diff --git a/internal/deployer/k8s_secret.go b/internal/deployer/k8s_secret.go
index 89789269..70c60d7d 100644
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@@ -9,6 +9,7 @@ import (
corev1 "k8s.io/api/core/v1"
k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"github.com/usual2970/certimate/internal/domain"
@@ -118,19 +119,26 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
}
func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
- kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
- if err != nil {
- return nil, err
+ var config *rest.Config
+ var err error
+ if access.KubeConfig == "" {
+ config, err = rest.InClusterConfig()
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
+ if err != nil {
+ return nil, err
+ }
+ config, err = kubeConfig.ClientConfig()
+ if err != nil {
+ return nil, err
+ }
}
- config, err := kubeConfig.ClientConfig()
- if err != nil {
- return nil, err
- }
-
client, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}
-
return client, nil
}
diff --git a/ui/src/components/certimate/AccessKubernetesForm.tsx b/ui/src/components/certimate/AccessKubernetesForm.tsx
index bb84c89c..23a696a9 100644
--- a/ui/src/components/certimate/AccessKubernetesForm.tsx
+++ b/ui/src/components/certimate/AccessKubernetesForm.tsx
@@ -37,7 +37,7 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
configType: accessTypeFormSchema,
kubeConfig: z
.string()
- .min(1, "access.authorization.form.k8s_kubeconfig.placeholder")
+ .min(0, "access.authorization.form.k8s_kubeconfig.placeholder")
.max(20480, t("common.errmsg.string_max", { max: 20480 })),
kubeConfigFile: z.any().optional(),
});
@@ -191,3 +191,4 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
};
export default AccessKubernetesForm;
+
diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json
index 100b6fbe..cd56f3b9 100644
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@@ -69,9 +69,9 @@
"access.authorization.form.ssh_key_passphrase.placeholder": "Please enter Key Passphrase",
"access.authorization.form.webhook_url.label": "Webhook URL",
"access.authorization.form.webhook_url.placeholder": "Please enter Webhook URL",
- "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+ "access.authorization.form.k8s_kubeconfig.label": "KubeConfig (Null will use pod's ServiceAccount)",
"access.authorization.form.k8s_kubeconfig.placeholder": "Please enter KubeConfig",
- "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file",
+ "access.authorization.form.k8s_kubeconfig_file.placeholder": "Please select file (Null will use pod's ServiceAccount)",
"access.group.tab": "Authorization Group",
diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json
index 41f761a2..64bfa84a 100644
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -69,7 +69,7 @@
"access.authorization.form.ssh_key_passphrase.placeholder": "请输入 Key 口令",
"access.authorization.form.webhook_url.label": "Webhook URL",
"access.authorization.form.webhook_url.placeholder": "请输入 Webhook URL",
- "access.authorization.form.k8s_kubeconfig.label": "KubeConfig",
+ "access.authorization.form.k8s_kubeconfig.label": "KubeConfig(不选将使用Pod的ServiceAccount)",
"access.authorization.form.k8s_kubeconfig.placeholder": "请输入 KubeConfig",
"access.authorization.form.k8s_kubeconfig_file.placeholder": "请选择文件",