Merge pull request #2111 from krmodelski/proxy-url-release-1.x

Add proxy support

Author: k8s-ci-robot

package-lock.json

@@ -65,12 +65,14 @@
         "@types/tar": "^6.1.1",
         "@types/ws": "^8.5.4",
         "form-data": "^4.0.0",
+        "hpagent": "^1.2.0",
         "isomorphic-ws": "^5.0.0",
         "js-yaml": "^4.1.0",
         "jsonpath-plus": "^10.2.0",
         "node-fetch": "^2.6.9",
         "openid-client": "^6.1.3",
         "rfc4648": "^1.3.0",
+        "socks-proxy-agent": "^8.0.4",
         "stream-buffers": "^3.0.2",
         "tar": "^7.0.0",
         "tmp-promise": "^3.0.2",

package.json

@@ -33,6 +33,8 @@ import {
 import { OpenIDConnectAuth } from './oidc_auth.js';
 import WebSocket from 'isomorphic-ws';
 import child_process from 'node:child_process';
+import { SocksProxyAgent } from 'socks-proxy-agent';
+import { HttpProxyAgent, HttpProxyAgentOptions, HttpsProxyAgent, HttpsProxyAgentOptions } from 'hpagent';
 
 const SERVICEACCOUNT_ROOT: string = '/var/run/secrets/kubernetes.io/serviceaccount';
 const SERVICEACCOUNT_CA_PATH: string = SERVICEACCOUNT_ROOT + '/ca.crt';
@@ -171,6 +173,7 @@ export class KubeConfig implements SecurityAuthentication {
 
     public async applyToHTTPSOptions(opts: https.RequestOptions | WebSocket.ClientOptions): Promise<void> {
         const user = this.getCurrentUser();
+        const cluster = this.getCurrentCluster();
 
         await this.applyOptions(opts);
 
@@ -205,7 +208,7 @@ export class KubeConfig implements SecurityAuthentication {
         agentOptions.secureProtocol = opts.secureProtocol;
         agentOptions.sessionIdContext = opts.sessionIdContext;
 
-        opts.agent = new https.Agent(agentOptions);
+        opts.agent = this.createAgent(cluster, agentOptions);
     }
 
     /**
@@ -248,7 +251,7 @@ export class KubeConfig implements SecurityAuthentication {
         agentOptions.passphrase = httpsOptions.passphrase;
         agentOptions.rejectUnauthorized = httpsOptions.rejectUnauthorized;
 
-        context.setAgent(new https.Agent(agentOptions));
+        context.setAgent(this.createAgent(cluster, agentOptions));
     }
 
     /**
@@ -509,6 +512,32 @@ export class KubeConfig implements SecurityAuthentication {
         return this.getContextObject(this.currentContext);
     }
 
+    private createAgent(
+        cluster: Cluster | null,
+        agentOptions: https.AgentOptions,
+    ): https.Agent | SocksProxyAgent | HttpProxyAgent | HttpsProxyAgent {
+        let agent: https.Agent | SocksProxyAgent | HttpProxyAgent | HttpsProxyAgent;
+
+        if (cluster && cluster.proxyUrl) {
+            if (cluster.proxyUrl.startsWith('socks')) {
+                agent = new SocksProxyAgent(cluster.proxyUrl, agentOptions);
+            } else if (cluster.server.startsWith('https')) {
+                const httpsProxyAgentOptions: HttpsProxyAgentOptions = agentOptions as HttpsProxyAgentOptions;
+                httpsProxyAgentOptions.proxy = cluster.proxyUrl;
+                agent = new HttpsProxyAgent(httpsProxyAgentOptions);
+            } else if (cluster.server.startsWith('http')) {
+                const httpProxyAgentOptions: HttpProxyAgentOptions = agentOptions as HttpProxyAgentOptions;
+                httpProxyAgentOptions.proxy = cluster.proxyUrl;
+                agent = new HttpProxyAgent(httpProxyAgentOptions);
+            } else {
+                throw new Error('Unsupported proxy type');
+            }
+        } else {
+            agent = new https.Agent(agentOptions);
+        }
+        return agent;
+    }
+
     private applyHTTPSOptions(opts: https.RequestOptions | WebSocket.ClientOptions): void {
         const cluster = this.getCurrentCluster();
         const user = this.getCurrentUser();