feat: k8s部署支持ServiceAccount权限

2025-06-09 05:59:50 +00:00 · 2024-10-26 17:09:12 +08:00 · 2024-10-26 17:09:12 +08:00 · 548cbbfdd4
commit 548cbbfdd4
parent 332c5c5127
4 changed files with 22 additions and 13 deletions
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@ -9,6 +9,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"github.com/usual2970/certimate/internal/domain"
@ -118,19 +119,26 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 }
 func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
 	var config *rest.Config
 	var err error
 	if access.KubeConfig == "" {
 		config, err = rest.InClusterConfig()
 		if err != nil {
 			return nil, err
 		}
 	} else {
 		kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
 		if err != nil {
 			return nil, err
 		}
-	config, err := kubeConfig.ClientConfig()
+		config, err = kubeConfig.ClientConfig()
 		if err != nil {
 			return nil, err
 		}
-
+	}
 	client, err := kubernetes.NewForConfig(config)
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
--- a/ui/src/components/certimate/AccessKubernetesForm.tsx
+++ b/ui/src/components/certimate/AccessKubernetesForm.tsx
@ -37,7 +37,7 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
    configType: accessTypeFormSchema,
    kubeConfig: z
      .string()
-      .min(1, "access.authorization.form.k8s_kubeconfig.placeholder")
+      .min(0, "access.authorization.form.k8s_kubeconfig.placeholder")
      .max(20480, t("common.errmsg.string_max", { max: 20480 })),
    kubeConfigFile: z.any().optional(),
  });
@ -191,3 +191,4 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
 };
 export default AccessKubernetesForm;
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@ -69,9 +69,9 @@
  "access.authorization.form.ssh_key_passphrase.placeholder": "Please enter Key Passphrase",
  "access.authorization.form.webhook_url.label": "Webhook URL",
  "access.authorization.form.webhook_url.placeholder": "Please enter Webhook URL",
-  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig (Null will use pod's ServiceAccount)",
  "access.authorization.form.k8s_kubeconfig.placeholder": "Please enter KubeConfig",
-  "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file",
+  "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file (Null will use pod's ServiceAccount)",
  "access.group.tab": "Authorization Group",
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@ -69,7 +69,7 @@
  "access.authorization.form.ssh_key_passphrase.placeholder": "请输入 Key 口令",
  "access.authorization.form.webhook_url.label": "Webhook URL",
  "access.authorization.form.webhook_url.placeholder": "请输入 Webhook URL",
-  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+  "access.authorization.form.k8s_kubeconfig.label": "KubeConfig（不选将使用Pod的ServiceAccount）",
  "access.authorization.form.k8s_kubeconfig.placeholder": "请输入 KubeConfig",
  "access.authorization.form.k8s_kubeconfig_file.placeholder": "请选择文件",