diff --git a/internal/deployer/k8s_secret.go b/internal/deployer/k8s_secret.go index 89789269..70c60d7d 100644 --- a/internal/deployer/k8s_secret.go +++ b/internal/deployer/k8s_secret.go @@ -9,6 +9,7 @@ import ( corev1 "k8s.io/api/core/v1" k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "github.com/usual2970/certimate/internal/domain" @@ -118,19 +119,26 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { } func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) { - kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig)) - if err != nil { - return nil, err + var config *rest.Config + var err error + if access.KubeConfig == "" { + config, err = rest.InClusterConfig() + if err != nil { + return nil, err + } + } else { + kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig)) + if err != nil { + return nil, err + } + config, err = kubeConfig.ClientConfig() + if err != nil { + return nil, err + } } - config, err := kubeConfig.ClientConfig() - if err != nil { - return nil, err - } - client, err := kubernetes.NewForConfig(config) if err != nil { return nil, err } - return client, nil } diff --git a/ui/src/components/certimate/AccessKubernetesForm.tsx b/ui/src/components/certimate/AccessKubernetesForm.tsx index bb84c89c..23a696a9 100644 --- a/ui/src/components/certimate/AccessKubernetesForm.tsx +++ b/ui/src/components/certimate/AccessKubernetesForm.tsx @@ -37,7 +37,7 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp configType: accessTypeFormSchema, kubeConfig: z .string() - .min(1, "access.authorization.form.k8s_kubeconfig.placeholder") + .min(0, "access.authorization.form.k8s_kubeconfig.placeholder") .max(20480, t("common.errmsg.string_max", { max: 20480 })), kubeConfigFile: z.any().optional(), }); @@ -191,3 +191,4 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp }; export default AccessKubernetesForm; + diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json index 100b6fbe..cd56f3b9 100644 --- a/ui/src/i18n/locales/en/nls.access.json +++ b/ui/src/i18n/locales/en/nls.access.json @@ -69,9 +69,9 @@ "access.authorization.form.ssh_key_passphrase.placeholder": "Please enter Key Passphrase", "access.authorization.form.webhook_url.label": "Webhook URL", "access.authorization.form.webhook_url.placeholder": "Please enter Webhook URL", - "access.authorization.form.k8s_kubeconfig.label": "KubeConfig", + "access.authorization.form.k8s_kubeconfig.label": "KubeConfig (Null will use pod's ServiceAccount)", "access.authorization.form.k8s_kubeconfig.placeholder": "Please enter KubeConfig", - "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file", + "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file (Null will use pod's ServiceAccount)", "access.group.tab": "Authorization Group", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index 41f761a2..64bfa84a 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -69,7 +69,7 @@ "access.authorization.form.ssh_key_passphrase.placeholder": "请输入 Key 口令", "access.authorization.form.webhook_url.label": "Webhook URL", "access.authorization.form.webhook_url.placeholder": "请输入 Webhook URL", - "access.authorization.form.k8s_kubeconfig.label": "KubeConfig", + "access.authorization.form.k8s_kubeconfig.label": "KubeConfig(不选将使用Pod的ServiceAccount)", "access.authorization.form.k8s_kubeconfig.placeholder": "请输入 KubeConfig", "access.authorization.form.k8s_kubeconfig_file.placeholder": "请选择文件",