diff --git a/CHANGELOG.md b/CHANGELOG.md index a2b9d7ca6..cddab1bcf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ NOTE: As semantic versioning states all 0.y.z releases can contain breaking chan - [#277](https://github.com/kobsio/kobs/pull/277): Support multiple versions for the documentation. - [#282](https://github.com/kobsio/kobs/pull/282): [helm] Add permission handling based on clusters, namespaces and the names of Helm releases. - [#283](https://github.com/kobsio/kobs/pull/283): [core] Add optional `defaultTime` argument to `getTimeParams` function to overwrite the default time range. +- [#285](https://github.com/kobsio/kobs/pull/285): [core] Add `/api/debug` endpoints for debugging the API server. ### Fixed diff --git a/deploy/helm/kobs/Chart.yaml b/deploy/helm/kobs/Chart.yaml index 6c3dd289b..7203f1169 100644 --- a/deploy/helm/kobs/Chart.yaml +++ b/deploy/helm/kobs/Chart.yaml @@ -4,5 +4,5 @@ description: Kubernetes Observability Platform type: application home: https://kobs.io icon: https://kobs.io/assets/images/logo.svg -version: 0.10.0 +version: 0.10.1 appVersion: v0.7.0 diff --git a/deploy/helm/kobs/templates/deployment.yaml b/deploy/helm/kobs/templates/deployment.yaml index 0c5176a1d..e0cd85178 100644 --- a/deploy/helm/kobs/templates/deployment.yaml +++ b/deploy/helm/kobs/templates/deployment.yaml @@ -33,6 +33,7 @@ spec: imagePullPolicy: {{ .Values.kobs.image.pullPolicy }} args: - --development={{ .Values.kobs.settings.development }} + - --api.debug={{ .Values.kobs.settings.debug }} - --api.auth.enabled={{ .Values.kobs.settings.auth.enabled }} - --api.auth.header.teams={{ .Values.kobs.settings.auth.headerTeams }} - --api.auth.header.user={{ .Values.kobs.settings.auth.headerUser }} diff --git a/deploy/helm/kobs/values.yaml b/deploy/helm/kobs/values.yaml index 2defdafc5..3f4a0465d 100644 --- a/deploy/helm/kobs/values.yaml +++ b/deploy/helm/kobs/values.yaml @@ -113,6 +113,7 @@ kobs: ## settings: development: false + debug: false auth: enabled: false headerTeams: X-Auth-Request-Groups diff --git a/docs/configuration/getting-started.md b/docs/configuration/getting-started.md index 24622a9bd..3e073ac9c 100644 --- a/docs/configuration/getting-started.md +++ b/docs/configuration/getting-started.md @@ -15,6 +15,7 @@ The following command-line arguments and environment variables are available. | `--api.auth.header.user string` | `KOBS_API_AUTH_HEADER_USER` | The header, which contains the user id. | `X-Auth-Request-Email` | | `--api.auth.session.interval duration` | `KOBS_API_AUTH_SESSION_INTERVAL` | The interval for how long a session is valid. | `48h0m0s` | | `--api.auth.session.token string` | `KOBS_API_AUTH_SESSION_TOKEN` | The token to encrypt the session cookie. | | +| `--api.debug` | | Enable `/api/debug` endpoints for the API server. | `false` | | `--app.address` | `KOBS_APP_ADDRESS` | The address, where the Application server is listen on. | `:15219` | | `--app.assets` | `KOBS_APP_ASSETS` | The location of the assets directory. | `app/build` | | `--clusters.cache-duration.namespaces` | `KOBS_CLUSTERS_CACHE_DURATION_NAMESPACES` | The duration, for how long requests to get the list of namespaces should be cached. | `5m` | diff --git a/docs/installation/helm.md b/docs/installation/helm.md index a49139987..b987394f0 100644 --- a/docs/installation/helm.md +++ b/docs/installation/helm.md @@ -67,6 +67,7 @@ helm upgrade --install kobs kobs/kobs | `kobs.volumeMounts` | Specify additional volumeMounts for the kobs container. | `[]` | | `kobs.env` | Set additional environment variables for the kobs container. | `[]` | | `kobs.settings.development` | Run kobs in development mode. | `false` | +| `kobs.settings.debug` | Enable the `/api/debug` endpoints for the API server. | `false` | | `kobs.settings.auth.enabled` | Enable the authentication and authorization middleware. | `false` | | `kobs.settings.auth.headerTeams` | The header, which contains the team ids. | `X-Auth-Request-Email` | | `kobs.settings.auth.headerUser` | The header, which contains the user id. | `X-Auth-Request-Groups` | diff --git a/docs/plugins/azure.md b/docs/plugins/azure.md index 387e0b5f1..2678bf302 100644 --- a/docs/plugins/azure.md +++ b/docs/plugins/azure.md @@ -28,7 +28,7 @@ plugins: | name | string | Name of the Azure instance. | Yes | | displayName | string | Name of the Azure instance as it is shown in the UI. | Yes | | descriptions | string | Description of the Azure instance. | No | -| permissionsEnabled | boolean | Enable the permission handling. The permissions can be defined via the [PermissionsCustom](../resources/teams.md#permissionscustom) in a team. An example of the permission format can be found in the [usage](#usage) section of this page. | No | +| permissionsEnabled | boolean | Enable the permission handling. An example of the permission format can be found in the [usage](#usage) section of this page. | No | | credentials | [Credentials](#credentials) | The credentials to access the Azure API. | Yes | ### Credentials diff --git a/docs/plugins/helm.md b/docs/plugins/helm.md index 8e255bb2a..57bad13e0 100644 --- a/docs/plugins/helm.md +++ b/docs/plugins/helm.md @@ -6,6 +6,20 @@ The Helm plugin can be used to manage Helm releases within kobs. ![Details](assets/helm-details.png) +## Configuration + +The following configuration can be used for the Helm plugin. + +```yaml +plugins: + helm: + permissionsEnabled: true +``` + +| Field | Type | Description | Required | +| ----- | ---- | ----------- | -------- | +| permissionsEnabled | boolean | Enable the permission handling. An example of the permission format can be found in the [usage](#usage) section of this page. | No | + ## Options The following options can be used for a panel with the Helm plugin: diff --git a/pkg/api/api.go b/pkg/api/api.go index 16811cd2a..1637b664d 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -2,7 +2,10 @@ package api import ( "context" + "fmt" "net/http" + "net/http/httputil" + "net/http/pprof" "os" "time" @@ -22,6 +25,7 @@ import ( var ( address string + debug bool ) // init is used to define all flags, which are needed for the api server. We have to define the address, where the api @@ -33,6 +37,7 @@ func init() { } flag.StringVar(&address, "api.address", defaultAddress, "The address, where the API server is listen on.") + flag.BoolVar(&debug, "api.debug", false, "Enable \"/api/debug\" endpoints for the API server.") } // Server implements the api server. The api server is used to serve the rest api for kobs. @@ -87,6 +92,33 @@ func New(clustersClient clusters.Client, pluginsRouter chi.Router, isDevelopment render.JSON(w, r, nil) }) + if debug { + router.Route("/api/debug", func(r chi.Router) { + r.Get("/request/dump", func(w http.ResponseWriter, r *http.Request) { + dump, err := httputil.DumpRequest(r, true) + if err != nil { + http.Error(w, fmt.Sprint(err), http.StatusInternalServerError) + return + } + + fmt.Fprintf(w, "%s", string(dump)) + }) + + r.HandleFunc("/pprof/", pprof.Index) + r.HandleFunc("/pprof/cmdline", pprof.Cmdline) + r.HandleFunc("/pprof/profile", pprof.Profile) + r.HandleFunc("/pprof/symbol", pprof.Symbol) + + r.Handle("/pprof/allocs", pprof.Handler("allocs")) + r.Handle("/pprof/block", pprof.Handler("block")) + r.Handle("/pprof/goroutine", pprof.Handler("goroutine")) + r.Handle("/pprof/heap", pprof.Handler("heap")) + r.Handle("/pprof/mutex", pprof.Handler("mutex")) + r.Handle("/pprof/threadcreate", pprof.Handler("threadcreate")) + r.Handle("/pprof/trace", pprof.Handler("trace")) + }) + } + router.Route("/api", func(r chi.Router) { r.Use(middleware.RequestID) r.Use(middleware.Recoverer) diff --git a/pkg/api/middleware/auth/auth.go b/pkg/api/middleware/auth/auth.go index d4226faac..b9a0a0ae9 100644 --- a/pkg/api/middleware/auth/auth.go +++ b/pkg/api/middleware/auth/auth.go @@ -128,8 +128,10 @@ func (a *Auth) Handler(next http.Handler) http.Handler { } http.SetCookie(w, &http.Cookie{ - Name: "kobs-auth", - Value: token, + Name: "kobs-auth", + Value: token, + Secure: true, + HttpOnly: true, }) ctx = context.WithValue(ctx, authContext.UserKey, user) } else { @@ -157,8 +159,10 @@ func (a *Auth) Handler(next http.Handler) http.Handler { } http.SetCookie(w, &http.Cookie{ - Name: "kobs-auth", - Value: token, + Name: "kobs-auth", + Value: token, + Secure: true, + HttpOnly: true, }) ctx = context.WithValue(ctx, authContext.UserKey, newUser) } else {