add proxy support

Author: krmodelski

package-lock.json

@@ -63,7 +63,8 @@
         "stream-buffers": "^3.0.2",
         "tar": "^7.0.0",
         "tslib": "^2.4.1",
-        "ws": "^8.18.0"
+        "ws": "^8.18.0",
+        "socks-proxy-agent": "^8.0.4"
     },
     "devDependencies": {
         "@types/byline": "^4.2.31",

package.json

@@ -7,6 +7,7 @@ import path = require('path');
 
 import request = require('request');
 import WebSocket = require('ws');
+import SocksProxyAgent = require('socks-proxy-agent');
 
 import * as api from './api';
 import { Authenticator } from './auth';
@@ -170,6 +171,14 @@ export class KubeConfig {
         if (cluster && cluster.tlsServerName) {
             opts.agentOptions = { servername: cluster.tlsServerName } as https.AgentOptions;
         }
+
+        if (cluster?.proxyUrl) {
+            if (cluster.proxyUrl.startsWith('socks')) {
+                opts.agent = new SocksProxyAgent.SocksProxyAgent(cluster.proxyUrl);
+            } else {
+                opts.proxy = cluster.proxyUrl;
+            }
+        }
     }
 
     public loadFromString(config: string, opts?: Partial<ConfigOptions>): void {

src/config.ts

@@ -36,6 +36,7 @@ function validateFileLoad(kc: KubeConfig) {
     expect(cluster1.name).to.equal('cluster1');
     expect(cluster1.caData).to.equal('Q0FEQVRB');
     expect(cluster1.server).to.equal('http://example.com');
+    expect(cluster1.proxyUrl).to.equal('socks5://localhost:1181');
     expect(cluster2.name).to.equal('cluster2');
     expect(cluster2.caData).to.equal('Q0FEQVRBMg==');
     expect(cluster2.server).to.equal('http://example2.com');
@@ -403,6 +404,33 @@ describe('KubeConfig', () => {
                 rejectUnauthorized: false,
             });
         });
+        it('should apply proxy to request.Options', async () => {
+            const kc = new KubeConfig();
+            kc.loadFromFile(kc2FileName);
+
+            const opts = {} as requestlib.Options;
+
+            await kc.applyToRequest(opts);
+            console.log(opts);
+
+            expect(opts).to.deep.equal({
+                headers: {},
+                ca: Buffer.from('CADAT@', 'utf-8'),
+                cert: Buffer.from(']SER_CADATA', 'utf-8'),
+                key: Buffer.from(']SER_CKDATA', 'utf-8'),
+                proxy: 'https://localhost:1181',
+            });
+        });
+        it('should apply agent to request.Options', async () => {
+            const kc = new KubeConfig();
+            kc.loadFromFile(kcFileName);
+
+            const opts = {} as requestlib.Options;
+
+            await kc.applyToRequest(opts);
+
+            expect(opts.agent).to.exist;
+        });
     });
 
     describe('loadClusterConfigObjects', () => {

src/config_test.ts

@@ -22,6 +22,7 @@ export interface Cluster {
     readonly server: string;
     readonly skipTLSVerify?: boolean;
     readonly tlsServerName?: string;
+    readonly proxyUrl?: string;
 }
 
 export function newClusters(a: any, opts?: Partial<ConfigOptions>): Cluster[] {
@@ -43,6 +44,7 @@ export function exportCluster(cluster: Cluster): any {
             'certificate-authority': cluster.caFile,
             'insecure-skip-tls-verify': cluster.skipTLSVerify,
             'tls-server-name': cluster.tlsServerName,
+            'proxy-url': cluster.proxyUrl,
         },
     };
 }
@@ -68,6 +70,7 @@ function clusterIterator(
                 server: elt.cluster.server.replace(/\/$/, ''),
                 skipTLSVerify: elt.cluster['insecure-skip-tls-verify'] === true,
                 tlsServerName: elt.cluster['tls-server-name'],
+                proxyUrl: elt.cluster['proxy-url'],
             };
         } catch (err) {
             switch (onInvalidEntry) {

src/config_types.ts

@@ -126,7 +126,7 @@ export class WebSocketHandler implements WebSocketInterface {
         if (data instanceof Buffer) {
             data.copy(buff, 1);
         } else {
-            buff.write(data, 1);
+            buff.write(data as string, 1);
         }
 
         let i = 0;

src/web-socket-handler.ts

@@ -1,8 +1,9 @@
 apiVersion: v1
 clusters:
 - cluster:
-    certificate-authority-data: Q0FEQVRA 
+    certificate-authority-data: Q0FEQVRA
     server: http://example2.com
+    proxy-url: https://localhost:1181
   name: clusterA
 
 contexts:
@@ -27,4 +28,3 @@ users:
   user:
     username: foo
     password: bar
-    

testdata/kubeconfig-2.yaml

@@ -1,20 +1,22 @@
 apiVersion: v1
 clusters:
 - cluster:
-    certificate-authority-data: Q0FEQVRB 
-    server: http://example.com 
-  name: cluster1 
+    certificate-authority-data: Q0FEQVRB
+    server: http://example.com
+    proxy-url: socks5://localhost:1181
+  name: cluster1
 - cluster:
     certificate-authority-data: Q0FEQVRBMg==
     server: http://example2.com
     insecure-skip-tls-verify: true
+    proxy-url: socks5://example2:8888
   name: cluster2
 
 contexts:
 - context:
-    cluster: cluster1 
+    cluster: cluster1
     user: user1
-  name: context1 
+  name: context1
 - context:
     cluster: cluster2
     namespace: namespace2
@@ -25,7 +27,7 @@ contexts:
     user: user3
   name: passwd
 
-current-context: context2 
+current-context: context2
 kind: Config
 preferences: {}
 users:
@@ -40,4 +42,4 @@ users:
 - name: user3
   user:
     username: foo
-    password: bar
+    password: bar