github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

perf: 部署到k8s,tke,ack忽悠证书校验

v2-dev-order
xiaojunnuo 2025-07-22 17:03:52 +08:00
parent 41ce8489dc
commit ab84835362
3 changed files with 49 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/libs/lib-k8s/src/index.ts
View File

@ -1 +1 @@
export * from './lib/k8s.client.js';
export * from "./lib/k8s.client.js";

53
packages/libs/lib-k8s/src/lib/k8s.client.ts
View File

@ -1,7 +1,7 @@
import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from '@kubernetes/client-node';
import dns from 'dns';
import { ILogger } from '@certd/basic';
import _ from 'lodash-es';
import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from "@kubernetes/client-node";
import dns from "dns";
import { ILogger } from "@certd/basic";
import _ from "lodash-es";
export type K8sClientOpts = {
kubeConfigStr: string;
@ -9,6 +9,7 @@ export type K8sClientOpts = {
//{ [domain]:{ip:'xxx.xx.xxx'} }
//暂时没用
lookup?: any;
skipTLSVerify?: boolean;
};
export class K8sClient {
kubeconfig!: KubeConfig;
@ -16,10 +17,12 @@ export class K8sClient {
lookup!: (hostnameReq: any, options: any, callback: any) => void;
client!: CoreV1Api;
logger: ILogger;
skipTLSVerify?: boolean;
constructor(opts: K8sClientOpts) {
this.kubeConfigStr = opts.kubeConfigStr;
this.logger = opts.logger;
this.setLookup(opts.lookup);
this.skipTLSVerify = opts.skipTLSVerify;
this.init();
}
@ -27,6 +30,18 @@ export class K8sClient {
const kubeconfig = new KubeConfig();
kubeconfig.loadFromString(this.kubeConfigStr);
this.kubeconfig = kubeconfig;
try {
if (this.skipTLSVerify == true) {
for (const cluster of kubeconfig.getClusters()) {
// @ts-ignore
cluster["skipTLSVerify"] = this.skipTLSVerify;
}
}
} catch (e) {
this.logger.warn("skipTLSVerify error", e);
}
this.client = kubeconfig.makeApiClient(CoreV1Api);
// const reqOpts = { kubeconfig, request: {} } as any;
@ -47,9 +62,9 @@ export class K8sClient {
return;
}
this.lookup = (hostnameReq: any, options: any, callback: any) => {
this.logger.info('custom lookup', hostnameReq, localRecords);
this.logger.info("custom lookup", hostnameReq, localRecords);
if (localRecords[hostnameReq]) {
this.logger.info('local record', hostnameReq, localRecords[hostnameReq]);
this.logger.info("local record", hostnameReq, localRecords[hostnameReq]);
callback(null, localRecords[hostnameReq].ip, 4);
} else {
dns.lookup(hostnameReq, options, callback);
@ -63,7 +78,7 @@ export class K8sClient {
* @returns secretsList
*/
async getSecrets(opts: { namespace: string }) {
const namespace = opts.namespace || 'default';
const namespace = opts.namespace || "default";
return await this.client.listNamespacedSecret(namespace);
}
@ -73,9 +88,9 @@ export class K8sClient {
* @returns {Promise<*>}
*/
async createSecret(opts: { namespace: string; body: V1Secret }) {
const namespace = opts.namespace || 'default';
const namespace = opts.namespace || "default";
const created = await this.client.createNamespacedSecret(namespace, opts.body);
this.logger.info('new secrets:', opts.body);
this.logger.info("new secrets:", opts.body);
return created.body;
}
@ -89,24 +104,24 @@ export class K8sClient {
// }
async patchSecret(opts: { namespace: string; secretName: string; body: V1Secret }) {
const namespace = opts.namespace || 'default';
const namespace = opts.namespace || "default";
const secretName = opts.secretName;
if (secretName == null) {
throw new Error('secretName 不能为空');
throw new Error("secretName 不能为空");
}
this.logger.info('patch secret:', secretName, namespace);
this.logger.info("patch secret:", secretName, namespace);
const oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
const newSecret = _.merge(oldSecret.body, opts.body);
const res = await this.client.replaceNamespacedSecret(secretName, namespace, newSecret);
this.logger.info('secret updated');
this.logger.info("secret updated");
return res.body;
}
async getIngressList(opts: { namespace: string }) {
const namespace = opts.namespace || 'default';
const namespace = opts.namespace || "default";
const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
const res = await client.listNamespacedIngress(namespace);
this.logger.info('ingress list get:', res.body);
this.logger.info("ingress list get:", res.body);
return res.body;
}
@ -122,17 +137,17 @@ export class K8sClient {
// }
async patchIngress(opts: { namespace: string; ingressName: string; body: V1Ingress }) {
const namespace = opts.namespace || 'default';
const namespace = opts.namespace || "default";
const ingressName = opts.ingressName;
if (!ingressName) {
throw new Error('ingressName 不能为空');
throw new Error("ingressName 不能为空");
}
this.logger.info('patch ingress:', ingressName, namespace);
this.logger.info("patch ingress:", ingressName, namespace);
const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
const newIngress = _.merge(oldIngress.body, opts.body);
const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
this.logger.info('ingress patched', opts.body);
this.logger.info("ingress patched", opts.body);
return res;
}
}

15
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts
View File

@ -136,6 +136,18 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
ingressName!: string | string[];
@TaskInput({
title: "忽略证书校验",
required: false,
helper: "是否忽略证书校验",
component: {
name: "a-switch",
vModel: "checked",
}
})
skipTLSVerify!:boolean
// @TaskInput({ title: "集群内网ip", helper: "如果开启了外网的话,无需设置" })
// clusterIp!: string;
@ -163,7 +175,8 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
this.logger.info("kubeconfig已成功获取");
const k8sClient = new this.K8sClient({
kubeConfigStr,
logger: this.logger
logger: this.logger,
skipTLSVerify: this.skipTLSVerify,
});
// if (this.clusterIp != null) {
// if (!this.clusterDomain) {