kubevirt · kubevirt-bot · Jun 29, 2023 · Jun 25, 2023 · nunnatsa · Jun 28, 2023
diff --git a/automation/release-bumper/release-bumper.sh b/automation/release-bumper/release-bumper.sh
@@ -78,6 +78,7 @@ function get_current_versions {
     ["HPPO"]=""
     ["HPP"]=""
     ["KUBEVIRT_CONSOLE_PLUGIN"]=""
+    ["KUBEVIRT_CONSOLE_PROXY"]=""
   )
 
   for component in "${!CURRENT_VERSIONS[@]}"; do
@@ -94,6 +95,7 @@ function get_updated_versions {
     ["HPPO"]="kubevirt/hostpath-provisioner-operator"
     ["HPP"]="kubevirt/hostpath-provisioner"
     ["KUBEVIRT_CONSOLE_PLUGIN"]="kubevirt-ui/kubevirt-plugin"
+    ["KUBEVIRT_CONSOLE_PROXY"]="kubevirt-ui/kubevirt-apiserver-proxy"
   )
 
   IMPORT_REPOS=(

diff --git a/controllers/hyperconverged/hyperconverged_controller_test.go b/controllers/hyperconverged/hyperconverged_controller_test.go
@@ -249,7 +249,7 @@ var _ = Describe("HyperconvergedController", func() {
 						foundResource),
 				).ToNot(HaveOccurred())
 				// Check conditions
-				Expect(foundResource.Status.RelatedObjects).To(HaveLen(20))
+				Expect(foundResource.Status.RelatedObjects).To(HaveLen(22))
 				expectedRef := corev1.ObjectReference{
 					Kind:            "PrometheusRule",
 					Namespace:       namespace,
@@ -314,7 +314,7 @@ var _ = Describe("HyperconvergedController", func() {
 
 				verifySystemHealthStatusError(foundResource)
 
-				Expect(foundResource.Status.RelatedObjects).To(HaveLen(19))
+				Expect(foundResource.Status.RelatedObjects).To(HaveLen(21))
 				expectedRef := corev1.ObjectReference{
 					Kind:            "PrometheusRule",
 					Namespace:       namespace,
@@ -827,7 +827,7 @@ var _ = Describe("HyperconvergedController", func() {
 				).To(Succeed())
 
 				Expect(foundResource.Status.RelatedObjects).ToNot(BeNil())
-				Expect(foundResource.Status.RelatedObjects).Should(HaveLen(19))
+				Expect(foundResource.Status.RelatedObjects).Should(HaveLen(21))
 				Expect(foundResource.ObjectMeta.Finalizers).Should(Equal([]string{FinalizerName}))
 
 				// Now, delete HCO

diff --git a/controllers/hyperconverged/testUtils_test.go b/controllers/hyperconverged/testUtils_test.go
@@ -125,7 +125,9 @@ type BasicExpected struct {
 	virtioWinRoleBinding *rbacv1.RoleBinding
 	hcoCRD               *apiextensionsv1.CustomResourceDefinition
 	consolePluginDeploy  *appsv1.Deployment
+	consoleProxyDeploy   *appsv1.Deployment
 	consolePluginSvc     *corev1.Service
+	consoleProxySvc      *corev1.Service
 	consolePlugin        *consolev1.ConsolePlugin
 	consoleConfig        *operatorv1.Console
 }
@@ -149,7 +151,9 @@ func (be BasicExpected) toArray() []client.Object {
 		be.virtioWinRoleBinding,
 		be.hcoCRD,
 		be.consolePluginDeploy,
+		be.consoleProxyDeploy,
 		be.consolePluginSvc,
+		be.consoleProxySvc,
 		be.consolePlugin,
 		be.consoleConfig,
 	}
@@ -267,13 +271,18 @@ func getBasicDeployment() *BasicExpected {
 	expectedVirtioWinRoleBinding := operands.NewVirtioWinCmReaderRoleBinding(hco)
 	res.virtioWinRoleBinding = expectedVirtioWinRoleBinding
 
-	expectedConsolePluginDeployment, err := operands.NewKvUIPluginDeplymnt(hco)
-	ExpectWithOffset(1, err).ToNot(HaveOccurred())
+	expectedConsolePluginDeployment := operands.NewKvUIPluginDeployment(hco)
 	res.consolePluginDeploy = expectedConsolePluginDeployment
 
+	expectedConsoleProxyDeployment := operands.NewKvUIProxyDeployment(hco)
+	res.consoleProxyDeploy = expectedConsoleProxyDeployment
+
 	expectedConsolePluginService := operands.NewKvUIPluginSvc(hco)
 	res.consolePluginSvc = expectedConsolePluginService
 
+	expectedConsoleProxyService := operands.NewKvUIProxySvc(hco)
+	res.consoleProxySvc = expectedConsoleProxyService
+
 	expectedConsolePlugin := operands.NewKVConsolePlugin(hco)
 	res.consolePlugin = expectedConsolePlugin
 

diff --git a/controllers/operands/kubevirtConsolePlugin.go b/controllers/operands/kubevirtConsolePlugin.go
@@ -26,23 +26,31 @@ import (
 )
 
 const (
-	kvUIPluginName           = "kubevirt-plugin"
-	kvUIPluginDeploymentName = string(hcoutil.AppComponentUIPlugin)
-	kvUIPluginSvcName        = kvUIPluginDeploymentName + "-service"
-	kvUIPluginNameEnv        = "UI_PLUGIN_NAME"
-	kvServingCertName        = "plugin-serving-cert"
-	nginxConfigMapName       = "nginx-conf"
+	kvUIPluginName            = "kubevirt-plugin"
+	kvUIPluginDeploymentName  = string(hcoutil.AppComponentUIPlugin)
+	kvUIProxyDeploymentName   = string(hcoutil.AppComponentUIProxy)
+	kvUIPluginSvcName         = kvUIPluginDeploymentName + "-service"
+	kvUIProxySvcName          = kvUIProxyDeploymentName + "-service"
+	kvUIPluginServingCertName = "plugin-serving-cert"
+	kvUIProxyServingCertName  = "console-proxy-serving-cert"
+	kvUIPluginServingCertPath = "/var/serving-cert"
+	kvUIProxyServingCertPath  = "/app/cert"
+	nginxConfigMapName        = "nginx-conf"
 )
 
 // **** Kubevirt UI Plugin Deployment Handler ****
 func newKvUIPluginDeploymentHandler(_ log.Logger, Client client.Client, Scheme *runtime.Scheme, hc *hcov1beta1.HyperConverged) ([]Operand, error) {
-	kvUIPluginDeployment, err := NewKvUIPluginDeplymnt(hc)
-	if err != nil {
-		return nil, err
-	}
+	kvUIPluginDeployment := NewKvUIPluginDeployment(hc)
 	return []Operand{newDeploymentHandler(Client, Scheme, kvUIPluginDeployment)}, nil
 }
 
+// **** Kubevirt UI apiserver proxy Deployment Handler ****
+func newKvUIProxyDeploymentHandler(_ log.Logger, Client client.Client, Scheme *runtime.Scheme, hc *hcov1beta1.HyperConverged) ([]Operand, error) {
+
+	kvUIProxyDeployment := NewKvUIProxyDeployment(hc)
+	return []Operand{newDeploymentHandler(Client, Scheme, kvUIProxyDeployment)}, nil
+}
+
 // **** nginx config map Handler ****
 func newKvUINginxCMHandler(_ log.Logger, Client client.Client, Scheme *runtime.Scheme, hc *hcov1beta1.HyperConverged) ([]Operand, error) {
 	kvUINginxCM := NewKVUINginxCM(hc)
@@ -57,14 +65,51 @@ func newKvUIPluginCRHandler(_ log.Logger, Client client.Client, Scheme *runtime.
 	return []Operand{newConsolePluginHandler(Client, Scheme, kvUIConsolePluginCR)}, nil
 }
 
-func NewKvUIPluginDeplymnt(hc *hcov1beta1.HyperConverged) (*appsv1.Deployment, error) {
+func NewKvUIPluginDeployment(hc *hcov1beta1.HyperConverged) *appsv1.Deployment {
 	// The env var was validated prior to handler creation
 	kvUIPluginImage, _ := os.LookupEnv(hcoutil.KVUIPluginImageEnvV)
-	labels := getLabels(hc, hcoutil.AppComponentUIPlugin)
+	deployment := getKvUIDeployment(hc, kvUIPluginDeploymentName, kvUIPluginImage,
+		kvUIPluginServingCertName, kvUIPluginServingCertPath, hcoutil.UIPluginServerPort, hcoutil.AppComponentUIPlugin)
+
+	nginxVolumeMount := corev1.VolumeMount{
+		Name:      nginxConfigMapName,
+		MountPath: "/etc/nginx/nginx.conf",
+		SubPath:   "nginx.conf",
+		ReadOnly:  true,
+	}
+
+	volumeMounts := &deployment.Spec.Template.Spec.Containers[0].VolumeMounts
+	*volumeMounts = append(*volumeMounts, nginxVolumeMount)
+
+	nginxVolume := corev1.Volume{
+		Name: nginxConfigMapName,
+		VolumeSource: corev1.VolumeSource{
+			ConfigMap: &corev1.ConfigMapVolumeSource{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: nginxConfigMapName,
+				},
+			},
+		},
+	}
+	volumes := &deployment.Spec.Template.Spec.Volumes
+	*volumes = append(*volumes, nginxVolume)
+	return deployment
+}
+
+func NewKvUIProxyDeployment(hc *hcov1beta1.HyperConverged) *appsv1.Deployment {
+	// The env var was validated prior to handler creation
+	kvUIProxyImage, _ := os.LookupEnv(hcoutil.KVUIProxyImageEnvV)
+	return getKvUIDeployment(hc, kvUIProxyDeploymentName, kvUIProxyImage, kvUIProxyServingCertName,
+		kvUIProxyServingCertPath, hcoutil.UIProxyServerPort, hcoutil.AppComponentUIProxy)
+}
+
+func getKvUIDeployment(hc *hcov1beta1.HyperConverged, deploymentName string, image string,
+	servingCertName string, servingCertPath string, port int32, componentName hcoutil.AppComponent) *appsv1.Deployment {
+	labels := getLabels(hc, componentName)
 
 	deployment := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      kvUIPluginDeploymentName,
+			Name:      deploymentName,
 			Labels:    labels,
 			Namespace: hc.Namespace,
 		},
@@ -85,8 +130,8 @@ func NewKvUIPluginDeplymnt(hc *hcov1beta1.HyperConverged) (*appsv1.Deployment, e
 					SecurityContext:    components.GetStdPodSecurityContext(),
 					Containers: []corev1.Container{
 						{
-							Name:            kvUIPluginDeploymentName,
-							Image:           kvUIPluginImage,
+							Name:            deploymentName,
+							Image:           image,
 							ImagePullPolicy: corev1.PullIfNotPresent,
 							Resources: corev1.ResourceRequirements{
 								Requests: map[corev1.ResourceName]resource.Quantity{
@@ -95,22 +140,16 @@ func NewKvUIPluginDeplymnt(hc *hcov1beta1.HyperConverged) (*appsv1.Deployment, e
 								},
 							},
 							Ports: []corev1.ContainerPort{{
-								ContainerPort: hcoutil.UIPluginServerPort,
+								ContainerPort: port,
 								Protocol:      corev1.ProtocolTCP,
 							}},
 							SecurityContext:          components.GetStdContainerSecurityContext(),
 							TerminationMessagePath:   corev1.TerminationMessagePathDefault,
 							TerminationMessagePolicy: corev1.TerminationMessageReadFile,
 							VolumeMounts: []corev1.VolumeMount{
 								{
-									Name:      kvServingCertName,
-									MountPath: "/var/serving-cert",
-									ReadOnly:  true,
-								},
-								{
-									Name:      nginxConfigMapName,
-									MountPath: "/etc/nginx/nginx.conf",
-									SubPath:   "nginx.conf",
+									Name:      servingCertName,
+									MountPath: servingCertPath,
 									ReadOnly:  true,
 								},
 							},
@@ -119,24 +158,14 @@ func NewKvUIPluginDeplymnt(hc *hcov1beta1.HyperConverged) (*appsv1.Deployment, e
 					PriorityClassName: "kubevirt-cluster-critical",
 					Volumes: []corev1.Volume{
 						{
-							Name: kvServingCertName,
+							Name: servingCertName,
 							VolumeSource: corev1.VolumeSource{
 								Secret: &corev1.SecretVolumeSource{
-									SecretName:  kvServingCertName,
+									SecretName:  servingCertName,
 									DefaultMode: pointer.Int32(420),
 								},
 							},
 						},
-						{
-							Name: nginxConfigMapName,
-							VolumeSource: corev1.VolumeSource{
-								ConfigMap: &corev1.ConfigMapVolumeSource{
-									LocalObjectReference: corev1.LocalObjectReference{
-										Name: nginxConfigMapName,
-									},
-								},
-							},
-						},
 					},
 				},
 			},
@@ -160,12 +189,17 @@ func NewKvUIPluginDeplymnt(hc *hcov1beta1.HyperConverged) (*appsv1.Deployment, e
 			copy(deployment.Spec.Template.Spec.Tolerations, hc.Spec.Infra.NodePlacement.Tolerations)
 		}
 	}
-	return deployment, nil
+	return deployment
 }
 
 func NewKvUIPluginSvc(hc *hcov1beta1.HyperConverged) *corev1.Service {
 	servicePorts := []corev1.ServicePort{
-		{Port: hcoutil.UIPluginServerPort, Name: kvUIPluginDeploymentName + "-port", Protocol: corev1.ProtocolTCP, TargetPort: intstr.IntOrString{Type: intstr.Int, IntVal: hcoutil.UIPluginServerPort}},
+		{
+			Port:       hcoutil.UIPluginServerPort,
+			Name:       kvUIPluginDeploymentName + "-port",
+			Protocol:   corev1.ProtocolTCP,
+			TargetPort: intstr.IntOrString{Type: intstr.Int, IntVal: hcoutil.UIPluginServerPort},
+		},
 	}
 
 	spec := corev1.ServiceSpec{
@@ -178,7 +212,35 @@ func NewKvUIPluginSvc(hc *hcov1beta1.HyperConverged) *corev1.Service {
 			Name:   kvUIPluginSvcName,
 			Labels: getLabels(hc, hcoutil.AppComponentUIPlugin),
 			Annotations: map[string]string{
-				"service.beta.openshift.io/serving-cert-secret-name": kvServingCertName,
+				"service.beta.openshift.io/serving-cert-secret-name": kvUIPluginServingCertName,
+			},
+			Namespace: hc.Namespace,
+		},
+		Spec: spec,
+	}
+}
+
+func NewKvUIProxySvc(hc *hcov1beta1.HyperConverged) *corev1.Service {
+	servicePorts := []corev1.ServicePort{
+		{
+			Port:       hcoutil.UIProxyServerPort,
+			Name:       kvUIProxyDeploymentName + "-port",
+			Protocol:   corev1.ProtocolTCP,
+			TargetPort: intstr.IntOrString{Type: intstr.Int, IntVal: hcoutil.UIProxyServerPort},
+		},
+	}
+
+	spec := corev1.ServiceSpec{
+		Ports:    servicePorts,
+		Selector: map[string]string{hcoutil.AppLabelComponent: string(hcoutil.AppComponentUIProxy)},
+	}
+
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:   kvUIProxySvcName,
+			Labels: getLabels(hc, hcoutil.AppComponentUIProxy),
+			Annotations: map[string]string{
+				"service.beta.openshift.io/serving-cert-secret-name": kvUIProxyServingCertName,
 			},
 			Namespace: hc.Namespace,
 		},
@@ -232,6 +294,18 @@ func NewKVConsolePlugin(hc *hcov1beta1.HyperConverged) *consolev1.ConsolePlugin
 					BasePath:  "/",
 				},
 			},
+			Proxy: []consolev1.ConsolePluginProxy{{
+				Alias:         kvUIProxyDeploymentName,
+				Authorization: consolev1.UserToken,
+				Endpoint: consolev1.ConsolePluginProxyEndpoint{
+					Type: consolev1.ProxyTypeService,
+					Service: &consolev1.ConsolePluginProxyServiceConfig{
+						Name:      kvUIProxySvcName,
+						Namespace: hc.Namespace,
+						Port:      hcoutil.UIProxyServerPort,
+					},
+				},
+			}},
 		},
 	}
 }