diff --git a/pkg/server/module_server.go b/pkg/server/module_server.go index 6eace202f1c..4da29457ba2 100644 --- a/pkg/server/module_server.go +++ b/pkg/server/module_server.go @@ -11,6 +11,7 @@ import ( "sync" "github.com/grafana/dskit/services" + "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/api" "github.com/grafana/grafana/pkg/infra/log" @@ -21,8 +22,8 @@ import ( // NewModule returns an instance of a ModuleServer, responsible for managing // dskit modules (services). -func NewModule(opts Options, apiOpts api.ServerOptions, cfg *setting.Cfg) (*ModuleServer, error) { - s, err := newModuleServer(opts, apiOpts, cfg) +func NewModule(opts Options, apiOpts api.ServerOptions, features featuremgmt.FeatureToggles, cfg *setting.Cfg) (*ModuleServer, error) { + s, err := newModuleServer(opts, apiOpts, features, cfg) if err != nil { return nil, err } @@ -34,7 +35,7 @@ func NewModule(opts Options, apiOpts api.ServerOptions, cfg *setting.Cfg) (*Modu return s, nil } -func newModuleServer(opts Options, apiOpts api.ServerOptions, cfg *setting.Cfg) (*ModuleServer, error) { +func newModuleServer(opts Options, apiOpts api.ServerOptions, features featuremgmt.FeatureToggles, cfg *setting.Cfg) (*ModuleServer, error) { rootCtx, shutdownFn := context.WithCancel(context.Background()) s := &ModuleServer{ @@ -44,6 +45,7 @@ func newModuleServer(opts Options, apiOpts api.ServerOptions, cfg *setting.Cfg) shutdownFn: shutdownFn, shutdownFinished: make(chan struct{}), log: log.New("base-server"), + features: features, cfg: cfg, pidFile: opts.PidFile, version: opts.Version, @@ -61,6 +63,7 @@ type ModuleServer struct { opts Options apiOpts api.ServerOptions + features featuremgmt.FeatureToggles context context.Context shutdownFn context.CancelFunc log log.Logger @@ -106,7 +109,7 @@ func (s *ModuleServer) Run() error { s.log.Debug("Waiting on services...") // Only allow individual dskit modules to run in dev mode. - if s.cfg.Env != "dev" { + if s.cfg.Env != "development" { if len(s.cfg.Target) > 1 || s.cfg.Target[0] != "all" { s.log.Error("dskit module targeting is only supported in dev mode. Falling back to 'all'") s.cfg.Target = []string{"all"} @@ -119,9 +122,13 @@ func (s *ModuleServer) Run() error { return NewService(s.cfg, s.opts, s.apiOpts) }) - m.RegisterModule(modules.GrafanaAPIServer, func() (services.Service, error) { - return grafanaapiserver.New(path.Join(s.cfg.DataPath, "k8s")) - }) + if s.features.IsEnabled(featuremgmt.FlagGrafanaAPIServer) { + m.RegisterModule(modules.GrafanaAPIServer, func() (services.Service, error) { + return grafanaapiserver.New(path.Join(s.cfg.DataPath, "k8s")) + }) + } else { + s.log.Debug("apiserver feature is disabled") + } m.RegisterModule(modules.All, nil) diff --git a/pkg/services/grafana-apiserver/service.go b/pkg/services/grafana-apiserver/service.go index 23161b22d05..9eb41de2f40 100644 --- a/pkg/services/grafana-apiserver/service.go +++ b/pkg/services/grafana-apiserver/service.go @@ -9,8 +9,8 @@ import ( "github.com/go-logr/logr" "github.com/grafana/dskit/services" - "github.com/grafana/grafana-apiserver/pkg/certgenerator" grafanaapiserveroptions "github.com/grafana/grafana-apiserver/pkg/cmd/server/options" + "github.com/grafana/grafana/pkg/modules" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/request/headerrequest" "k8s.io/apiserver/pkg/authentication/user" @@ -21,7 +21,7 @@ import ( clientcmdapi "k8s.io/client-go/tools/clientcmd/api" "k8s.io/klog/v2" - "github.com/grafana/grafana/pkg/modules" + "github.com/grafana/grafana-apiserver/pkg/certgenerator" ) const ( @@ -78,7 +78,6 @@ func (s *service) start(ctx context.Context) error { o.RecommendedOptions.Authorization.AlwaysAllowPaths = []string{"*"} o.RecommendedOptions.Authorization.AlwaysAllowGroups = []string{user.SystemPrivilegedGroup, "grafana"} o.RecommendedOptions.Etcd = nil - // TODO: setting CoreAPI to nil currently segfaults in grafana-apiserver o.RecommendedOptions.CoreAPI = nil // Get the util to get the paths to pre-generated certs @@ -86,13 +85,11 @@ func (s *service) start(ctx context.Context) error { K8sDataPath: s.dataPath, } - err := certUtil.InitializeCACertPKI() - if err != nil { + if err := certUtil.InitializeCACertPKI(); err != nil { return err } - err = certUtil.EnsureApiServerPKI(certgenerator.DefaultAPIServerIp) - if err != nil { + if err := certUtil.EnsureApiServerPKI(certgenerator.DefaultAPIServerIp); err != nil { return err } @@ -140,6 +137,33 @@ func (s *service) start(ctx context.Context) error { prepared := server.GenericAPIServer.PrepareRun() + // TODO: not sure if we can still inject RouteRegister with the new module server setup + // Disabling the /k8s endpoint until we have a solution + + /* handler := func(c *contextmodel.ReqContext) { + req := c.Req + req.URL.Path = strings.TrimPrefix(req.URL.Path, "/k8s") + if req.URL.Path == "" { + req.URL.Path = "/" + } + ctx := req.Context() + signedInUser := appcontext.MustUser(ctx) + + req.Header.Set("X-Remote-User", strconv.FormatInt(signedInUser.UserID, 10)) + req.Header.Set("X-Remote-Group", "grafana") + req.Header.Set("X-Remote-Extra-token-name", signedInUser.Name) + req.Header.Set("X-Remote-Extra-org-role", string(signedInUser.OrgRole)) + req.Header.Set("X-Remote-Extra-org-id", strconv.FormatInt(signedInUser.OrgID, 10)) + req.Header.Set("X-Remote-Extra-user-id", strconv.FormatInt(signedInUser.UserID, 10)) + + resp := responsewriter.WrapForHTTP1Or2(c.Resp) + prepared.GenericAPIServer.Handler.ServeHTTP(resp, req) + } + /* s.rr.Group("/k8s", func(k8sRoute routing.RouteRegister) { + k8sRoute.Any("/", middleware.ReqSignedIn, handler) + k8sRoute.Any("/*", middleware.ReqSignedIn, handler) + }) */ + go func() { s.stoppedCh <- prepared.Run(s.stopCh) }()