From 528a3d9da8b448a6640149c2b71e452929fe909c Mon Sep 17 00:00:00 2001 From: Roy <62500486+aazf@users.noreply.github.com> Date: Thu, 24 Oct 2024 17:56:36 +0800 Subject: [PATCH] support create secret, add cert annotations. --- internal/deployer/k8s_secret.go | 56 ++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/internal/deployer/k8s_secret.go b/internal/deployer/k8s_secret.go index 3729114f..4ae3e81c 100644 --- a/internal/deployer/k8s_secret.go +++ b/internal/deployer/k8s_secret.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" + corev1 "k8s.io/api/core/v1" k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" @@ -43,7 +44,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { return err } - d.infos = append(d.infos, toStr("kubeClient 创建成功", nil)) + d.infos = append(d.infos, toStr("kubeClient create success.", nil)) namespace := getDeployString(d.option.DeployConfig, "namespace") if namespace == "" { @@ -65,38 +66,57 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { namespace = "tls.key" } - // 获取 Secret 实例 - secret, err := client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to get k8s secret: %w", err) + secretPayload := corev1.Secret{ + TypeMeta: k8sMetaV1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: k8sMetaV1.ObjectMeta{ + Name: secretName, + Annotations: map[string]string{ + "cert-manager.io/alt-names": d.option.Domain, + "cert-manager.io/common-name": d.option.Domain, + "cert-manager.io/issuer-name": d.option.DeployConfig.Id, + }, + }, + Type: corev1.SecretType("kubernetes.io/tls"), } - // 更新 Secret Data - secret.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate) - secret.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey) - _, err = client.CoreV1().Secrets(namespace).Update(context.TODO(), secret, k8sMetaV1.UpdateOptions{}) + secretPayload.Data = make(map[string][]byte) + secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate) + secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey) + + // 获取 Secret 实例 + _, err = client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{}) + if err != nil { + _, err = client.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMetaV1.CreateOptions{}) + if err != nil { + return fmt.Errorf("failed to create k8s secret: %w", err) + } else { + d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil)) + return nil + } + } + + // 更新 Secret 实例 + _, err = client.CoreV1().Secrets(namespace).Update(ctx, &secretPayload, k8sMetaV1.UpdateOptions{}) if err != nil { return fmt.Errorf("failed to update k8s secret: %w", err) } - d.infos = append(d.infos, toStr("证书已更新到 K8s Secret", nil)) + d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil)) return nil } func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) { - kubeConfig, err := clientcmd.Load([]byte(access.KubeConfig)) + kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig)) if err != nil { return nil, err } - - clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( - &clientcmd.ClientConfigLoadingRules{ExplicitPath: ""}, - &clientcmd.ConfigOverrides{CurrentContext: kubeConfig.CurrentContext}, - ) - config, err := clientConfig.ClientConfig() + config, err := kubeConfig.ClientConfig() if err != nil { - return nil, err + panic(err.Error()) } client, err := kubernetes.NewForConfig(config)