hub/conat: discover router directly via k8s api

Author: haraldschilly

src/packages/hub/package.json

@@ -18,7 +18,6 @@
     "@cocalc/static": "workspace:*",
     "@cocalc/util": "workspace:*",
     "@isaacs/ttlcache": "^1.4.1",
-    "@kubernetes/client-node": "^1.3.0",
     "@types/formidable": "^3.4.5",
     "async": "^1.5.2",
     "awaiting": "^3.0.0",

src/packages/pnpm-lock.yaml

@@ -1,35 +1,100 @@
-import * as k8s from "@kubernetes/client-node";
-import { readFileSync } from "fs";
+import * as fs from "fs";
+import * as https from "https";
 
-const kc = new k8s.KubeConfig();
-kc.loadFromCluster();
+// Define the options interface for type safety
+interface ListPodsOptions {
+  labelSelector?: string; // e.g. "app=foo,env=prod"
+}
+
+const NAMESPACE: string = fs
+  .readFileSync(
+    "/var/run/secrets/kubernetes.io/serviceaccount/namespace",
+    "utf8",
+  )
+  .trim();
+const CA: Buffer = fs.readFileSync(
+  "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+);
+
+async function listPods(options: ListPodsOptions = {}): Promise<any> {
+  try {
+    // Read service account details, token could be rotated
+    const token = fs
+      .readFileSync(
+        "/var/run/secrets/kubernetes.io/serviceaccount/token",
+        "utf8",
+      )
+      .trim();
 
-const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
+    // Base API path
+    let path = `/api/v1/namespaces/${NAMESPACE}/pods`;
 
-// Read the namespace the pod is running in
-const namespace = readFileSync(
-  "/var/run/secrets/kubernetes.io/serviceaccount/namespace",
-  "utf8",
-).trim();
+    const queryParams: string[] = [];
+    if (options.labelSelector) {
+      queryParams.push(
+        `labelSelector=${encodeURIComponent(options.labelSelector)}`,
+      );
+    }
+
+    if (queryParams.length > 0) {
+      path += `?${queryParams.join("&")}`;
+    }
+
+    const query: https.RequestOptions = {
+      hostname: "kubernetes.default.svc",
+      path,
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/json",
+      },
+      ca: [CA],
+    };
+
+    return new Promise((resolve, reject) => {
+      const req = https.request(query, (res) => {
+        let data = "";
+        res.on("data", (chunk) => {
+          data += chunk;
+        });
+        res.on("end", () => {
+          if (res.statusCode !== 200) {
+            reject(
+              new Error(
+                `K8S API request failed. status=${res.statusCode}: ${data}`,
+              ),
+            );
+          } else {
+            try {
+              resolve(JSON.parse(data));
+            } catch (parseError) {
+              reject(parseError);
+            }
+          }
+        });
+      });
+
+      req.on("error", (error) => reject(error));
+      req.end();
+    });
+  } catch (error) {
+    throw new Error(
+      `Failed to read service account files: ${(error as Error).message}`,
+    );
+  }
+}
 
 export async function getAddressesFromK8sApi(): Promise<
   { name: string; podIP: string }[]
 > {
-  try {
-    const labelSelector = "run=hub-conat-router";
-    const res = await k8sApi.listNamespacedPod({ namespace, labelSelector });
-
-    const ret: { name: string; podIP: string }[] = [];
-    for (const pod of res.items) {
-      const name = pod.metadata?.name;
-      const podIP = pod.status?.podIP;
-      if (name && podIP) {
-        ret.push({ name, podIP });
-      }
+  const res = await listPods({ labelSelector: "run=hub-conat-router" });
+  const ret: { name: string; podIP: string }[] = [];
+  for (const pod of res.items) {
+    const name = pod.metadata?.name;
+    const podIP = pod.status?.podIP;
+    if (name && podIP) {
+      ret.push({ name, podIP });
     }
-    return ret;
-  } catch (err) {
-    console.error("Error fetching addresses from Kubernetes API:", err);
-    return [];
   }
+  return ret;
 }

src/packages/server/conat/socketio/dns-scan-k8s-api.ts

@@ -56,7 +56,6 @@
     "@google-cloud/storage-transfer": "^3.3.0",
     "@google/generative-ai": "^0.14.0",
     "@isaacs/ttlcache": "^1.4.1",
-    "@kubernetes/client-node": "^1.3.0",
     "@langchain/anthropic": "^0.3.18",
     "@langchain/core": "^0.3.46",
     "@langchain/google-genai": "^0.2.4",