-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 21dfdf2
Showing
1,491 changed files
with
396,462 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| bin/ | ||
| build/ | ||
| coverage.out | ||
| ca-certificates.crt | ||
| .vscode | ||
| .history | ||
| node_modules/ | ||
| /*.pem | ||
| /*.tsv | ||
| src/**/*.css | ||
| Dockerfile.test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| FROM alpine:3.5 | ||
| COPY bin/kapow /kapow | ||
| COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt | ||
|
|
||
| ENTRYPOINT ["/kapow"] |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
|
|
||
| ## Gopkg.toml example (these lines may be deleted) | ||
|
|
||
| ## "required" lists a set of packages (not projects) that must be included in | ||
| ## Gopkg.lock. This list is merged with the set of packages imported by the current | ||
| ## project. Use it when your project needs a package it doesn't explicitly import - | ||
| ## including "main" packages. | ||
| # required = ["github.com/user/thing/cmd/thing"] | ||
|
|
||
| ## "ignored" lists a set of packages (not projects) that are ignored when | ||
| ## dep statically analyzes source code. Ignored packages can be in this project, | ||
| ## or in a dependency. | ||
| # ignored = ["github.com/user/project/badpkg"] | ||
|
|
||
| ## Dependencies define constraints on dependent projects. They are respected by | ||
| ## dep whether coming from the Gopkg.toml of the current project or a dependency. | ||
| # [[dependencies]] | ||
| ## Required: the root import path of the project being constrained. | ||
| # name = "github.com/user/project" | ||
| # | ||
| ## Recommended: the version constraint to enforce for the project. | ||
| ## Only one of "branch", "version" or "revision" can be specified. | ||
| # version = "1.0.0" | ||
| # branch = "master" | ||
| # revision = "abc123" | ||
| # | ||
| ## Optional: an alternate location (URL or import path) for the project's source. | ||
| # source = "https://github.com/myfork/package.git" | ||
|
|
||
| ## Overrides have the same structure as [[dependencies]], but supercede all | ||
| ## [[dependencies]] declarations from all projects. Only the current project's | ||
| ## [[overrides]] are applied. | ||
| ## | ||
| ## Overrides are a sledgehammer. Use them only as a last resort. | ||
| # [[overrides]] | ||
| ## Required: the root import path of the project being constrained. | ||
| # name = "github.com/user/project" | ||
| # | ||
| ## Optional: specifying a version constraint override will cause all other | ||
| ## constraints on this project to be ignored; only the overriden constraint | ||
| ## need be satisfied. | ||
| ## Again, only one of "branch", "version" or "revision" can be specified. | ||
| # version = "1.0.0" | ||
| # branch = "master" | ||
| # revision = "abc123" | ||
| # | ||
| ## Optional: specifying an alternate source location as an override will | ||
| ## enforce that the alternate location is used for that project, regardless of | ||
| ## what source location any dependent projects specify. | ||
| # source = "https://github.com/myfork/package.git" | ||
|
|
||
|
|
||
|
|
||
| [[dependencies]] | ||
| name = "github.com/Sirupsen/logrus" | ||
| version = ">=0.10.0, <1.0.0" | ||
|
|
||
| [[dependencies]] | ||
| name = "github.com/coreos/go-oidc" | ||
|
|
||
| [[dependencies]] | ||
| branch = "master" | ||
| name = "github.com/nu7hatch/gouuid" | ||
|
|
||
| [[dependencies]] | ||
| name = "github.com/prometheus/common" | ||
|
|
||
| [[dependencies]] | ||
| branch = "master" | ||
| name = "github.com/urfave/cli" | ||
|
|
||
| [[dependencies]] | ||
| name = "golang.org/x/oauth2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| Copyright (c) 2017 Matt DeBoer | ||
|
|
||
| MIT License | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining | ||
| a copy of this software and associated documentation files (the | ||
| "Software"), to deal in the Software without restriction, including | ||
| without limitation the rights to use, copy, modify, merge, publish, | ||
| distribute, sublicense, and/or sell copies of the Software, and to | ||
| permit persons to whom the Software is furnished to do so, subject to | ||
| the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be | ||
| included in all copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| VERSION ?= $(shell git describe --tags --always ) | ||
| TARGET ?= $(shell basename `git rev-parse --show-toplevel`) | ||
| TEST ?= $(shell go list ./... | grep -v /vendor/) | ||
| REPOSITORY := mattdeboer/${TARGET} | ||
| DOCKER_IMAGE ?= ${REPOSITORY}:${VERSION} | ||
| BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD) | ||
| REVISION ?= $(shell git rev-parse HEAD) | ||
| LD_FLAGS ?= -s -X github.com/matt-deboer/${TARGET}/pkg/version.Name=$(TARGET) \ | ||
| -X github.com/matt-deboer/${TARGET}/pkg/version.Revision=$(REVISION) \ | ||
| -X github.com/matt-deboer/${TARGET}/pkg/version.Branch=$(BRANCH) \ | ||
| -X github.com/matt-deboer/${TARGET}/pkg/version.Version=$(VERSION) | ||
|
|
||
| default: test build | ||
|
|
||
| test: | ||
| go test -v -cover -run=$(RUN) $(TEST) | ||
|
|
||
| build: clean | ||
| @go build -v -o bin/$(TARGET) -ldflags "$(LD_FLAGS)+local_changes" ./pkg/server | ||
|
|
||
| pkg/ui/build: | ||
| cd pkg/ui && npm run release | ||
|
|
||
| release-ui: pkg/ui/build | ||
| @go get github.com/jteeuwen/go-bindata/... | ||
| # @go get github.com/elazarl/go-bindata-assetfs/... | ||
|
|
||
| go-bindata -o pkg/server/ui.go -prefix "pkg/ui/build" pkg/ui/build/... | ||
|
|
||
| release: clean release-ui | ||
| CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build \ | ||
| -a -tags netgo \ | ||
| -a -installsuffix cgo \ | ||
| -ldflags "$(LD_FLAGS)" \ | ||
| -o bin/$(TARGET) ./pkg/server | ||
|
|
||
| ca-certificates.crt: | ||
| @-docker rm -f ${TARGET}_cacerts | ||
| @docker run --name ${TARGET}_cacerts debian:latest bash -c 'apt-get update && apt-get install -y ca-certificates' | ||
| @docker cp ${TARGET}_cacerts:/etc/ssl/certs/ca-certificates.crt . | ||
| @docker rm -f ${TARGET}_cacerts | ||
|
|
||
| docker: ca-certificates.crt release | ||
| @echo "Building ${DOCKER_IMAGE}..." | ||
| @docker build -t ${DOCKER_IMAGE} -f Dockerfile . | ||
|
|
||
| pkg/ui/test-proxy/node_modules: | ||
| cd pkg/ui && npm run build-test-proxy | ||
|
|
||
| pkg/ui/node_modules: | ||
| cd pkg/ui && npm install | ||
|
|
||
| dev-ui: | pkg/ui/node_modules pkg/ui/test-proxy/node_modules | ||
| # now move to the ui dir and run dev | ||
| cd pkg/ui && npm run dev | ||
|
|
||
| clean-ui: | ||
| @rm -rf pkg/ui/build | ||
|
|
||
| clean: | ||
| @rm -rf bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| kapow | ||
| ============== | ||
|
|
||
| <!--[](https://travis-ci.org/matt-deboer/kapow) | ||
| [](https://hub.docker.com/r/mattdeboer/kapow/)--> | ||
|
|
||
| **_kubernetes authenticating proxy operations window !_** | ||
| Ok, it's not just for _ops_, but I was already committed to the acronym :) | ||
|
|
||
|
|
||
| ## **~~ This project is in an early alpha state; use it to your own risk/surprise! ~~** | ||
|
|
||
| Motivation | ||
| --- | ||
|
|
||
| To create a Kubernetes UI experience capable of integrating with popular enterprise authentication mechanisms, | ||
| and provide a focused but functional introduction to Kubernetes that prioritizes developer onboarding speed. | ||
|
|
||
| ### Why create another dashboard? | ||
|
|
||
| Other than gaining more experience in Golang and React, and learning a lot about kubernetes itself, it seemed worthwhile to have a dashboard that supports user authentication though the browser, and executes all actions **as** the authenticated user (as opposed to executing them as a privileged service account). | ||
|
|
||
| See [this discussion](https://github.com/kubernetes/dashboard/issues/574#issuecomment-282360783) for details surrounding the vulnerabilities introduced by running the existing dashboard in a multi-tenant environment. | ||
|
|
||
| ### What makes Kapow different? | ||
|
|
||
| Other than the purely cosmetic differences, **Kapow** acts as an authenticating proxy, sending every request using the identity of the authenticated user; this means that a user of Kapow has the same privileges they would have using `kubectl` in their shell. | ||
|
|
||
| Setup | ||
| --- | ||
|
|
||
| Since **kapow** works by acting as an authenticating-proxy, you must configure your cluster to use an authenticating proxy; see [the kubernetes docs](https://kubernetes.io/docs/admin/authentication/#authenticating-proxy) for details. | ||
|
|
||
| Part of this equation involves configuring **kapow** to use a certificate having a CN matching one of the `--requestheader-allowed-names` values you specified above, and signed by the `--requestheader-client-ca-file` you specified. | ||
|
|
||
| Usage | ||
| --- | ||
|
|
||
| ``` | ||
| ``` | ||
|
|
||
| Developing | ||
| --- | ||
|
|
||
| You can run a local development version of the dashboard using: | ||
| ``` | ||
| make dev-ui | ||
| ``` | ||
| The mock API responses are stored in the file `pkg/ui/test-proxy/data.json`; there are some requests | ||
| sill missing a mock response--just add a key to the json object matching the path of the request, and | ||
| fill in the JSON response as the value. | ||
| _Mocks for the web-socket APIs and POST/PUT/DELETE methods are not yet supported._ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| @startuml | ||
|
|
||
| scale 1 | ||
| hide footbox | ||
|
|
||
| participant "Kapow UI" as b | ||
| participant "Kapow Server" as k | ||
| participant "OIDC Provider" as o | ||
| activate b | ||
| b -> k: /login | ||
| activate k | ||
| k -> b: OIDC redirect\n + set_cookie(state) | ||
| deactivate k | ||
| b -> o: OIDC exchange | ||
| activate o | ||
| o -> b: creds challenge | ||
| b -> o: answer with creds | ||
| o -> b: redirect with oauth2 response | ||
| deactivate o | ||
| b -> k: /auth/callback | ||
| activate k | ||
| k -> b: redirect\n + set_cookie(jwt) | ||
| deactivate k | ||
| deactivate b | ||
|
|
||
| @enduml |
Oops, something went wrong.