⬆️
... and 6 more

... and 5 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@barnettZQG barnettZQG force-pushed the feature/plugin-proxy branch 2 times, most recently from 4db7501 to f10a8eb Compare April 2, 2023 13:22
@barnettZQG barnettZQG marked this pull request as ready for review April 2, 2023 13:51
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
AuthType AuthType `json:"authType,omitempty"`
AuthSecret *KubernetesSecret `json:"authSecret,omitempty"`
// For the kube auth type, define the max scope permission for this plugin.
KubePermissions []rbacv1.PolicyRule `json:"kubePermissions,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rbacPolicies

Copy link
Contributor

@wonderflow wonderflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great job

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
@barnettZQG barnettZQG merged commit 6b33036 into kubevela:main Apr 5, 2023
mujinhuakai pushed a commit to mujinhuakai/velaux that referenced this pull request Apr 8, 2023
* Feat: Add the backend plugin framework

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: add some unit tests

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: the package order

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Feat: make the node dashboard plugin to work

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Feat: change the code style

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: e2e test case

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Feat: Support to prxoy the multiple cluster API

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Feat: Change the menu

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: Can't build ui package

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: e2e test case

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: unit test case

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: change some words

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

---------

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
Signed-off-by: liyanfang <liyanfang@cmss.chinamobile.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants