feat!: Make API container fully stateless and independent of frontend

[floreks]

Breaking change

This PR introduces a couple of important changes to how Kubernetes Dashboard generally works. It will require a clean installation once released.

API container

It is now fully stateless, meaning it does not rely on Kubernetes resources to run. It will always require an authorization token to be present to authorize the request. It is no longer possible for the API container to use its own SA privileges to skip authorization. All arguments that were frontend specific have either been removed or moved to the Web container.

• The JWE encrypted token has been removed completely and we now rely fully on standard JWT tokens. This change has significantly simplified the auth flow.
• The Web container now manages Settings ConfigMap
• CSRF key is now generated in memory and not stored in a Secret. Our chart configuration will handle sticky session configuration to make sure that requests made by the user are always forwarded to the same container.
• The plugin system has been removed as it was outdated and not working anymore. Currently, there is no plan to reintroduce it as it would require too much effort to maintain.

Auth container

Authentication logic is now handled by the new dashboard auth container. Currently, it only exposes /login endpoint. We will also add support for OIDC with OAuth flow and /me endpoint in the future.

Web container

Go backend

• The backend now handles frontend settings and uses ConfigMap to store them.
• Settings backend has been updated to handle merge with default options properly in case ConfigMap does not contain all available options.
• Replaced restful-go with gin as main web framework

Angular frontend

Since API requires the user to always provide Authorization: Bearer <token> now, there is no way to skip login and act as a Dashboard.

• Removed support for authentication options other than token
• Removed support for skip login option
• Slightly updated login view
• Fixed an issue with zero state not being correctly displayed on some pages

Kong gateway

Since the number of our containers is growing as we split parts of the logic, we have decided to use a gateway that will connect all of them and ensure the Dashboard is working properly. There were a couple of reasons to choose Kong:

• Open Source with proper license
• Support for DBless configuration
• Easily configurable
• Popular
• Single container gateway when running in DBless mode

It will now be a required dependency that we use to expose the Dashboard. Users can then reconfigure it or use another proxy in front of it. It will simply act as a single point when accessing the Kubernetes Dashboard.

Metrics scraper

• Changed sqlite Go dependency to used driver implementation that does not require CGO_ENABLED=1 during the build. It is a pure Go implementation.

Dev pipeline

Master Makefile located in project root now exposes couple of global targets that are forwarded to correct modules.

• build - builds locally all go modules and angular frontend and stores it in <MODULE_DIR>/.dist directories
• check - runs static checks for every module (linting, license, i18n, etc.)
• clean - removes all temporary directories such as .tmp and .dist
• coverage - runs units tests with coverage for all modules
• fix - same as check just with --fix option.
• test - runs unit tests for all modules

To test the application there are now 2 targets:

• serve - Starts the development version of the application using docker compose. All modules are running in docker with live reload enabled thanks to air (Go) and ng serve (Angular). Exposes Dashboard frontend on http://localhost:8080
• run - Starts the production version of the application using docker compose. Exposes Dashboard frontend on http://localhost:8080 and https://localhost:8443.

Other changes

• CI Codecov configuration has been updated to work with our deploy token (previously tokenless)
• Prettier is now our only formatting tool, it replaces js-beautify that was used for HTML formatting, and also provides formatting that was removed from Stylelint a while ago.
• CD release pipeline has been disabled for now (updated after this PR gets merged)
• All the containers are now using klog as the base logger. --api-log-level arg have been replaced by --v and expects a log level number (0-5).

Fixes #7445.

[codecov]

Codecov Report

Merging #8708 (a14c4fa) into master (2878d15) will decrease coverage by 6.49%.
The diff coverage is 38.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8708      +/-   ##
==========================================
- Coverage   42.26%   35.77%   -6.49%     
==========================================
  Files         219      252      +33     
  Lines       12195    10708    -1487     
  Branches      179      157      -22     
==========================================
- Hits         5154     3831    -1323     
+ Misses       6743     6626     -117     
+ Partials      298      251      -47     

[shu-mutou]

could you devide PR for bumping golang to 1.22?

[floreks]

is there any reason to split that into a separate PR?

[shu-mutou]

K8s v1.30 will bump golang to 1.22, so if this PR is going to take a long time, I thought it would be better to do it separately.
I would like to update the development environment too, and I think it would be easier to review if this PR was made smaller, so it would be happy if you could separate it.
If you'd like, I'll create PR for bumping golang to v1.22. 😄

[maciaszczykm]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: floreks, maciaszczykm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [floreks,maciaszczykm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment