mirror of
https://github.com/usual2970/certimate.git
synced 2025-06-09 05:59:50 +00:00
support create secret, add cert annotations.
This commit is contained in:
parent
564eb48ebe
commit
528a3d9da8
@ -5,6 +5,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
corev1 "k8s.io/api/core/v1"
|
||||||
k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
"k8s.io/client-go/tools/clientcmd"
|
"k8s.io/client-go/tools/clientcmd"
|
||||||
@ -43,7 +44,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
d.infos = append(d.infos, toStr("kubeClient 创建成功", nil))
|
d.infos = append(d.infos, toStr("kubeClient create success.", nil))
|
||||||
|
|
||||||
namespace := getDeployString(d.option.DeployConfig, "namespace")
|
namespace := getDeployString(d.option.DeployConfig, "namespace")
|
||||||
if namespace == "" {
|
if namespace == "" {
|
||||||
@ -65,38 +66,57 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
|
|||||||
namespace = "tls.key"
|
namespace = "tls.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
// 获取 Secret 实例
|
secretPayload := corev1.Secret{
|
||||||
secret, err := client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{})
|
TypeMeta: k8sMetaV1.TypeMeta{
|
||||||
if err != nil {
|
Kind: "Secret",
|
||||||
return fmt.Errorf("failed to get k8s secret: %w", err)
|
APIVersion: "v1",
|
||||||
|
},
|
||||||
|
ObjectMeta: k8sMetaV1.ObjectMeta{
|
||||||
|
Name: secretName,
|
||||||
|
Annotations: map[string]string{
|
||||||
|
"cert-manager.io/alt-names": d.option.Domain,
|
||||||
|
"cert-manager.io/common-name": d.option.Domain,
|
||||||
|
"cert-manager.io/issuer-name": d.option.DeployConfig.Id,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Type: corev1.SecretType("kubernetes.io/tls"),
|
||||||
}
|
}
|
||||||
|
|
||||||
// 更新 Secret Data
|
secretPayload.Data = make(map[string][]byte)
|
||||||
secret.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
|
secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
|
||||||
secret.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
|
secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
|
||||||
_, err = client.CoreV1().Secrets(namespace).Update(context.TODO(), secret, k8sMetaV1.UpdateOptions{})
|
|
||||||
|
// 获取 Secret 实例
|
||||||
|
_, err = client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{})
|
||||||
|
if err != nil {
|
||||||
|
_, err = client.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMetaV1.CreateOptions{})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to create k8s secret: %w", err)
|
||||||
|
} else {
|
||||||
|
d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 更新 Secret 实例
|
||||||
|
_, err = client.CoreV1().Secrets(namespace).Update(ctx, &secretPayload, k8sMetaV1.UpdateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to update k8s secret: %w", err)
|
return fmt.Errorf("failed to update k8s secret: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
d.infos = append(d.infos, toStr("证书已更新到 K8s Secret", nil))
|
d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil))
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
|
func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
|
||||||
kubeConfig, err := clientcmd.Load([]byte(access.KubeConfig))
|
kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
config, err := kubeConfig.ClientConfig()
|
||||||
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
|
|
||||||
&clientcmd.ClientConfigLoadingRules{ExplicitPath: ""},
|
|
||||||
&clientcmd.ConfigOverrides{CurrentContext: kubeConfig.CurrentContext},
|
|
||||||
)
|
|
||||||
config, err := clientConfig.ClientConfig()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
panic(err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := kubernetes.NewForConfig(config)
|
client, err := kubernetes.NewForConfig(config)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user