l-98 开启Https_代码编写01

2 years ago · d3a21b89e7
parent 1f132e148b
commit d3a21b89e7
4 changed files with 61 additions and 8 deletions
--- a/api/v1/msbdeployment_types.go
+++ b/api/v1/msbdeployment_types.go
@ -54,6 +54,9 @@ type Expose struct {
 	// IngressDomain 域名。在 Mode为 ingress 的时候，此项为必填
 	// +optional
 	IngressDomain string `json:"ingressDomain,omitempty"`
+	// Tls 是否开启https
+	// +optional
+	Tls bool `json:"tls,omitempty"`
 	// NodePort nodePort端口。在 mode 为 nodeport 的时候，此项为必填
 	// +optional
 	NodePort int32 `json:"nodePort,omitempty"`
--- a/api/v1/msbdeployment_webhook.go
+++ b/api/v1/msbdeployment_webhook.go
@ -34,8 +34,6 @@ func (r *MsbDeployment) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }

-// TODO(user): EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-
 //+kubebuilder:webhook:path=/mutate-apps-mashibing-com-v1-msbdeployment,mutating=true,failurePolicy=fail,sideEffects=None,groups=apps.mashibing.com,resources=msbdeployments,verbs=create;update,versions=v1,name=mmsbdeployment.kb.io,admissionReviewVersions=v1

 var _ webhook.Defaulter = &MsbDeployment{}
@ -58,7 +56,6 @@ func (r *MsbDeployment) Default() {
 	// 增加每个字符串字段的空格处理
 }

-// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
 //+kubebuilder:webhook:path=/validate-apps-mashibing-com-v1-msbdeployment,mutating=false,failurePolicy=fail,sideEffects=None,groups=apps.mashibing.com,resources=msbdeployments,verbs=create;update,versions=v1,name=vmsbdeployment.kb.io,admissionReviewVersions=v1

 var _ webhook.Validator = &MsbDeployment{}
--- a/controllers/msbdeployment_controller.go
+++ b/controllers/msbdeployment_controller.go
@ -24,6 +24,8 @@ import (
 	networkv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
 	"reflect"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"strings"
@ -42,19 +44,38 @@ var WaitRequeue = 10 * time.Second
 // MsbDeploymentReconciler reconciles a MsbDeployment object
 type MsbDeploymentReconciler struct {
 	client.Client
-	Scheme *runtime.Scheme
+	DynamicClient dynamic.Interface // 用来访问 issuer和certificate资源
+	Scheme        *runtime.Scheme
 }

+// 创建GVR, 共动态客户端使用
+var (
+	// issuer
+	issuerGVR = schema.GroupVersionResource{
+		Group:    "cert-manager.io",
+		Version:  "v1",
+		Resource: "issuers",
+	}
+	// certificate
+	certGVR = schema.GroupVersionResource{
+		Group:    "cert-manager.io",
+		Version:  "v1",
+		Resource: "certificates",
+	}
+)
+
 //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments/finalizers,verbs=update
 //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="apps",resources=deployments,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="networking.k8s.io",resources=ingresses,verbs=get;list;watch;create;update;patch;delete
+// 创建 issuer 和 certificate 资源需要的权限
+//+kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch;create;update;patch
+//+kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create;update;patch

 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
 // the MsbDeployment object against the actual cluster state, and then
 // perform operations to make the cluster state reflect the state specified by
 // the user.
@ -226,6 +247,17 @@ func (r *MsbDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 					myAppsv1.ConditionReasonIngressNotReady); errStatus != nil {
 					return ctrl.Result{}, errStatus
 				}
+				if mdCopy.Spec.Expose.Tls {
+					// 创建 issuers
+					if err := r.createIssuer(ctx, mdCopy); err != nil {
+						return ctrl.Result{}, err
+					}
+
+					// 创建 certificates
+					if err := r.createCert(ctx, mdCopy); err != nil {
+						return ctrl.Result{}, err
+					}
+				}
 			} else if strings.ToLower(mdCopy.Spec.Expose.Mode) == myAppsv1.ModeNodePort {
 				// 4.1.2 mode 为 nodeport
 				// 4.1.2.1 退出
@ -258,6 +290,17 @@ func (r *MsbDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 				myAppsv1.ConditionReasonIngressReady); errStatus != nil {
 				return ctrl.Result{}, errStatus
 			}
+			if mdCopy.Spec.Expose.Tls {
+				// 创建 issuers
+				if err := r.createIssuer(ctx, mdCopy); err != nil {
+					return ctrl.Result{}, err
+				}
+
+				// 创建 certificates
+				if err := r.createCert(ctx, mdCopy); err != nil {
+					return ctrl.Result{}, err
+				}
+			}
 		} else if strings.ToLower(mdCopy.Spec.Expose.Mode) == myAppsv1.ModeNodePort {
 			// 4.2.2 mode 为 nodeport
 			// 4.2.2.1 删除 ingress
@ -290,7 +333,7 @@ func (r *MsbDeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&myAppsv1.MsbDeployment{}).
 		Owns(&appsv1.Deployment{}). // 监控 deployment 类型，变更就触发 reconciler
-		Owns(&corev1.Service{}). // 监控 service 类型，变更就触发 reconciler
+		Owns(&corev1.Service{}).    // 监控 service 类型，变更就触发 reconciler
 		Owns(&networkv1.Ingress{}). // 监控 ingress 类型，变更就触发 reconciler
 		Complete(r)
 }
@ -544,6 +587,14 @@ func (r *MsbDeploymentReconciler) deleteStatus(md *myAppsv1.MsbDeployment, condi
 	}
 }

+func (r *MsbDeploymentReconciler) createIssuer(ctx context.Context, mdCopy *myAppsv1.MsbDeployment) error {
+	return nil
+}
+
+func (r *MsbDeploymentReconciler) createCert(ctx context.Context, mdCopy *myAppsv1.MsbDeployment) error {
+	return nil
+}
+
 //	a := struct {
 //		len int
 //		cap int
--- a/main.go
+++ b/main.go
@ -18,6 +18,7 @@ package main

 import (
 	"flag"
+	"k8s.io/client-go/dynamic"
 	"os"

 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@ -91,8 +92,9 @@ func main() {

 	// 把我们的controller注册到manager中
 	if err = (&controllers.MsbDeploymentReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:        mgr.GetClient(),
+		DynamicClient: dynamic.NewForConfigOrDie(ctrl.GetConfigOrDie()),
+		Scheme:        mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "MsbDeployment")
 		os.Exit(1)