support create secret, add cert annotations.

internal/deployer/k8s_secret.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	corev1 "k8s.io/api/core/v1"
 	k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@@ -43,7 +44,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 		return err
 	}
 
-	d.infos = append(d.infos, toStr("kubeClient 创建成功", nil))
+	d.infos = append(d.infos, toStr("kubeClient create success.", nil))
 
 	namespace := getDeployString(d.option.DeployConfig, "namespace")
 	if namespace == "" {
@@ -65,38 +66,57 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 		namespace = "tls.key"
 	}
 
-	// 获取 Secret 实例
+	secretPayload := corev1.Secret{
-	secret, err := client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{})
+		TypeMeta: k8sMetaV1.TypeMeta{
-	if err != nil {
+			Kind:       "Secret",
-		return fmt.Errorf("failed to get k8s secret: %w", err)
+			APIVersion: "v1",
+		},
+		ObjectMeta: k8sMetaV1.ObjectMeta{
+			Name: secretName,
+			Annotations: map[string]string{
+				"cert-manager.io/alt-names":   d.option.Domain,
+				"cert-manager.io/common-name": d.option.Domain,
+				"cert-manager.io/issuer-name": d.option.DeployConfig.Id,
+			},
+		},
+		Type: corev1.SecretType("kubernetes.io/tls"),
 	}
 
-	// 更新 Secret Data
+	secretPayload.Data = make(map[string][]byte)
-	secret.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
+	secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
-	secret.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
+	secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
-	_, err = client.CoreV1().Secrets(namespace).Update(context.TODO(), secret, k8sMetaV1.UpdateOptions{})
+
+	// 获取 Secret 实例
+	_, err = client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{})
+	if err != nil {
+		_, err = client.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMetaV1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("failed to create k8s secret: %w", err)
+		} else {
+			d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil))
+			return nil
+		}
+	}
+
+	// 更新 Secret 实例
+	_, err = client.CoreV1().Secrets(namespace).Update(ctx, &secretPayload, k8sMetaV1.UpdateOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to update k8s secret: %w", err)
 	}
 
-	d.infos = append(d.infos, toStr("证书已更新到 K8s Secret", nil))
+	d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil))
 
 	return nil
 }
 
 func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
-	kubeConfig, err := clientcmd.Load([]byte(access.KubeConfig))
+	kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
 	if err != nil {
 		return nil, err
 	}
-
+	config, err := kubeConfig.ClientConfig()
-	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		&clientcmd.ClientConfigLoadingRules{ExplicitPath: ""},
-		&clientcmd.ConfigOverrides{CurrentContext: kubeConfig.CurrentContext},
-	)
-	config, err := clientConfig.ClientConfig()
 	if err != nil {
-		return nil, err
+		panic(err.Error())
 	}
 
 	client, err := kubernetes.NewForConfig(config)