change web kubectl to use sa

443e37d8 · Jeff · zryfish · 2c94cfdd · 443e37d8 · 443e37d8
隐藏空白更改
内联并排

Showing with 18 addition and 12 deletion

cmd/ks-iam/app/options/options.go cmd/ks-iam/app/options/options.go +2 -0

cmd/ks-iam/app/server.go cmd/ks-iam/app/server.go +1 -1

pkg/models/iam/im.go pkg/models/iam/im.go +15 -11

未找到文件。
--- a/cmd/ks-iam/app/options/options.go
+++ b/cmd/ks-iam/app/options/options.go
@@ -42,6 +42,7 @@ type ServerRunOptions struct {
 	JWTSecret               string
 	AuthRateLimit           string
 	EnableMultiLogin        bool
+	GenerateKubeConfig      bool
 }

 func NewServerRunOptions() *ServerRunOptions {
@@ -66,6 +67,7 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
 	fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret")
 	fs.StringVar(&s.AuthRateLimit, "auth-rate-limit", "5/30m", "specifies the maximum number of authentication attempts permitted and time interval,valid time units are \"s\",\"m\",\"h\"")
 	fs.BoolVar(&s.EnableMultiLogin, "enable-multi-login", false, "allow one account to have multiple sessions")
+	fs.BoolVar(&s.GenerateKubeConfig, "generate-kubeconfig", true, "generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops.")

 	s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
 	s.LdapOptions.AddFlags(fss.FlagSet("ldap"))

--- a/cmd/ks-iam/app/server.go
+++ b/cmd/ks-iam/app/server.go
@@ -94,7 +94,7 @@ func Run(s *options.ServerRunOptions, stopChan <-chan struct{}) error {

 	waitForResourceSync(stopChan)

-	err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin)
+	err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin, s.GenerateKubeConfig)

 	jwtutil.Setup(s.JWTSecret)


--- a/pkg/models/iam/im.go
+++ b/pkg/models/iam/im.go
@@ -51,13 +51,14 @@ import (
 )

 var (
-	adminEmail       string
-	adminPassword    string
-	tokenIdleTimeout time.Duration
-	maxAuthFailed    int
-	authTimeInterval time.Duration
-	initUsers        []initUser
-	enableMultiLogin bool
+	adminEmail         string
+	adminPassword      string
+	tokenIdleTimeout   time.Duration
+	maxAuthFailed      int
+	authTimeInterval   time.Duration
+	initUsers          []initUser
+	enableMultiLogin   bool
+	generateKubeConfig bool
 )

 type initUser struct {
@@ -72,12 +73,13 @@ const (
 	defaultAuthTimeInterval = 30 * time.Minute
 )

-func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool) error {
+func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool, isGeneratingKubeConfig bool) error {
 	adminEmail = email
 	adminPassword = password
 	tokenIdleTimeout = idleTimeout
 	maxAuthFailed, authTimeInterval = parseAuthRateLimit(authRateLimit)
 	enableMultiLogin = multiLogin
+	generateKubeConfig = isGeneratingKubeConfig

 	err := checkAndCreateDefaultUser()

@@ -1005,9 +1007,11 @@ func CreateUser(user *models.User) (*models.User, error) {
 		userCreateRequest.Attribute("description", []string{user.Description}) // RFC4519: descriptive information
 	}

-	if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
-		klog.Errorln("create user kubeconfig failed", user.Username, err)
-		return nil, err
+	if generateKubeConfig {
+		if err = kubeconfig.CreateKubeConfig(user.Username); err != nil {
+			klog.Errorln("create user kubeconfig failed", user.Username, err)
+			return nil, err
+		}
 	}

 	err = conn.Add(userCreateRequest)