use random api prefix on kubectl-proxy (#4137)

Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>

src/main/context-handler.ts

@@ -114,7 +114,7 @@ export class ContextHandler {
     await this.ensureServer();
     const path = this.clusterUrl.path !== "/" ? this.clusterUrl.path : "";
 
-    return `http://127.0.0.1:${this.kubeAuthProxy.port}${path}`;
+    return `http://127.0.0.1:${this.kubeAuthProxy.port}${this.kubeAuthProxy.apiPrefix}${path}`;
   }
 
   async getApiTarget(isLongRunningRequest = false): Promise<httpProxy.ServerOptions> {

src/main/kube-auth-proxy.ts

@@ -21,6 +21,7 @@
 
 import { ChildProcess, spawn } from "child_process";
 import { waitUntilUsed } from "tcp-port-used";
+import { randomBytes } from "crypto";
 import { broadcastMessage } from "../common/ipc";
 import type { Cluster } from "./cluster";
 import { Kubectl } from "./kubectl";
@@ -38,6 +39,7 @@ const startingServeRegex = /^starting to serve on (?<address>.+)/i;
 
 export class KubeAuthProxy {
   public lastError: string;
+  public readonly apiPrefix: string;
 
   public get port(): number {
     return this._port;
@@ -56,6 +58,7 @@ export class KubeAuthProxy {
     this.env = env;
     this.cluster = cluster;
     this.kubectl = Kubectl.bundled();
+    this.apiPrefix = `/${randomBytes(8).toString("hex")}`;
   }
 
   get acceptHosts() {
@@ -78,7 +81,8 @@ export class KubeAuthProxy {
       "--kubeconfig", `${this.cluster.kubeConfigPath}`,
       "--context", `${this.cluster.contextName}`,
       "--accept-hosts", this.acceptHosts,
-      "--reject-paths", "^[^/]"
+      "--reject-paths", "^[^/]",
+      "--api-prefix", this.apiPrefix
     ];
 
     if (process.env.DEBUG_PROXY === "true") {