perf: 部署到k8s支持自动创建secret

packages/libs/lib-k8s/src/lib/k8s.client.ts

@@ -90,7 +90,7 @@ export class K8sClient {
   async createSecret(opts: { namespace: string; body: V1Secret }) {
     const namespace = opts.namespace || "default";
     const created = await this.client.createNamespacedSecret(namespace, opts.body);
-    this.logger.info("new secrets:", opts.body);
+    this.logger.info("new secrets:", opts.body.metadata);
     return created.body;
   }
 
@@ -103,17 +103,33 @@ export class K8sClient {
   //   return await this.client.replaceNamespacedSecret(secretName, namespace, opts.body);
   // }
 
-  async patchSecret(opts: { namespace: string; secretName: string; body: V1Secret }) {
+  async patchSecret(opts: { namespace: string; secretName: string; body: V1Secret; createOnNotFound?: boolean }) {
     const namespace = opts.namespace || "default";
     const secretName = opts.secretName;
     if (secretName == null) {
       throw new Error("secretName 不能为空");
     }
     this.logger.info("patch secret:", secretName, namespace);
-    const oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
+    let oldSecret: any = null;
+    try {
+      oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
+    } catch (e) {
+      //@ts-ignore
+      if (e.response?.body?.code === 404) {
+        this.logger.warn(`secret ${secretName} 不存在`);
+        if (opts.createOnNotFound) {
+          //没有找到，则创建
+          const res = await this.createSecret({ namespace, body: opts.body });
+          this.logger.info(`secret ${secretName} 已创建`);
+          return res;
+        }
+      }
+      throw e;
+    }
+
     const newSecret = _.merge(oldSecret.body, opts.body);
     const res = await this.client.replaceNamespacedSecret(secretName, namespace, newSecret);
-    this.logger.info("secret updated");
+    this.logger.info(`secret ${secretName} 已更新`);
     return res.body;
   }
 

packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts

@@ -34,20 +34,6 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
   })
   ingressClass!: string;
 
-  /**
-   * AccessProvider的key,或者一个包含access的具体的对象
-   */
-  @TaskInput({
-    title: "Access授权",
-    helper: "access授权",
-    component: {
-      name: "access-selector",
-      type: "tencent"
-    },
-    required: true
-  })
-  accessId!: string;
-
   @TaskInput({
     title: "腾讯云证书id",
     helper: "请选择“上传证书到腾讯云”前置任务的输出",
@@ -66,6 +52,7 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
   })
   tencentCertId!: string;
 
+
   @TaskInput({
     title: "域名证书",
     helper: "请选择前置任务输出的域名证书",
@@ -85,6 +72,24 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
   cert!: any;
 
 
+
+
+  /**
+   * AccessProvider的key,或者一个包含access的具体的对象
+   */
+  @TaskInput({
+    title: "Access授权",
+    helper: "access授权",
+    component: {
+      name: "access-selector",
+      type: "tencent"
+    },
+    required: true
+  })
+  accessId!: string;
+
+
+
   @TaskInput({ title: "大区", value: "ap-guangzhou", required: true })
   region!: string;
 
@@ -147,6 +152,17 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
   })
   skipTLSVerify!:boolean
 
+  @TaskInput({
+    title: "Secret自动创建",
+    helper: "如果Secret不存在，则创建",
+    value: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+  })
+  createOnNotFound: boolean;
+
 
   // @TaskInput({ title: "集群内网ip", helper: "如果开启了外网的话，无需设置" })
   // clusterIp!: string;
@@ -288,7 +304,7 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
       secretNames = [secretName];
     }
     for (const secret of secretNames) {
-      await k8sClient.patchSecret({ namespace, secretName: secret, body });
+      await k8sClient.patchSecret({ namespace, secretName: secret, body , createOnNotFound: this.createOnNotFound});
       this.logger.info(`CertSecret已更新:${secret}`);
     }
   }