[Feat][apiserver] Support CORS config (#3711)

MortalHappiness · web-flow · commit bc61ad930086 · 2025-05-30T10:30:30.000-07:00
diff --git a/apiserver/cmd/main.go b/apiserver/cmd/main.go
@@ -18,6 +18,7 @@ import (
 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
 	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/rs/cors"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/reflection"
@@ -42,6 +43,7 @@ var (
 	localSwaggerPath   = flag.String("localSwaggerPath", "", "Specify the root directory for `*.swagger.json` the swagger files.")
 	grpcTimeout        = flag.Duration("grpc_timeout", util.GRPCServerDefaultTimeout, "gRPC server timeout duration")
 	enableAPIServerV2  = flag.Bool("enable-api-server-v2", true, "Enable API server V2")
+	corsAllowOrigin    = flag.String("cors-allow-origin", "", "Set the Access-Control-Allow-Origin response header for the HTTP proxy.")
 	healthy            int32
 )
 
@@ -165,8 +167,19 @@ func startHttpProxy() {
 		topMux = http.NewServeMux()
 	}
 
-	// Seems /apis (matches /apis/v1alpha1/clusters) works fine
-	topMux.Handle("/", runtimeMux)
+	if *corsAllowOrigin != "" {
+		klog.Info("Enabling CORS with Access-Control-Allow-Origin:", *corsAllowOrigin)
+		handler := cors.New(cors.Options{
+			AllowedOrigins: []string{*corsAllowOrigin},
+		}).Handler(runtimeMux)
+
+		topMux.Handle("/", handler)
+	} else {
+		klog.Info("Access-Control-Allow-Origin not set, CORS is disabled.")
+		// Seems /apis (matches /apis/v1alpha1/clusters) works fine
+		topMux.Handle("/", runtimeMux)
+	}
+
 	topMux.Handle("/metrics", promhttp.Handler())
 	topMux.HandleFunc("/swagger/", serveSwaggerFile)
 	topMux.HandleFunc("/healthz", serveHealth)
diff --git a/go.mod b/go.mod
@@ -22,6 +22,7 @@ require (
 	github.com/orcaman/concurrent-map/v2 v2.0.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.22.0
+	github.com/rs/cors v1.11.1
 	github.com/rs/zerolog v1.34.0
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
diff --git a/go.sum b/go.sum
diff --git a/helm-chart/kuberay-apiserver/templates/deployment.yaml b/helm-chart/kuberay-apiserver/templates/deployment.yaml
@@ -36,6 +36,11 @@ spec:
         args:
           {{- $argList := list -}}
           {{- $argList = append $argList (printf "--enable-api-server-v2=%t" .Values.enableAPIServerV2) -}}
+          {{- if .Values.cors }}
+            {{- with .Values.cors.allowOrigin }}
+              {{- $argList = append $argList (printf "--cors-allow-origin=%s" .) -}}
+            {{- end }}
+          {{- end }}
           {{- (printf "\n") -}}
           {{- $argList | toYaml | indent 10 }}
         ports:
diff --git a/helm-chart/kuberay-apiserver/values.yaml b/helm-chart/kuberay-apiserver/values.yaml
@@ -11,6 +11,11 @@ image:
   tag: nightly
   pullPolicy: IfNotPresent
 
+# Uncomment allowOrigin to enable CORS
+# It'll set the Access-Control-Allow-Origin response header for the HTTP proxy.
+cors:
+  # allowOrigin: "*"
+
 labels:
   # key1: value1
   # key2: value2
