fix kubeapiserver proxy rejects all dryRun requests (#2241)

pkg/apiserver/apiserver.go

@@ -278,7 +278,7 @@ func (s *APIServer) buildHandlerChain(stopCh <-chan struct{}) {
 		basictoken.New(basic.NewBasicAuthenticator(im.NewOperator(s.KubernetesClient.KubeSphere(), s.InformerFactory))),
 		bearertoken.New(jwttoken.NewTokenAuthenticator(token.NewJwtTokenIssuer(token.DefaultIssuerName, s.Config.AuthenticationOptions, s.CacheClient))))
 	handler = filters.WithAuthentication(handler, authn)
-	handler = filters.WithRequestInfo(handler, requestInfoResolver, s.Config.MultiClusterOptions.Enable)
+	handler = filters.WithRequestInfo(handler, requestInfoResolver)
 	s.Server.Handler = handler
 }
 

pkg/apiserver/filters/requestinfo.go

@@ -24,7 +24,7 @@ import (
 	"strings"
 )
 
-func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver, multiClusterEnabled bool) http.Handler {
+func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		ctx := req.Context()
 		info, err := resolver.NewRequestInfo(req)
@@ -33,7 +33,6 @@ func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver,
 			return
 		}
 
-		if multiClusterEnabled {
 		// KubeSphere supports kube-apiserver proxy requests in multicluster mode. But kube-apiserver
 		// stripped all authorization headers. Use custom header to carry token to avoid losing authentication token.
 		// We may need a better way. See issue below.
@@ -54,7 +53,6 @@ func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver,
 		if len(req.URL.Query()["dryrun"]) != 0 {
 			req.URL.RawQuery = strings.Replace(req.URL.RawQuery, "dryrun", "dryRun", 1)
 		}
-		}
 
 		req = req.WithContext(request.WithRequestInfo(ctx, info))
 		handler.ServeHTTP(w, req)