Currently, when Rancher tries to provision a Kubernetes cluster on vSphere, it needs to initiate API calls to the vSphere endpoint. In a hybrid cloud environment this often means that the Rancher server is not in the same network as the vSphere endpoint. Therefore inbound access is required to be added to a firewall so Rancher can reach the vSphere system. This naturally poses a security concern and creates administrative burden on our users who have to go through a security review to get this approved.

If instead of requiring direct API access, an agent could exist inside the network where the vSphere API lived, then this agent could broker the communication between the Rancher server and the downstream API. The agent would simply initiate an outbound API connection to the Rancher server (much like any node agent or cluster agent currently) and simultaneously proxy any API calls that Rancher needs to make to vSphere. This would also have the benefit of being able to be run through a HTTP proxy, which many security teams will appreciate as a less risky connectivity model.

Looking for hackers with the skills:

rancher backend api

This project is part of:

Hack Week 20

Activity

  • almost 4 years ago: equill liked this project.
  • almost 4 years ago: toe liked this project.
  • almost 4 years ago: jsevans liked this project.
  • almost 4 years ago: wjimenez added keyword "rancher" to this project.
  • almost 4 years ago: wjimenez added keyword "backend" to this project.
  • almost 4 years ago: wjimenez added keyword "api" to this project.
  • almost 4 years ago: wjimenez originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Cluster API Provider for Harvester by rcase

    Project Description

    The Cluster API "infrastructure provider" for Harvester, also named CAPHV, makes it possible to use Harvester with Cluster API. This enables people and organisations to create Kubernetes clusters running on VMs created by Harvester using a declarative spec.

    The project has been bootstrapped in HackWeek 23, and its code is available here.

    Work done in HackWeek 2023

    • Have a early working version of the provider available on Rancher Sandbox : *DONE *
    • Demonstrated the created cluster can be imported using Rancher Turtles: DONE
    • Stretch goal - demonstrate using the new provider with CAPRKE2: DONE and the templates are available on the repo

    Goals for HackWeek 2024

    • Add support for ClusterClass
    • Add e2e testing
    • Add more Unit Tests
    • Improve Status Conditions to reflect current state of Infrastructure
    • Improve CI (some bugs for release creation)
    • Testing with newer Harvester version (v1.3.X and v1.4.X)
    • Due to the length and complexity of the templates, maybe package some of them as Helm Charts.
    • Other improvement suggestions are welcome!

    DONE in HackWeek 24:

    Thanks to @isim and Dominic Giebert for their contributions!

    Resources

    Looking for help from anyone interested in Cluster API (CAPI) or who wants to learn more about Harvester.

    This will be an infrastructure provider for Cluster API. Some background reading for the CAPI aspect:


    Longhorn UI Extension (POC) by yiya.chen

    Description

    The goal is to create a Longhorn UI extension within Rancher using existing resources.
    Longhorn’s UI is built using React, while Rancher’s UI extensions are built using Vue. Developers will explore different approaches to integrate and extend Longhorn’s UI within Rancher’s Vue-based ecosystem, aiming to create a seamless, functional UI extension.

    Goals

    • Build a Longhorn UI extension (look and feel)
    • Support theme switching to align with Rancher’s UI

    Results

    • https://github.com/a110605/longhorn-hackday
    • https://github.com/a110605/longhorn-ui/tree/darkmode
    • https://github.com/houhoucoop/hackweek/tree/main/hackweek24

    Resources

    • Longhorn UI: https://github.com/longhorn/longhorn-ui
    • Rancher UI Extension: https://extensions.rancher.io/extensions/next/home
    • darkreader: https://www.npmjs.com/package/darkreader
    • veaury: https://github.com/gloriasoft/veaury
    • module federation: https://webpack.js.org/concepts/module-federation/


    CVE portal for SUSE Rancher products by gmacedo

    Description

    Currently it's a bit difficult for users to quickly see the list of CVEs affecting images in Rancher, RKE2, Harvester and Longhorn releases. Users need to individually look for each CVE in the SUSE CVE database page - https://www.suse.com/security/cve/ . This is not optimal, because those CVE pages are a bit hard to read and contain data for all SLE and BCI products too, making it difficult to easily see only the CVEs affecting the latest release of Rancher, for example. We understand that certain costumers are only looking for CVE data for Rancher and not SLE or BCI.

    Goals

    The objective is to create a simple to read and navigate page that contains only CVE data related to Rancher, RKE2, Harvester and Longhorn, where it's easy to search by a CVE ID, an image name or a release version. The page should also provide the raw data as an exportable CSV file.

    It must be an MVP with the minimal amount of effort/time invested, but still providing great value to our users and saving the wasted time that the Rancher Security team needs to spend by manually sharing such data. It might not be long lived, as it can be replaced in 2-3 years with a better SUSE wide solution.

    Resources

    • The page must be simple and easy to read.
    • The UI/UX must be as straightforward as possible with minimal visual noise.
    • The content must be created automatically from the raw data that we already have internally.
    • It must be updated automatically on a daily basis and on ad-hoc runs (when needed).
    • The CVE status must be aligned with VEX.
    • The raw data must be exportable as CSV file.
    • Ideally it will be written in Go or pure Shell script with basic HTML and no external dependencies in CSS or JS.


    Integrate Backstage with Rancher Manager by nwmacd

    Description

    Backstage (backstage.io) is an open-source, CNCF project that allows you to create your own developer portal. There are many plugins for Backstage.

    This could be a great compliment to Rancher Manager.

    Goals

    Learn and experiment with Backstage and look at how this could be integrated with Rancher Manager. Goal is to have some kind of integration completed in this Hack week.

    Progress

    Screen shot of home page at the end of Hackweek:

    Home

    Day One

    • Got Backstage running locally, understanding configuration with HTTPs.
    • Got Backstage embedded in an IFRAME inside of Rancher
    • Added content into the software catalog (see: https://backstage.io/docs/features/techdocs/getting-started/)
    • Understood more about the entity model

    Day Two

    • Connected Backstage to the Rancher local cluster and configured the Kubernetes plugin.
    • Created Rancher theme to make the light theme more consistent with Rancher

    Home

    Days Three and Day Four

    • Created two backend plugins for Backstage:

      1. Catalog Entity Provider - this imports users from Rancher into Backstage
      2. Auth Provider - uses the proxied sign-in pattern to check the Rancher session cookie, to user that to authenticate the user with Rancher and then log them into Backstage by connecting this to the imported User entity from the catalog entity provider plugin.
    • With this in place, you can single-sign-on between Rancher and Backstage when it is deployed within Rancher. Note this is only when running locally for development at present

    Home

    Home

    Day Five

    • Start to build out a production deployment for all of the above
    • Made some progress, but hit issues with the authentication and proxying when running proxied within Rancher, which needs further investigation


    Rancher microfrontend extensions by ftorchia

    Description

    Rancher UI Extensions allow users, developers, partners, and customers to extend and enhance the Rancher UI. Extensions are Helm charts that can only be installed once into a cluster. The charts contain a UI built package that is downloaded and linked to the Host UI at runtime; this means that the extension pkg needs to be implemented using the same technology and have the same APIs as Rancher UI.

    Goals

    We want to create a new type of Rancher extension, based on microfrontend pattern. The extension is served in a docker container in the k8s clusters and embedded in the host UI; this would guarantee us to be able to create extensions unrelated to the rancher UI architecture, in any technology.

    Non Goals

    We want to apply the microfrontend pattern to the product-level extensions; we don't want to apply it to cluster-level extensions.

    Resources

    rancher-extension-microfrontend, Rancher extensions


    OpenQA Golang api client by hilchev

    Description

    I would like to make a simple cli tool to communicate with the OpenQA API

    Goals

    • OpenQA has a ton of information that is hard to get via the UI. A tool like this would make my life easier :)
    • Would potentially make it easier in the future to make UI changes without Perl.
    • Improve my Golang skills

    Resources

    • https://go.dev/doc/
    • https://openqa.opensuse.org/api