mirror of https://github.com/certd/certd
feat: 支持腾讯云nginx-ingress
xiaojunnuo
parent
466d659f6e
commit
276a8b35e5
|
|
@ -41,6 +41,11 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
|
||||||
label: 'ingress名称',
|
label: 'ingress名称',
|
||||||
desc: '支持多个(传入数组)'
|
desc: '支持多个(传入数组)'
|
||||||
},
|
},
|
||||||
|
ingressClass: {
|
||||||
|
type: String,
|
||||||
|
label: 'ingress类型',
|
||||||
|
desc: '可选 qcloud / nginx'
|
||||||
|
},
|
||||||
clusterIp: {
|
clusterIp: {
|
||||||
type: String,
|
type: String,
|
||||||
label: '集群内网ip',
|
label: '集群内网ip',
|
||||||
|
|
@ -86,7 +91,13 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
|
||||||
// 修改内网解析ip地址
|
// 修改内网解析ip地址
|
||||||
k8sClient.setLookup({ [clusterDomain]: { ip: props.clusterIp } })
|
k8sClient.setLookup({ [clusterDomain]: { ip: props.clusterIp } })
|
||||||
}
|
}
|
||||||
await this.patchCertSecret({ k8sClient, props, context })
|
const ingressType = props.ingressClass || 'qcloud'
|
||||||
|
if (ingressType === 'qcloud') {
|
||||||
|
await this.patchQcloudCertSecret({ k8sClient, props, context })
|
||||||
|
} else {
|
||||||
|
await this.patchNginxCertSecret({ cert, k8sClient, props, context })
|
||||||
|
}
|
||||||
|
|
||||||
await this.sleep(2000) // 停留2秒,等待secret部署完成
|
await this.sleep(2000) // 停留2秒,等待secret部署完成
|
||||||
await this.restartIngress({ k8sClient, props })
|
await this.restartIngress({ k8sClient, props })
|
||||||
return true
|
return true
|
||||||
|
|
@ -121,7 +132,7 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
|
||||||
return ret.Kubeconfig
|
return ret.Kubeconfig
|
||||||
}
|
}
|
||||||
|
|
||||||
async patchCertSecret ({ k8sClient, props, context }) {
|
async patchQcloudCertSecret ({ k8sClient, props, context }) {
|
||||||
const { tencentCertId } = context
|
const { tencentCertId } = context
|
||||||
if (tencentCertId == null) {
|
if (tencentCertId == null) {
|
||||||
throw new Error('请先将【上传证书到腾讯云】作为前置任务')
|
throw new Error('请先将【上传证书到腾讯云】作为前置任务')
|
||||||
|
|
@ -151,6 +162,35 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async patchNginxCertSecret ({ cert, k8sClient, props, context }) {
|
||||||
|
const crt = cert.crt
|
||||||
|
const key = cert.key
|
||||||
|
const crtBase64 = Buffer.from(crt).toString('base64')
|
||||||
|
const keyBase64 = Buffer.from(key).toString('base64')
|
||||||
|
|
||||||
|
const { namespace, secretName } = props
|
||||||
|
|
||||||
|
const body = {
|
||||||
|
data: {
|
||||||
|
'tls.crt': crtBase64,
|
||||||
|
'tls.key': keyBase64
|
||||||
|
},
|
||||||
|
metadata: {
|
||||||
|
labels: {
|
||||||
|
certd: this.appendTimeSuffix('certd')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let secretNames = secretName
|
||||||
|
if (typeof secretName === 'string') {
|
||||||
|
secretNames = [secretName]
|
||||||
|
}
|
||||||
|
for (const secret of secretNames) {
|
||||||
|
await k8sClient.patchSecret({ namespace, secretName: secret, body })
|
||||||
|
this.logger.info(`CertSecret已更新:${secret}`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async restartIngress ({ k8sClient, props }) {
|
async restartIngress ({ k8sClient, props }) {
|
||||||
const { namespace, ingressName } = props
|
const { namespace, ingressName } = props
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,59 @@
|
||||||
|
import pkg from 'chai'
|
||||||
|
import { DeployCertToTencentTKEIngress } from '../../src/plugins/deploy-to-tke-ingress/index.js'
|
||||||
|
import { Certd } from '@certd/certd'
|
||||||
|
import { createOptions } from '../../../../../test/options.js'
|
||||||
|
import { K8sClient } from '../../src/utils/util.k8s.client.js'
|
||||||
|
|
||||||
|
const { expect } = pkg
|
||||||
|
|
||||||
|
async function getOptions () {
|
||||||
|
const options = createOptions()
|
||||||
|
options.args.test = false
|
||||||
|
options.cert.email = 'xiaojunnuo@qq.com'
|
||||||
|
options.cert.domains = ['*.docmirror.cn']
|
||||||
|
const certd = new Certd(options)
|
||||||
|
const cert = await certd.readCurrentCert()
|
||||||
|
const context = {}
|
||||||
|
const deployOpts = {
|
||||||
|
accessProviders: options.accessProviders,
|
||||||
|
cert,
|
||||||
|
props: {
|
||||||
|
accessProvider: 'tencent-yonsz',
|
||||||
|
region: 'ap-guangzhou',
|
||||||
|
clusterId: 'cls-6lbj1vee'
|
||||||
|
},
|
||||||
|
context
|
||||||
|
}
|
||||||
|
return { options, deployOpts }
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('DeployCertToTencentTKEIngressNginx', function () {
|
||||||
|
it('#getTKESecrets', async function () {
|
||||||
|
this.timeout(50000)
|
||||||
|
const { options, deployOpts } = await getOptions()
|
||||||
|
const plugin = new DeployCertToTencentTKEIngress(options)
|
||||||
|
const tkeClient = plugin.getTkeClient(options.accessProviders[deployOpts.props.accessProvider], deployOpts.props.region)
|
||||||
|
const kubeConfig = await plugin.getTkeKubeConfig(tkeClient, deployOpts.props.clusterId)
|
||||||
|
|
||||||
|
const k8sClient = new K8sClient(kubeConfig)
|
||||||
|
k8sClient.setLookup({
|
||||||
|
'cls-6lbj1vee.ccs.tencent-cloud.com': { ip: '13.123.123.123' }
|
||||||
|
})
|
||||||
|
const secrets = await k8sClient.getSecret({ namespace: 'stress' })
|
||||||
|
|
||||||
|
console.log('secrets:', secrets)
|
||||||
|
})
|
||||||
|
it('#execute', async function () {
|
||||||
|
this.timeout(5000)
|
||||||
|
|
||||||
|
const { options, deployOpts } = await getOptions()
|
||||||
|
deployOpts.props.ingressName = 'stress-ingress-nginx'
|
||||||
|
deployOpts.props.ingressClass = 'nginx'
|
||||||
|
deployOpts.props.secretName = 'stress-all'
|
||||||
|
deployOpts.props.namespace = 'stress'
|
||||||
|
const plugin = new DeployCertToTencentTKEIngress(options)
|
||||||
|
|
||||||
|
const ret = await plugin.doExecute(deployOpts)
|
||||||
|
console.log('sucess', ret)
|
||||||
|
})
|
||||||
|
})
|
||||||
Loading…
Reference in New Issue