diff --git a/api/v1/msbdeployment_types.go b/api/v1/msbdeployment_types.go index 222046c..408dadd 100644 --- a/api/v1/msbdeployment_types.go +++ b/api/v1/msbdeployment_types.go @@ -54,6 +54,9 @@ type Expose struct { // IngressDomain 域名。在 Mode为 ingress 的时候,此项为必填 // +optional IngressDomain string `json:"ingressDomain,omitempty"` + // Tls 是否开启https + // +optional + Tls bool `json:"tls,omitempty"` // NodePort nodePort端口。在 mode 为 nodeport 的时候,此项为必填 // +optional NodePort int32 `json:"nodePort,omitempty"` diff --git a/api/v1/msbdeployment_webhook.go b/api/v1/msbdeployment_webhook.go index 39e7552..bb79dcd 100644 --- a/api/v1/msbdeployment_webhook.go +++ b/api/v1/msbdeployment_webhook.go @@ -34,8 +34,6 @@ func (r *MsbDeployment) SetupWebhookWithManager(mgr ctrl.Manager) error { Complete() } -// TODO(user): EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! - //+kubebuilder:webhook:path=/mutate-apps-mashibing-com-v1-msbdeployment,mutating=true,failurePolicy=fail,sideEffects=None,groups=apps.mashibing.com,resources=msbdeployments,verbs=create;update,versions=v1,name=mmsbdeployment.kb.io,admissionReviewVersions=v1 var _ webhook.Defaulter = &MsbDeployment{} @@ -58,7 +56,6 @@ func (r *MsbDeployment) Default() { // 增加每个字符串字段的空格处理 } -// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-apps-mashibing-com-v1-msbdeployment,mutating=false,failurePolicy=fail,sideEffects=None,groups=apps.mashibing.com,resources=msbdeployments,verbs=create;update,versions=v1,name=vmsbdeployment.kb.io,admissionReviewVersions=v1 var _ webhook.Validator = &MsbDeployment{} diff --git a/controllers/msbdeployment_controller.go b/controllers/msbdeployment_controller.go index 6c69b13..23518cb 100644 --- a/controllers/msbdeployment_controller.go +++ b/controllers/msbdeployment_controller.go @@ -24,6 +24,8 @@ import ( networkv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" "reflect" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "strings" @@ -42,19 +44,38 @@ var WaitRequeue = 10 * time.Second // MsbDeploymentReconciler reconciles a MsbDeployment object type MsbDeploymentReconciler struct { client.Client - Scheme *runtime.Scheme + DynamicClient dynamic.Interface // 用来访问 issuer和certificate资源 + Scheme *runtime.Scheme } +// 创建GVR, 共动态客户端使用 +var ( + // issuer + issuerGVR = schema.GroupVersionResource{ + Group: "cert-manager.io", + Version: "v1", + Resource: "issuers", + } + // certificate + certGVR = schema.GroupVersionResource{ + Group: "cert-manager.io", + Version: "v1", + Resource: "certificates", + } +) + //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments/status,verbs=get;update;patch //+kubebuilder:rbac:groups=apps.mashibing.com,resources=msbdeployments/finalizers,verbs=update //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="apps",resources=deployments,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="networking.k8s.io",resources=ingresses,verbs=get;list;watch;create;update;patch;delete +// 创建 issuer 和 certificate 资源需要的权限 +//+kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch;create;update;patch +//+kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create;update;patch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. -// TODO(user): Modify the Reconcile function to compare the state specified by // the MsbDeployment object against the actual cluster state, and then // perform operations to make the cluster state reflect the state specified by // the user. @@ -226,6 +247,17 @@ func (r *MsbDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Reques myAppsv1.ConditionReasonIngressNotReady); errStatus != nil { return ctrl.Result{}, errStatus } + if mdCopy.Spec.Expose.Tls { + // 创建 issuers + if err := r.createIssuer(ctx, mdCopy); err != nil { + return ctrl.Result{}, err + } + + // 创建 certificates + if err := r.createCert(ctx, mdCopy); err != nil { + return ctrl.Result{}, err + } + } } else if strings.ToLower(mdCopy.Spec.Expose.Mode) == myAppsv1.ModeNodePort { // 4.1.2 mode 为 nodeport // 4.1.2.1 退出 @@ -258,6 +290,17 @@ func (r *MsbDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Reques myAppsv1.ConditionReasonIngressReady); errStatus != nil { return ctrl.Result{}, errStatus } + if mdCopy.Spec.Expose.Tls { + // 创建 issuers + if err := r.createIssuer(ctx, mdCopy); err != nil { + return ctrl.Result{}, err + } + + // 创建 certificates + if err := r.createCert(ctx, mdCopy); err != nil { + return ctrl.Result{}, err + } + } } else if strings.ToLower(mdCopy.Spec.Expose.Mode) == myAppsv1.ModeNodePort { // 4.2.2 mode 为 nodeport // 4.2.2.1 删除 ingress @@ -290,7 +333,7 @@ func (r *MsbDeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&myAppsv1.MsbDeployment{}). Owns(&appsv1.Deployment{}). // 监控 deployment 类型,变更就触发 reconciler - Owns(&corev1.Service{}). // 监控 service 类型,变更就触发 reconciler + Owns(&corev1.Service{}). // 监控 service 类型,变更就触发 reconciler Owns(&networkv1.Ingress{}). // 监控 ingress 类型,变更就触发 reconciler Complete(r) } @@ -544,6 +587,14 @@ func (r *MsbDeploymentReconciler) deleteStatus(md *myAppsv1.MsbDeployment, condi } } +func (r *MsbDeploymentReconciler) createIssuer(ctx context.Context, mdCopy *myAppsv1.MsbDeployment) error { + return nil +} + +func (r *MsbDeploymentReconciler) createCert(ctx context.Context, mdCopy *myAppsv1.MsbDeployment) error { + return nil +} + // a := struct { // len int // cap int diff --git a/main.go b/main.go index df7f1b9..c19fa12 100644 --- a/main.go +++ b/main.go @@ -18,6 +18,7 @@ package main import ( "flag" + "k8s.io/client-go/dynamic" "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) @@ -91,8 +92,9 @@ func main() { // 把我们的controller注册到manager中 if err = (&controllers.MsbDeploymentReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), + Client: mgr.GetClient(), + DynamicClient: dynamic.NewForConfigOrDie(ctrl.GetConfigOrDie()), + Scheme: mgr.GetScheme(), }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "MsbDeployment") os.Exit(1)