Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(kueueviz): use wildcard for CORS allowed origins in development mode #6603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 20, 2025
Merged

fix(kueueviz): use wildcard for CORS allowed origins in development mode #6603

merged 1 commit into from
Aug 20, 2025

Conversation

yankay
Copy link
Member

@yankay yankay commented Aug 18, 2025
edited by k8s-ci-robot
Loading

What type of PR is this?

/kind bug

What this PR does / why we need it:

  • Changed the default CORS setting in development mode from hardcoded localhost URLs to wildcard (*)
  • Updated documentation in the backend README.md with current environment variables

Which issue(s) this PR fixes:

Fixes #6584

Special notes for your reviewer:

Does this PR introduce a user-facing change?

KueueViz: Fix CORS configuration for development environments

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. labels Aug 18, 2025
@k8s-ci-robot k8s-ci-robot requested review from akram and kannon92 August 18, 2025 10:33
@netlify Netlify
Copy link

netlify bot commented Aug 18, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-kueue canceled.

Name Link
🔨 Latest commit 6777151
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-kueue/deploys/68a5c4d7b21a8a0008c3c013

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 18, 2025
@yankay yankay force-pushed the fix-kueueviz-cors branch from 4eebd1b to 372e915 Compare August 18, 2025 10:35
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 18, 2025
@yankay yankay force-pushed the fix-kueueviz-cors branch from 372e915 to 7ce5f0c Compare August 18, 2025 10:46
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 18, 2025
@yankay yankay force-pushed the fix-kueueviz-cors branch from 7ce5f0c to 8641475 Compare August 18, 2025 11:19
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 18, 2025
@yankay yankay changed the title Fix KueueViz CORS configuration for development environments fix(kueueviz): use wildcard for CORS allowed origins in development mode Aug 18, 2025
@yankay yankay force-pushed the fix-kueueviz-cors branch 2 times, most recently from 6fcb585 to d92be95 Compare August 18, 2025 11:30
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 18, 2025
@yankay
Copy link
Member Author

yankay commented Aug 19, 2025

HI @mimowo @mbobrovskyi

Would you please help to review it :-)

mbobrovskyi
mbobrovskyi reviewed Aug 19, 2025
View reviewed changes
cmd/kueueviz/backend/README.md Outdated

- A Kubernetes cluster
- Go 1.19+
- Go 1.24+
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it required changes? If not could you please split PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mbobrovskyi

It has been changed :-)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also other changes in this file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC required only changes for about KUEUEVIZ_ALLOWED_ORIGINS.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mbobrovskyi

It has been modified

@yankay yankay force-pushed the fix-kueueviz-cors branch 5 times, most recently from 85540ce to 6d07c90 Compare August 19, 2025 09:25
@mbobrovskyi
Copy link
Contributor

/lgtm
Thanks!

@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: f1d4e1ae4fbf12ea5379ea9e6a30c58e0c78f9d3

tenzen-y
tenzen-y reviewed Aug 19, 2025
View reviewed changes
cmd/kueueviz/backend/middleware/cors.go
Comment on lines 34 to 38
// Special case for wildcard origin
if origin == "*" {
return "*", true
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you allow * only when the mode is development?
Because the wildcard origin is obviously security risk in production.
That is strongly not recommended.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tenzen-y
It has been changed :-)

@tenzen-y
Copy link
Member

/assign @kannon92 @akram

@yankay yankay force-pushed the fix-kueueviz-cors branch from 6d07c90 to b8edbd7 Compare August 20, 2025 04:12
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 20, 2025
mbobrovskyi
mbobrovskyi reviewed Aug 20, 2025
View reviewed changes
@tenzen-y
Copy link
Member

/release-note-edit

KueueViz: Fix KueueViz CORS configuration for development environments

@tenzen-y
Copy link
Member

/cherry-pick release-0.12
/cherry-pick release-0.13

@k8s-infra-cherrypick-robot
Copy link
Contributor

@tenzen-y: once the present PR merges, I will cherry-pick it on top of release-0.12, release-0.13 in new PRs and assign them to you.

In response to this:

/cherry-pick release-0.12
/cherry-pick release-0.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@yankay yankay force-pushed the fix-kueueviz-cors branch from d685a60 to 6777151 Compare August 20, 2025 12:51
tenzen-y
tenzen-y reviewed Aug 20, 2025
View reviewed changes
Copy link
Member

@tenzen-y tenzen-y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 20, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tenzen-y, yankay

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 6b736714420583fee3483e14a92caea13e79e471

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 20, 2025
@k8s-ci-robot k8s-ci-robot merged commit 20c97e8 into kubernetes-sigs:main Aug 20, 2025
22 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v0.14 milestone Aug 20, 2025
@k8s-infra-cherrypick-robot
Copy link
Contributor

@tenzen-y: #6603 failed to apply on top of branch "release-0.12":

Applying: fix(kueueviz): use wildcard for CORS allowed origins in development mode
Using index info to reconstruct a base tree...
M	cmd/kueueviz/backend/README.md
A	cmd/kueueviz/backend/middleware/cors.go
Falling back to patching base and 3-way merge...
CONFLICT (modify/delete): cmd/kueueviz/backend/middleware/cors.go deleted in HEAD and modified in fix(kueueviz): use wildcard for CORS allowed origins in development mode. Version fix(kueueviz): use wildcard for CORS allowed origins in development mode of cmd/kueueviz/backend/middleware/cors.go left in tree.
Auto-merging cmd/kueueviz/backend/README.md
CONFLICT (content): Merge conflict in cmd/kueueviz/backend/README.md
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 fix(kueueviz): use wildcard for CORS allowed origins in development mode

In response to this:

/cherry-pick release-0.12
/cherry-pick release-0.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot
Copy link
Contributor

@tenzen-y: new pull request created: #6628

In response to this:

/cherry-pick release-0.12
/cherry-pick release-0.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Aug 20, 2025
Merged
@tenzen-y
Copy link
Member

@tenzen-y: #6603 failed to apply on top of branch "release-0.12":

Applying: fix(kueueviz): use wildcard for CORS allowed origins in development mode
Using index info to reconstruct a base tree...
M	cmd/kueueviz/backend/README.md
A	cmd/kueueviz/backend/middleware/cors.go
Falling back to patching base and 3-way merge...
CONFLICT (modify/delete): cmd/kueueviz/backend/middleware/cors.go deleted in HEAD and modified in fix(kueueviz): use wildcard for CORS allowed origins in development mode. Version fix(kueueviz): use wildcard for CORS allowed origins in development mode of cmd/kueueviz/backend/middleware/cors.go left in tree.
Auto-merging cmd/kueueviz/backend/README.md
CONFLICT (content): Merge conflict in cmd/kueueviz/backend/README.md
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 fix(kueueviz): use wildcard for CORS allowed origins in development mode

@yankay Could you manually create a cherry-pick PR for release-0.12 branch? You can leverage hack/cherry_pick_pull.sh script.

@tenzen-y
Copy link
Member

/release-note-edit

KueueViz: Fix CORS configuration for development environments

@yankay
Copy link
Member Author

yankay commented Aug 20, 2025

cherry_pick_pull

Hello @tenzen-y

This issue was introduced in #5992, but the v0.12.x branch doesn't have this code yet, so the issue doesn't exist there either. Reference: https://github.com/kubernetes-sigs/kueue/tree/release-0.12/cmd/kueueviz/backend

I tested it with v0.12.7 and it works fine. screenshot:
image

@tenzen-y
Copy link
Member

cherry_pick_pull

Hello @tenzen-y

This issue was introduced in #5992, but the v0.12.x branch doesn't have this code yet, so the issue doesn't exist there either. Reference: https://github.com/kubernetes-sigs/kueue/tree/release-0.12/cmd/kueueviz/backend

I tested it with v0.12.7 and it works fine. screenshot: image

Oh, I see. In that case, we don't need to cherry pick this to release-0.12. Thank you for checking that!

@mimowo mimowo mentioned this pull request Sep 30, 2025
Closed
36 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tenzen-y tenzen-y tenzen-y left review comments

@akram akram Awaiting requested review from akram

@kannon92 kannon92 Awaiting requested review from kannon92

+1 more reviewer

@mbobrovskyi mbobrovskyi mbobrovskyi left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@akram akram

@kannon92 kannon92

@mbobrovskyi mbobrovskyi

@tenzen-y tenzen-y

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v0.14
Development

Successfully merging this pull request may close these issues.

kueueviz-backend cannot query the cluster api
7 participants
@yankay @mbobrovskyi @k8s-ci-robot @tenzen-y @k8s-infra-cherrypick-robot @akram @kannon92