feat(pro): auto-mount kubeconfig of virtual cluster/space instance in…

…to workspace
loft-sh · Jan 31, 2025 · 37ccfe3 · 37ccfe3
1 parent d6b5b2a
commit 37ccfe3
Show file tree

Hide file tree

Showing 20 changed files with 540 additions and 100 deletions.
diff --git a/cmd/agent/container/setup.go b/cmd/agent/container/setup.go
@@ -180,7 +180,7 @@ func (cmd *SetupContainerCmd) Run(ctx context.Context) error {
 	}
 
 	// setup container
-	err = setup.SetupContainer(ctx, setupInfo, workspaceInfo.CLIOptions.WorkspaceEnv, cmd.ChownWorkspace, logger)
+	err = setup.SetupContainer(ctx, setupInfo, workspaceInfo.CLIOptions.WorkspaceEnv, cmd.ChownWorkspace, tunnelClient, logger)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/container_tunnel.go b/cmd/agent/container_tunnel.go
@@ -65,7 +65,7 @@ func (cmd *ContainerTunnelCmd) Run(ctx context.Context, log log.Logger) error {
 	}
 
 	// create runner
-	runner, err := workspace.CreateRunner(workspaceInfo, log)
+	runner, err := workspace.CreateRunner(workspaceInfo, nil, log)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/workspace/build.go b/cmd/agent/workspace/build.go
@@ -65,7 +65,7 @@ func (cmd *BuildCmd) Run(ctx context.Context) error {
 		}()
 	}
 
-	runner, err := CreateRunner(workspaceInfo, logger)
+	runner, err := CreateRunner(workspaceInfo, nil, logger)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/workspace/delete.go b/cmd/agent/workspace/delete.go
@@ -77,7 +77,7 @@ func (cmd *DeleteCmd) Run(ctx context.Context) error {
 
 func removeContainer(ctx context.Context, workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) error {
 	log.Debugf("Removing DevPod container from server...")
-	runner, err := CreateRunner(workspaceInfo, log)
+	runner, err := CreateRunner(workspaceInfo, nil, log)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/workspace/logs.go b/cmd/agent/workspace/logs.go
@@ -49,7 +49,7 @@ func (cmd *LogsCmd) Run(ctx context.Context) error {
 	logger := log.Default.ErrorStreamOnly()
 
 	// create new runner
-	runner, err := devcontainer.NewRunner(agent.ContainerDevPodHelperLocation, agent.DefaultAgentDownloadURL(), workspaceInfo, logger)
+	runner, err := devcontainer.NewRunner(agent.ContainerDevPodHelperLocation, agent.DefaultAgentDownloadURL(), workspaceInfo, nil, logger)
 	if err != nil {
 		return fmt.Errorf("create runner: %w", err)
 	}

diff --git a/cmd/agent/workspace/status.go b/cmd/agent/workspace/status.go
@@ -47,7 +47,7 @@ func (cmd *StatusCmd) Run(ctx context.Context, log log.Logger) error {
 	}
 
 	// create runner
-	runner, err := CreateRunner(workspaceInfo, log)
+	runner, err := CreateRunner(workspaceInfo, nil, log)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/workspace/stop.go b/cmd/agent/workspace/stop.go
@@ -57,7 +57,7 @@ func (cmd *StopCmd) Run(ctx context.Context) error {
 
 func stopContainer(ctx context.Context, workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) error {
 	log.Debugf("Stopping DevPod container...")
-	runner, err := CreateRunner(workspaceInfo, log)
+	runner, err := CreateRunner(workspaceInfo, nil, log)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/agent/workspace/up.go b/cmd/agent/workspace/up.go
@@ -101,7 +101,7 @@ func (cmd *UpCmd) Run(ctx context.Context) error {
 
 func (cmd *UpCmd) up(ctx context.Context, workspaceInfo *provider2.AgentWorkspaceInfo, tunnelClient tunnel.TunnelClient, logger log.Logger) error {
 	// create devcontainer
-	result, err := cmd.devPodUp(ctx, workspaceInfo, logger)
+	result, err := cmd.devPodUp(ctx, workspaceInfo, tunnelClient, logger)
 	if err != nil {
 		return err
 	}
@@ -119,8 +119,8 @@ func (cmd *UpCmd) up(ctx context.Context, workspaceInfo *provider2.AgentWorkspac
 	return nil
 }
 
-func (cmd *UpCmd) devPodUp(ctx context.Context, workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) (*config2.Result, error) {
-	runner, err := CreateRunner(workspaceInfo, log)
+func (cmd *UpCmd) devPodUp(ctx context.Context, workspaceInfo *provider2.AgentWorkspaceInfo, tunnelClient tunnel.TunnelClient, log log.Logger) (*config2.Result, error) {
+	runner, err := CreateRunner(workspaceInfo, tunnelClient, log)
 	if err != nil {
 		return nil, err
 	}
@@ -137,8 +137,8 @@ func (cmd *UpCmd) devPodUp(ctx context.Context, workspaceInfo *provider2.AgentWo
 	return result, nil
 }
 
-func CreateRunner(workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) (devcontainer.Runner, error) {
-	return devcontainer.NewRunner(agent.ContainerDevPodHelperLocation, agent.DefaultAgentDownloadURL(), workspaceInfo, log)
+func CreateRunner(workspaceInfo *provider2.AgentWorkspaceInfo, tunnelClient tunnel.TunnelClient, log log.Logger) (devcontainer.Runner, error) {
+	return devcontainer.NewRunner(agent.ContainerDevPodHelperLocation, agent.DefaultAgentDownloadURL(), workspaceInfo, tunnelClient, log)
 }
 
 func InitContentFolder(workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) (bool, error) {

diff --git a/cmd/ssh.go b/cmd/ssh.go
@@ -689,7 +689,7 @@ func (cmd *SSHCmd) jumpLocalProxyContainer(ctx context.Context, devPodConfig *co
 		return err
 	}
 
-	runner, err := workspace.CreateRunner(workspaceInfo, log)
+	runner, err := workspace.CreateRunner(workspaceInfo, nil, log)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/agent/tunnel/tunnel.pb.go b/pkg/agent/tunnel/tunnel.pb.go
diff --git a/pkg/agent/tunnel/tunnel.proto b/pkg/agent/tunnel/tunnel.proto
@@ -16,6 +16,7 @@ service Tunnel {
   rpc GitUser(Empty) returns (Message) {}
   rpc LoftConfig(Message) returns (Message) {}
   rpc GPGPublicKeys(Message) returns (Message) {}
+  rpc KubeConfig(Message) returns (Message) {}
 
   rpc ForwardPort(ForwardPortRequest) returns (ForwardPortResponse) {}
   rpc StopForwardPort(StopForwardPortRequest) returns (StopForwardPortResponse) {}

diff --git a/pkg/agent/tunnel/tunnel_grpc.pb.go b/pkg/agent/tunnel/tunnel_grpc.pb.go
diff --git a/pkg/agent/tunnelserver/options.go b/pkg/agent/tunnelserver/options.go
@@ -1,6 +1,7 @@
 package tunnelserver
 
 import (
+	"github.com/loft-sh/devpod/pkg/agent/tunnel"
 	"github.com/loft-sh/devpod/pkg/devcontainer/config"
 	"github.com/loft-sh/devpod/pkg/netstat"
 	provider2 "github.com/loft-sh/devpod/pkg/provider"
@@ -36,6 +37,13 @@ func WithAllowDockerCredentials(allowDockerCredentials bool) Option {
 	}
 }
 
+func WithAllowKubeConfig(allow bool) Option {
+	return func(s *tunnelServer) *tunnelServer {
+		s.allowKubeConfig = allow
+		return s
+	}
+}
+
 func WithMounts(mounts []*config.Mount) Option {
 	return func(s *tunnelServer) *tunnelServer {
 		s.mounts = mounts
@@ -52,3 +60,10 @@ func WithGitCredentialsOverride(username string, token string) Option {
 		return s
 	}
 }
+
+func WithTunnelClient(tunnelClient tunnel.TunnelClient) Option {
+	return func(s *tunnelServer) *tunnelServer {
+		s.tunnelClient = tunnelClient
+		return s
+	}
+}
diff --git a/pkg/agent/tunnelserver/tunnelserver.go b/pkg/agent/tunnelserver/tunnelserver.go
@@ -21,6 +21,7 @@ import (
 	"github.com/loft-sh/devpod/pkg/gpg"
 	"github.com/loft-sh/devpod/pkg/loftconfig"
 	"github.com/loft-sh/devpod/pkg/netstat"
+	"github.com/loft-sh/devpod/pkg/platform"
 	provider2 "github.com/loft-sh/devpod/pkg/provider"
 	"github.com/loft-sh/devpod/pkg/stdio"
 	"github.com/loft-sh/log"
@@ -53,11 +54,13 @@ func RunUpServer(ctx context.Context, reader io.Reader, writer io.WriteCloser, a
 	return tunnelServ.RunWithResult(ctx, reader, writer)
 }
 
-func RunSetupServer(ctx context.Context, reader io.Reader, writer io.WriteCloser, allowGitCredentials, allowDockerCredentials bool, mounts []*config.Mount, log log.Logger, options ...Option) (*config.Result, error) {
+func RunSetupServer(ctx context.Context, reader io.Reader, writer io.WriteCloser, allowGitCredentials, allowDockerCredentials bool, mounts []*config.Mount, tunnelClient tunnel.TunnelClient, log log.Logger, options ...Option) (*config.Result, error) {
 	opts := append(options, []Option{
 		WithMounts(mounts),
 		WithAllowGitCredentials(allowGitCredentials),
 		WithAllowDockerCredentials(allowDockerCredentials),
+		WithAllowKubeConfig(true),
+		WithTunnelClient(tunnelClient),
 	}...)
 	tunnelServ := New(log, opts...)
 
@@ -84,10 +87,12 @@ type tunnelServer struct {
 	forwarder              netstat.Forwarder
 	allowGitCredentials    bool
 	allowDockerCredentials bool
+	allowKubeConfig        bool
 	result                 *config.Result
 	workspace              *provider2.Workspace
 	log                    log.Logger
 	gitCredentialsOverride gitCredentialsOverride
+	tunnelClient           tunnel.TunnelClient
 }
 
 type gitCredentialsOverride struct {
@@ -292,6 +297,40 @@ func (t *tunnelServer) LoftConfig(ctx context.Context, message *tunnel.Message)
 	return &tunnel.Message{Message: string(out)}, nil
 }
 
+func (t *tunnelServer) KubeConfig(ctx context.Context, message *tunnel.Message) (*tunnel.Message, error) {
+	if !t.allowKubeConfig || t.tunnelClient == nil {
+		return nil, fmt.Errorf("kube config forbidden")
+	}
+
+	// fetch loft config from host machine
+	req, err := json.Marshal(loftconfig.LoftConfigRequest{})
+	if err != nil {
+		return nil, err
+	}
+	rawLoftConfigRes, err := t.tunnelClient.LoftConfig(ctx, &tunnel.Message{Message: string(req)})
+	if err != nil {
+		return nil, fmt.Errorf("fetch loft config: %w", err)
+	}
+	loftConfigRes := &loftconfig.LoftConfigResponse{}
+	err = json.Unmarshal([]byte(rawLoftConfigRes.Message), loftConfigRes)
+	if err != nil {
+		return nil, fmt.Errorf("get loft config: %w", err)
+	}
+
+	// get info from runner
+	spaceInstanceName := os.Getenv(platform.SpaceInstanceNameEnv)
+	virtualClusterInstanceName := os.Getenv(platform.VirtualClusterInstanceNameEnv)
+	namespace := os.Getenv(platform.InstanceNamespaceEnv)
+
+	// create kubeconfig based on info
+	kubeConfig, err := platform.NewInstanceKubeConfig(ctx, loftConfigRes.LoftConfig, spaceInstanceName, virtualClusterInstanceName, namespace)
+	if err != nil {
+		return nil, fmt.Errorf("create kube config: %w", err)
+	}
+
+	return &tunnel.Message{Message: string(kubeConfig)}, nil
+}
+
 func (t *tunnelServer) GPGPublicKeys(ctx context.Context, message *tunnel.Message) (*tunnel.Message, error) {
 	rawPubKeys, err := gpg.GetHostPubKey()
 	if err != nil {

diff --git a/pkg/devcontainer/run.go b/pkg/devcontainer/run.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/loft-sh/devpod/pkg/agent/tunnel"
 	"github.com/loft-sh/devpod/pkg/devcontainer/config"
 	"github.com/loft-sh/devpod/pkg/driver"
 	"github.com/loft-sh/devpod/pkg/driver/drivercreate"
@@ -48,6 +49,7 @@ type Runner interface {
 func NewRunner(
 	agentPath, agentDownloadURL string,
 	workspaceConfig *provider2.AgentWorkspaceInfo,
+	tunnelClient tunnel.TunnelClient,
 	log log.Logger,
 ) (Runner, error) {
 	driver, err := drivercreate.NewDriver(workspaceConfig, log)
@@ -64,12 +66,14 @@ func NewRunner(
 		LocalWorkspaceFolder: workspaceConfig.ContentFolder,
 		ID:                   GetRunnerIDFromWorkspace(workspaceConfig.Workspace),
 		WorkspaceConfig:      workspaceConfig,
+		TunnelClient:         tunnelClient,
 		Log:                  log,
 	}, nil
 }
 
 type runner struct {
-	Driver driver.Driver
+	Driver       driver.Driver
+	TunnelClient tunnel.TunnelClient
 
 	WorkspaceConfig  *provider2.AgentWorkspaceInfo
 	AgentPath        string

diff --git a/pkg/devcontainer/setup.go b/pkg/devcontainer/setup.go
@@ -141,6 +141,7 @@ func (r *runner) setupContainer(
 				r.WorkspaceConfig.Agent.InjectGitCredentials != "false",
 				r.WorkspaceConfig.Agent.InjectDockerCredentials != "false",
 				config.GetMounts(result),
+				r.TunnelClient,
 				r.Log,
 			)
 		},