Initial plan for kubeapps backend API which can be used by 3rd parties. #1347
Conversation
| @@ -79,6 +79,18 @@ data: | |||
| {{- end }} | |||
| } | |||
|
|
|||
| location ~* /api/backend { | |||
There was a problem hiding this comment.
So the current config already defines things like /api/tillerdeploy and /api/chartsvc, so I need /api/<something> to maintain the same namespacing, but I'd actually prefer to just use /api rather than /api/backend.
Since this will be used by 3rd parties, prefixing with /backend doesn't really make sense or help. For example, this endpoint could/should just be /api/apprepositories. Thoughts?
There was a problem hiding this comment.
I agree that the /backend part is not adding anything to the endpoint definition so I am okay using /api/apprepositories instead.
cmd/tiller-proxy/main.go
Outdated
| appreposHandler := handler.AppRepositories{} | ||
| backendAPIv1 := r.PathPrefix("/backend/v1").Subrouter() | ||
| backendAPIv1.Methods("POST").Path("/apprepositories").Handler(negroni.New( | ||
| authGate, |
There was a problem hiding this comment.
I've used authGate here simply because it appears for all the other handlers, but I don't see why it's necessary here, as I'll be hitting the k8s API with the users credentials (with the id_token or access_token sent with the request), rather than something like tiller which runs with a service account. So I'll happily remove it :)
There was a problem hiding this comment.
yes, it's probably not needed. I'd only see it useful if we do something (e.g. fetching credentials) before doing the actual request to the k8s API.
| @@ -79,6 +79,18 @@ data: | |||
| {{- end }} | |||
| } | |||
|
|
|||
| location ~* /api/backend { | |||
There was a problem hiding this comment.
I agree that the /backend part is not adding anything to the endpoint definition so I am okay using /api/apprepositories instead.
cmd/tiller-proxy/main.go
Outdated
| appreposHandler := handler.AppRepositories{} | ||
| backendAPIv1 := r.PathPrefix("/backend/v1").Subrouter() | ||
| backendAPIv1.Methods("POST").Path("/apprepositories").Handler(negroni.New( | ||
| authGate, |
There was a problem hiding this comment.
yes, it's probably not needed. I'd only see it useful if we do something (e.g. fetching credentials) before doing the actual request to the k8s API.
Suddenly, I couldn't get Kubeapps to start with `useHelm3: true`, making me spend several hours trying various more or less random fixes. (I thought I had messed something up with Docker or Minikube, so I didn't think of bisecting or inspecting the YAML files.) The reason turned out to be this unconditional proxy_pass directive introduced in vmware-tanzu#1347: https://github.com/kubeapps/kubeapps/pull/1347/files#diff-b0b5b871c8bf5a72f95d417c97266ae0R100 I fixed it in vmware-tanzu#1382. This commit is intended to prevent something similar from happening again; it's not at all obvious that the proxy_pass directives must be conditional.
Suddenly, I couldn't get Kubeapps to start with `useHelm3: true`, making me spend several hours trying various more or less random fixes. (I thought I had messed something up with Docker or Minikube, so I didn't think of bisecting or inspecting the YAML files.) The reason turned out to be this unconditional proxy_pass directive introduced in #1347: https://github.com/kubeapps/kubeapps/pull/1347/files#diff-b0b5b871c8bf5a72f95d417c97266ae0R100 I fixed it in #1382. This commit is intended to prevent something similar from happening again; it's not at all obvious that the proxy_pass directives must be conditional.
Description of the change
Initial plan with stub handler for implementing a backend API which can be used for 3rd party integrations.
Benefits
See https://github.com/kubeapps/kubeapps/blob/master/docs/architecture/design-proposals/third-party-add-repository.md
Possible drawbacks
Until the helm3 work has settled, we don't have an obvious place for the backend API, so I'm including it in tiller-proxy for the moment, but using the frontend config to keep it independent (ie. we can easily move it later).
Applicable issues
Relates to: #1173
Additional information
There are a couple of questions I have regarding the direction, which I'll mention in-line.