From 276a8b35e56eb7f7f640bd5b0a77d09c3eaa22a8 Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Thu, 4 Nov 2021 17:48:11 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=E8=85=BE=E8=AE=AF?= =?UTF-8?q?=E4=BA=91nginx-ingress?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../plugins/deploy-to-tke-ingress/index.js | 44 +++++++++++++- .../deploy-to-tke-ingress-nginx.test.js | 59 +++++++++++++++++++ 2 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js diff --git a/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js b/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js index 2d493693..80099ebb 100644 --- a/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js +++ b/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js @@ -41,6 +41,11 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin { label: 'ingress名称', desc: '支持多个(传入数组)' }, + ingressClass: { + type: String, + label: 'ingress类型', + desc: '可选 qcloud / nginx' + }, clusterIp: { type: String, label: '集群内网ip', @@ -86,7 +91,13 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin { // 修改内网解析ip地址 k8sClient.setLookup({ [clusterDomain]: { ip: props.clusterIp } }) } - await this.patchCertSecret({ k8sClient, props, context }) + const ingressType = props.ingressClass || 'qcloud' + if (ingressType === 'qcloud') { + await this.patchQcloudCertSecret({ k8sClient, props, context }) + } else { + await this.patchNginxCertSecret({ cert, k8sClient, props, context }) + } + await this.sleep(2000) // 停留2秒,等待secret部署完成 await this.restartIngress({ k8sClient, props }) return true @@ -121,7 +132,7 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin { return ret.Kubeconfig } - async patchCertSecret ({ k8sClient, props, context }) { + async patchQcloudCertSecret ({ k8sClient, props, context }) { const { tencentCertId } = context if (tencentCertId == null) { throw new Error('请先将【上传证书到腾讯云】作为前置任务') @@ -151,6 +162,35 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin { } } + async patchNginxCertSecret ({ cert, k8sClient, props, context }) { + const crt = cert.crt + const key = cert.key + const crtBase64 = Buffer.from(crt).toString('base64') + const keyBase64 = Buffer.from(key).toString('base64') + + const { namespace, secretName } = props + + const body = { + data: { + 'tls.crt': crtBase64, + 'tls.key': keyBase64 + }, + metadata: { + labels: { + certd: this.appendTimeSuffix('certd') + } + } + } + let secretNames = secretName + if (typeof secretName === 'string') { + secretNames = [secretName] + } + for (const secret of secretNames) { + await k8sClient.patchSecret({ namespace, secretName: secret, body }) + this.logger.info(`CertSecret已更新:${secret}`) + } + } + async restartIngress ({ k8sClient, props }) { const { namespace, ingressName } = props diff --git a/packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js b/packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js new file mode 100644 index 00000000..f08991e0 --- /dev/null +++ b/packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js @@ -0,0 +1,59 @@ +import pkg from 'chai' +import { DeployCertToTencentTKEIngress } from '../../src/plugins/deploy-to-tke-ingress/index.js' +import { Certd } from '@certd/certd' +import { createOptions } from '../../../../../test/options.js' +import { K8sClient } from '../../src/utils/util.k8s.client.js' + +const { expect } = pkg + +async function getOptions () { + const options = createOptions() + options.args.test = false + options.cert.email = 'xiaojunnuo@qq.com' + options.cert.domains = ['*.docmirror.cn'] + const certd = new Certd(options) + const cert = await certd.readCurrentCert() + const context = {} + const deployOpts = { + accessProviders: options.accessProviders, + cert, + props: { + accessProvider: 'tencent-yonsz', + region: 'ap-guangzhou', + clusterId: 'cls-6lbj1vee' + }, + context + } + return { options, deployOpts } +} + +describe('DeployCertToTencentTKEIngressNginx', function () { + it('#getTKESecrets', async function () { + this.timeout(50000) + const { options, deployOpts } = await getOptions() + const plugin = new DeployCertToTencentTKEIngress(options) + const tkeClient = plugin.getTkeClient(options.accessProviders[deployOpts.props.accessProvider], deployOpts.props.region) + const kubeConfig = await plugin.getTkeKubeConfig(tkeClient, deployOpts.props.clusterId) + + const k8sClient = new K8sClient(kubeConfig) + k8sClient.setLookup({ + 'cls-6lbj1vee.ccs.tencent-cloud.com': { ip: '13.123.123.123' } + }) + const secrets = await k8sClient.getSecret({ namespace: 'stress' }) + + console.log('secrets:', secrets) + }) + it('#execute', async function () { + this.timeout(5000) + + const { options, deployOpts } = await getOptions() + deployOpts.props.ingressName = 'stress-ingress-nginx' + deployOpts.props.ingressClass = 'nginx' + deployOpts.props.secretName = 'stress-all' + deployOpts.props.namespace = 'stress' + const plugin = new DeployCertToTencentTKEIngress(options) + + const ret = await plugin.doExecute(deployOpts) + console.log('sucess', ret) + }) +})