Description

Background / Context

We want to display live logs from a spoke cluster inside the hub cluster UI.
However, direct browser calls from the console plugin to the spoke backend do not work because of CORS and authentication restrictions.

Jakub pointed out that OpenShift Console already provides a supported way to solve this using proxy requests defined in the ConsolePlugin custom resource (CR).

This approach routes requests through the OpenShift console backend, instead of directly from the browser, which:

• Bypasses CORS issues

• Optionally forwards the logged-in user’s token

• Is the recommended and supported pattern for dynamic console plugins

What needs to be done

We need to configure a proxy in our ConsolePlugin CR so that:

• Requests from the console plugin UI

• Are proxied through the OpenShift console backend

• And forwarded to a Service that backs our new backend (used for live logs)

• Review and note any other changes from the reference documents listed below

This is required to make live log streaming from spoke clusters accessible on the hub cluster.

Why this is required

Without this change:

• Browser requests are blocked due to CORS

• Authentication cannot be handled correctly

• Live logs from spoke clusters cannot be displayed reliably in the hub UI

With this change:

• Requests go through the console backend

• CORS is bypassed

• The user’s token can be passed securely

• Live logs work as expected

References / Examples

Official documentation (Dynamic Console Plugins):
https://github.com/openshift/enhancements/blob/master/enhancements/console/dynamic-plugins.md#delivering-plugins

Example implementation (Genie plugin):
https://github.com/openshift/genie-web-client/blob/main/charts/openshift-console-plugin/templates/consoleplugin.yaml#L18-L34