kobsio · ricoberger · Jan 7, 2022 · Jan 7, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,7 @@ NOTE: As semantic versioning states all 0.y.z releases can contain breaking chan
 - [#277](https://github.com/kobsio/kobs/pull/277): Support multiple versions for the documentation.
 - [#282](https://github.com/kobsio/kobs/pull/282): [helm] Add permission handling based on clusters, namespaces and the names of Helm releases.
 - [#283](https://github.com/kobsio/kobs/pull/283): [core] Add optional `defaultTime` argument to `getTimeParams` function to overwrite the default time range.
+- [#285](https://github.com/kobsio/kobs/pull/285): [core] Add `/api/debug` endpoints for debugging the API server.
 
 ### Fixed
 

diff --git a/deploy/helm/kobs/Chart.yaml b/deploy/helm/kobs/Chart.yaml
@@ -4,5 +4,5 @@ description: Kubernetes Observability Platform
 type: application
 home: https://kobs.io
 icon: https://kobs.io/assets/images/logo.svg
-version: 0.10.0
+version: 0.10.1
 appVersion: v0.7.0
diff --git a/deploy/helm/kobs/templates/deployment.yaml b/deploy/helm/kobs/templates/deployment.yaml
@@ -33,6 +33,7 @@ spec:
           imagePullPolicy: {{ .Values.kobs.image.pullPolicy }}
           args:
             - --development={{ .Values.kobs.settings.development }}
+            - --api.debug={{ .Values.kobs.settings.debug }}
             - --api.auth.enabled={{ .Values.kobs.settings.auth.enabled }}
             - --api.auth.header.teams={{ .Values.kobs.settings.auth.headerTeams }}
             - --api.auth.header.user={{ .Values.kobs.settings.auth.headerUser }}

diff --git a/deploy/helm/kobs/values.yaml b/deploy/helm/kobs/values.yaml
@@ -113,6 +113,7 @@ kobs:
   ##
   settings:
     development: false
+    debug: false
     auth:
       enabled: false
       headerTeams: X-Auth-Request-Groups

diff --git a/docs/configuration/getting-started.md b/docs/configuration/getting-started.md
@@ -15,6 +15,7 @@ The following command-line arguments and environment variables are available.
 | `--api.auth.header.user string` | `KOBS_API_AUTH_HEADER_USER` | The header, which contains the user id. | `X-Auth-Request-Email` |
 | `--api.auth.session.interval duration` | `KOBS_API_AUTH_SESSION_INTERVAL` | The interval for how long a session is valid. | `48h0m0s` |
 | `--api.auth.session.token string` | `KOBS_API_AUTH_SESSION_TOKEN` | The token to encrypt the session cookie. | |
+| `--api.debug` | | Enable `/api/debug` endpoints for the API server. | `false` |
 | `--app.address` | `KOBS_APP_ADDRESS` | The address, where the Application server is listen on. | `:15219` |
 | `--app.assets` | `KOBS_APP_ASSETS` | The location of the assets directory. | `app/build` |
 | `--clusters.cache-duration.namespaces` | `KOBS_CLUSTERS_CACHE_DURATION_NAMESPACES` | The duration, for how long requests to get the list of namespaces should be cached. | `5m` |

diff --git a/docs/installation/helm.md b/docs/installation/helm.md
@@ -67,6 +67,7 @@ helm upgrade --install kobs kobs/kobs
 | `kobs.volumeMounts` | Specify additional volumeMounts for the kobs container. | `[]` |
 | `kobs.env` | Set additional environment variables for the kobs container. | `[]` |
 | `kobs.settings.development` | Run kobs in development mode. | `false` |
+| `kobs.settings.debug` | Enable the `/api/debug` endpoints for the API server. | `false` |
 | `kobs.settings.auth.enabled` | Enable the authentication and authorization middleware. | `false` |
 | `kobs.settings.auth.headerTeams` | The header, which contains the team ids. | `X-Auth-Request-Email` |
 | `kobs.settings.auth.headerUser` | The header, which contains the user id. | `X-Auth-Request-Groups` |

diff --git a/docs/plugins/azure.md b/docs/plugins/azure.md
@@ -28,7 +28,7 @@ plugins:
 | name | string | Name of the Azure instance. | Yes |
 | displayName | string | Name of the Azure instance as it is shown in the UI. | Yes |
 | descriptions | string | Description of the Azure instance. | No |
-| permissionsEnabled | boolean | Enable the permission handling. The permissions can be defined via the [PermissionsCustom](../resources/teams.md#permissionscustom) in a team. An example of the permission format can be found in the [usage](#usage) section of this page. | No |
+| permissionsEnabled | boolean | Enable the permission handling. An example of the permission format can be found in the [usage](#usage) section of this page. | No |
 | credentials | [Credentials](#credentials) | The credentials to access the Azure API. | Yes |
 
 ### Credentials

diff --git a/docs/plugins/helm.md b/docs/plugins/helm.md
@@ -6,6 +6,20 @@ The Helm plugin can be used to manage Helm releases within kobs.
 
 ![Details](assets/helm-details.png)
 
+## Configuration
+
+The following configuration can be used for the Helm plugin.
+
+```yaml
+plugins:
+  helm:
+    permissionsEnabled: true
+```
+
+| Field | Type | Description | Required |
+| ----- | ---- | ----------- | -------- |
+| permissionsEnabled | boolean | Enable the permission handling. An example of the permission format can be found in the [usage](#usage) section of this page. | No |
+
 ## Options
 
 The following options can be used for a panel with the Helm plugin:

diff --git a/pkg/api/api.go b/pkg/api/api.go
@@ -2,7 +2,10 @@ package api
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"net/http/httputil"
+	"net/http/pprof"
 	"os"
 	"time"
 
@@ -22,6 +25,7 @@ import (
 
 var (
 	address string
+	debug   bool
 )
 
 // init is used to define all flags, which are needed for the api server. We have to define the address, where the api
@@ -33,6 +37,7 @@ func init() {
 	}
 
 	flag.StringVar(&address, "api.address", defaultAddress, "The address, where the API server is listen on.")
+	flag.BoolVar(&debug, "api.debug", false, "Enable \"/api/debug\" endpoints for the API server.")
 }
 
 // Server implements the api server. The api server is used to serve the rest api for kobs.
@@ -87,6 +92,33 @@ func New(clustersClient clusters.Client, pluginsRouter chi.Router, isDevelopment
 		render.JSON(w, r, nil)
 	})
 
+	if debug {
+		router.Route("/api/debug", func(r chi.Router) {
+			r.Get("/request/dump", func(w http.ResponseWriter, r *http.Request) {
+				dump, err := httputil.DumpRequest(r, true)
+				if err != nil {
+					http.Error(w, fmt.Sprint(err), http.StatusInternalServerError)
+					return
+				}
+
+				fmt.Fprintf(w, "%s", string(dump))
+			})
+
+			r.HandleFunc("/pprof/", pprof.Index)
+			r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
+			r.HandleFunc("/pprof/profile", pprof.Profile)
+			r.HandleFunc("/pprof/symbol", pprof.Symbol)
+
+			r.Handle("/pprof/allocs", pprof.Handler("allocs"))
+			r.Handle("/pprof/block", pprof.Handler("block"))
+			r.Handle("/pprof/goroutine", pprof.Handler("goroutine"))
+			r.Handle("/pprof/heap", pprof.Handler("heap"))
+			r.Handle("/pprof/mutex", pprof.Handler("mutex"))
+			r.Handle("/pprof/threadcreate", pprof.Handler("threadcreate"))
+			r.Handle("/pprof/trace", pprof.Handler("trace"))
+		})
+	}
+
 	router.Route("/api", func(r chi.Router) {
 		r.Use(middleware.RequestID)
 		r.Use(middleware.Recoverer)

diff --git a/pkg/api/middleware/auth/auth.go b/pkg/api/middleware/auth/auth.go
@@ -128,8 +128,10 @@ func (a *Auth) Handler(next http.Handler) http.Handler {
 				}
 
 				http.SetCookie(w, &http.Cookie{
-					Name:  "kobs-auth",
-					Value: token,
+					Name:     "kobs-auth",
+					Value:    token,
+					Secure:   true,
+					HttpOnly: true,
 				})
 				ctx = context.WithValue(ctx, authContext.UserKey, user)
 			} else {
@@ -157,8 +159,10 @@ func (a *Auth) Handler(next http.Handler) http.Handler {
 					}
 
 					http.SetCookie(w, &http.Cookie{
-						Name:  "kobs-auth",
-						Value: token,
+						Name:     "kobs-auth",
+						Value:    token,
+						Secure:   true,
+						HttpOnly: true,
 					})
 					ctx = context.WithValue(ctx, authContext.UserKey, newUser)
 				} else {