feat(proxy) : Config supports proxy-url field in .kube/config cluster configuration

rohanKanojia · web-flow · commit 150c111de56c · 2024-08-28T10:44:43.000+02:00
Set Config's `httpProxy` / `httpsProxy` fields if current context's
cluster configuration has `proxy-url` set

Signed-off-by: Rohan Kumar &lt;rohaan@redhat.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@
 * Fix #6052: Removed dependency on no longer maintained com.github.mifmif:generex
 
 #### New Features
+* Fix #6150: Config uses `proxy-url` in kubeconfig's cluster configuration
 
 #### _**Note**_: Breaking changes
 * Check detailed migration documentation for breaking changes in [7.0.0](./doc/MIGRATION-v7.md)
diff --git a/README.md b/README.md
@@ -118,6 +118,8 @@ System properties are preferred over environment variables. The following system
 | `kubernetes.keystore.passphrase` / `KUBERNETES_KEYSTORE_PASSPHRASE`                                             |                                                                                                                                          |                                                       |
 | `kubernetes.backwardsCompatibilityInterceptor.disable` / `KUBERNETES_BACKWARDSCOMPATIBILITYINTERCEPTOR_DISABLE` | Disable the `BackwardsCompatibilityInterceptor`                                                                                          | `true`                                                |
 | `no.proxy` / `NO_PROXY`                                                                                         | comma-separated list of domain extensions [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) should not be used for |                                                       |
+| `http.proxy` / `HTTP_PROXY`                                                                                     | URL to the [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) for HTTP requests (See [Proxy precedence](./doc/FAQ.md#how-does-kubernetesclient-loads-proxy-url-from-various-sources))                                    |                                                       |
+| `https.proxy` / `HTTPS_PROXY`                                                                                   | URL to the [proxy](http://www.gnu.org/software/wget/manual/html_node/Proxies.html) for HTTPS requests (See [Proxy precedence](./doc/FAQ.md#how-does-kubernetesclient-loads-proxy-url-from-various-sources))                                   |                                                       |
 
 Alternatively you can use the `ConfigBuilder` to create a config object for the Kubernetes client:
 
diff --git a/doc/FAQ.md b/doc/FAQ.md
@@ -110,6 +110,17 @@ we should provide it like this:
 NO_PROXY: localhost,127.0.0.1,.google.com,.github.com
 ```
 
+### How does KubernetesClient loads proxy URL from various sources?
+
+KubernetesClient loads proxy URL from the following sources (in decreasing order of precedence):
+- `ConfigBuilder.withHttpProxy` / `ConfigBuilder.withHttpsProxy`
+- Cluster's `proxy-url` in `~/.kube/config`
+- System Properties or Environment Variables
+  - `HTTP_PROXY` : Should be used for HTTP requests (when Kubernetes ApiServer is serving plain HTTP requests)
+  - `HTTPS_PROXY` : Should be used for HTTPS requests (when Kubernetes ApiServer is serving HTTPS)
+
+URLs with `http`, `https`, and `socks5` schemes are supported.
+
 ### Optimistic Locking Behavior
 
 Unfortunately it's a little complicated as it depends on what operation you are doing - we'll work towards ensuring the Javadocs are as informative as possible.  Here is quick overview:
diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java
@@ -153,6 +153,7 @@ public class Config {
   private static final int DEFAULT_WATCH_RECONNECT_INTERVAL = 1000;
   private static final int DEFAULT_CONNECTION_TIMEOUT = 10 * 1000;
   private static final String DEFAULT_CLIENT_KEY_PASSPHRASE = "changeit";
+  private static final String SOCKS5_PROTOCOL_PREFIX = "socks5://";
 
   private Boolean trustCerts;
   private Boolean disableHostnameVerification;
@@ -696,11 +697,17 @@ public static void configFromSysPropsOrEnvVars(Config config) {
 
     config.setHttp2Disable(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP2_DISABLE, config.isHttp2Disable()));
 
-    config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpProxy()));
-    config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpsProxy()));
-
-    config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTPS_PROXY, config.getHttpsProxy()));
-    config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP_PROXY, config.getHttpProxy()));
+    // Only set http(s) proxy fields if they're not set. This is done in order to align behavior of
+    // KubernetesClient with kubectl / client-go . Please see https://github.com/fabric8io/kubernetes-client/issues/6150
+    // Precedence is given to proxy-url read from kubeconfig .
+    if (Utils.isNullOrEmpty(config.getHttpProxy())) {
+      config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpProxy()));
+      config.setHttpProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTP_PROXY, config.getHttpProxy()));
+    }
+    if (Utils.isNullOrEmpty(config.getHttpsProxy())) {
+      config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_ALL_PROXY, config.getHttpsProxy()));
+      config.setHttpsProxy(Utils.getSystemPropertyOrEnvVar(KUBERNETES_HTTPS_PROXY, config.getHttpsProxy()));
+    }
 
     config.setProxyUsername(Utils.getSystemPropertyOrEnvVar(KUBERNETES_PROXY_USERNAME, config.getProxyUsername()));
     config.setProxyPassword(Utils.getSystemPropertyOrEnvVar(KUBERNETES_PROXY_PASSWORD, config.getProxyPassword()));
@@ -926,6 +933,18 @@ private static void mergeKubeConfigContents(Config config, String context, io.fa
       if (currentAuthInfo != null) {
         mergeKubeConfigAuthInfo(config, currentCluster, currentAuthInfo);
       }
+      String proxyUrl = currentCluster.getProxyUrl();
+      if (Utils.isNotNullOrEmpty(proxyUrl)) {
+        if (proxyUrl.startsWith(SOCKS5_PROTOCOL_PREFIX) && config.getMasterUrl().startsWith(HTTPS_PROTOCOL_PREFIX)) {
+          config.setHttpsProxy(proxyUrl);
+        } else if (proxyUrl.startsWith(SOCKS5_PROTOCOL_PREFIX)) {
+          config.setHttpProxy(proxyUrl);
+        } else if (proxyUrl.startsWith(HTTP_PROTOCOL_PREFIX)) {
+          config.setHttpProxy(proxyUrl);
+        } else if (proxyUrl.startsWith(HTTPS_PROTOCOL_PREFIX)) {
+          config.setHttpsProxy(proxyUrl);
+        }
+      }
     }
   }
 
diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigProxySourceTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigProxySourceTest.java
