Merge pull request #107 from sampsonye/feature-for-k8s-token

支持使用Token方式访问K8S

Merge pull request #107 from sampsonye/feature-for-k8s-token
支持使用Token方式访问K8S
4deee706 · colynn.liu · GitHub · b6e82f2c · 91ee0383 · 4deee706
16 changed file
--- a/README.md
+++ b/README.md
@@ -180,7 +180,5 @@ __AtomCI__ 因你而变。
 |`ldap::baseDN`| OU=Xxx,DC=xx,DC=com | |
 | JWT 配置 <br/>|
 |`jwt::secret`| changemeforsecurity |　jwt的加密使用的字段，建议修改 |
-| K8s配置　<br/> |
-|`k8s::configPath`| ./conf/k8sconfig | k8s 配置文件存放路径，不建议修改|
 |<br/>|
 |`atomci::url`| http://localhost:8080 | AtomCI 回调地址　|
--- a/cmd/atomci/main.go
+++ b/cmd/atomci/main.go
@@ -24,15 +24,11 @@ import (

 	"github.com/go-atomci/atomci/internal/cronjob"
 	_ "github.com/go-atomci/atomci/internal/initialize"
+	_ "github.com/go-atomci/atomci/internal/migrations"
 	_ "github.com/go-atomci/atomci/internal/models"
 	"github.com/go-atomci/atomci/internal/routers"
-	"github.com/go-atomci/atomci/pkg/kube"
 )

-func init() {
-	kube.Init()
-}
-
 func main() {
 	cronjob.RunPublishJobServer()
 	beego.Info("Beego version:", beego.VERSION)

--- a/conf/app.conf
+++ b/conf/app.conf
@@ -36,9 +36,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity

-[k8s]
-configPath = ./conf/k8sconfig
-
 # build/deploy callback 
 [atomci]
 url = http://localhost:8080

--- a/conf/app.conf.template
+++ b/conf/app.conf.template
@@ -40,10 +40,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity

-[k8s]
-# k8s相关配置文件默认保存地址，一般请不要修改
-configPath = ./conf/k8sconfig
-
 [atomci]
 # atomci后端服务地址，用于k8s/jenkins进行回调，因此请确保地址是可以被k8s集群(jenkins agent)访问到
 url = http://localhost:8080

--- a/deploy/docker-compose/conf/app.conf
+++ b/deploy/docker-compose/conf/app.conf
@@ -36,9 +36,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity

-[k8s]
-configPath = ./conf/k8sconfig
-
 # build/deploy callback 
 [atomci]
 url = http://localhost:8080
\ No newline at end of file
--- a/internal/api/terminal.go
+++ b/internal/api/terminal.go
@@ -18,14 +18,9 @@ package api

 import (
 	"fmt"
-	"path"
-
 	"github.com/go-atomci/atomci/internal/core/podexec"
 	"github.com/go-atomci/atomci/internal/middleware/log"
 	"github.com/go-atomci/atomci/pkg/kube"
-
-	"github.com/astaxie/beego"
-	"k8s.io/client-go/tools/clientcmd"
 )

 type TerminalController struct {
@@ -57,7 +52,7 @@ func (t *TerminalController) PodTerminal() {
 		_ = pty.Close()
 	}()

-	kubeCli, err := kube.GetClientset(cluster)
+	kubeCli, cfg, err := kube.GetClientset(cluster)
 	if err != nil {
 		msg := fmt.Sprintf("get kubecli err :%v", err)
 		log.Log.Error(msg)
@@ -79,14 +74,6 @@ func (t *TerminalController) PodTerminal() {
 		return
 	}

-	configFile := path.Join(beego.AppConfig.String("k8s::configPath"), cluster)
-	cfg, err := clientcmd.BuildConfigFromFlags("", configFile)
-	if err != nil {
-		msg := fmt.Sprintf("build config occur error: %s", err.Error())
-		log.Log.Error(msg)
-		t.HandleInternalServerError(msg)
-		return
-	}
 	err = podexec.ExecPod(kubeCli, cfg, []string{"/bin/sh"}, pty, namespace, podName, containerName)
 	if err != nil {
 		msg := fmt.Sprintf("Exec to pod error! err: %v", err)

--- a/internal/core/kuberes/application.go
+++ b/internal/core/kuberes/application.go
@@ -144,7 +144,7 @@ func NewAppRes(cluster string, envID, projectID int64) (*AppRes, error) {
 			ProjectID: projectID,
 		}, nil
 	}
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		if cluster != "" {
 			return nil, errors.NewInternalServerError().SetCause(err)
@@ -486,7 +486,7 @@ func (ar *AppRes) SetLabels(namespace, name string, labels map[string]string) er
 }

 func CreateK8sNamespace(cluster, namespace string) error {
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		return err
 	}
@@ -505,7 +505,7 @@ func CreateK8sNamespace(cluster, namespace string) error {
 }

 func CreateRegistrySecret(cluster, namespace string, envID int64) error {
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		log.Log.Warning(fmt.Sprintf("create registry secret failed: %v", err.Error()))
 		return err

--- a/internal/core/settings/settings.go
+++ b/internal/core/settings/settings.go
@@ -19,8 +19,7 @@ package settings
 import (
 	"encoding/json"
 	"fmt"
-	"io"
-	"os"
+	"k8s.io/client-go/rest"
 	"strings"
 	"time"

@@ -30,7 +29,6 @@ import (
 	"github.com/go-atomci/atomci/utils/query"
 	"github.com/go-atomci/atomci/utils/validate"

-	"github.com/astaxie/beego"
 	"github.com/go-atomci/workflow/jenkins"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@@ -69,6 +67,9 @@ const (
 	KubernetesType = "kubernetes"
 	RegistryType   = "registry"
 	JenkinsType    = "jenkins"
+
+	KubernetesConfig = "kubernetesConfig"
+	KubernetesToken  = "kubernetesToken"
 )

 type Config struct{}
@@ -81,6 +82,7 @@ type BaseConfig struct {
 type KubeConfig struct {
 	URL  string `json:"url,omitempty"`
 	Conf string `json:"conf,omitempty"`
+	Type string `json:"type,omitempty"`
 }
 type RegistryConfig struct {
 	BaseConfig
@@ -169,6 +171,16 @@ func (pm *SettingManager) GetIntegrateSettingByID(id int64) (*IntegrateSettingRe
 	return formatSignalIntegrateSetting(integrateSetting, config), err
 }

+func (pm *SettingManager) GetIntegrateSettingByName(name string, integrateType string) (*IntegrateSettingResponse, error) {
+	integrateSetting, err := pm.model.GetIntegrateSettingByName(name, integrateType)
+	if err != nil {
+		log.Log.Error("when GetIntegrateSettingByName, get GetIntegrateSettingByName occur error: %s", err.Error())
+		return nil, err
+	}
+	config := &Config{}
+	return formatSignalIntegrateSetting(integrateSetting, config), err
+}
+
 // GetIntegrateSettingsByPagination ..
 func (pm *SettingManager) GetIntegrateSettingsByPagination(filter *query.FilterQuery, intergrateTypes []string) (*query.QueryResult, error) {
 	queryResult, settingsList, err := pm.model.GetIntegrateSettingsByPagination(filter, intergrateTypes)
@@ -208,40 +220,10 @@ func (pm *SettingManager) UpdateIntegrateSetting(request *IntegrateSettingReq, s
 		log.Log.Error("json marshal error: %s", err.Error())
 		return err
 	}
-	//stageModel.Config = config
-	stageModel.CryptoConfig(config)
-	if request.Type == KubernetesType {
-		kube := &KubeConfig{}
-		err := json.Unmarshal([]byte(config), kube)
-		if err == nil {
-			pm.createOrupateKubernetesConfig(request.Name, kube.Conf)
-		} else {
-			log.Log.Error("kuber conf format error:  %v", err.Error())
-		}
-	}
-	return pm.model.UpdateIntegrateSetting(stageModel)
-}

-func (pm *SettingManager) createOrupateKubernetesConfig(clusterName, config string) error {
-	configPath := beego.AppConfig.String("k8s::configPath")
+	stageModel.CryptoConfig(config)

-	log.Log.Debug("configPath: %v", configPath)
-	err := os.MkdirAll(configPath, 0766)
-	if err != nil {
-		log.Log.Error(fmt.Sprintf("Failed to make the k8sconfig dir: %v", err.Error()))
-		return err
-	}
-	fileObj, err := os.OpenFile(configPath+"/"+clusterName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
-	if err != nil {
-		log.Log.Error(fmt.Sprintf("Failed to open the file: %v", err.Error()))
-		return err
-	}
-	if _, err := io.WriteString(fileObj, config); err != nil {
-		log.Log.Error(fmt.Sprintf("init K8S cluster %v configure failed: %v", clusterName, err.Error()))
-		return err
-	}
-	log.Log.Debug(fmt.Sprintf("update K8S cluster %v configure successfully", clusterName))
-	return nil
+	return pm.model.UpdateIntegrateSetting(stageModel)
 }

 // VerifyIntegrateSetting ..
@@ -258,16 +240,30 @@ func (pm *SettingManager) VerifyIntegrateSetting(request *IntegrateSettingReq) V
 	case KubernetesType:
 		kube := &KubeConfig{}
 		err := json.Unmarshal([]byte(config), kube)
+		if kube.Type == "" {
+			kube.Type = KubernetesConfig
+		}
 		if err != nil {
 			log.Log.Error("kuber conf format error:  %v", err.Error())
 			resp.Error = err
 			return resp
 		}
-		k8sconf, err := clientcmd.RESTConfigFromKubeConfig([]byte(kube.Conf))
-		if err != nil {
-			resp.Error = err
-			return resp
+		var k8sconf *rest.Config
+		switch kube.Type {
+		case KubernetesConfig:
+			k8sconf, err = clientcmd.RESTConfigFromKubeConfig([]byte(kube.Conf))
+			if err != nil {
+				resp.Error = err
+				return resp
+			}
+		case KubernetesToken:
+			k8sconf = &rest.Config{
+				BearerToken:     kube.Conf,
+				TLSClientConfig: rest.TLSClientConfig{Insecure: true},
+				Host:            kube.URL,
+			}
 		}
+
 		clientset, err := kubernetes.NewForConfig(k8sconf)
 		if err != nil {
 			resp.Error = err
@@ -352,21 +348,6 @@ func (pm *SettingManager) CreateIntegrateSetting(request *IntegrateSettingReq, c

 	newIntegrateSetting.CryptoConfig(config)

-	if request.Type == KubernetesType {
-		kube := &KubeConfig{}
-		err := json.Unmarshal([]byte(config), kube)
-		if err != nil {
-			msg := fmt.Sprintf("kuber conf format error:  %v", err.Error())
-			log.Log.Error(msg)
-			return fmt.Errorf(msg)
-		}
-
-		if err := pm.createOrupateKubernetesConfig(request.Name, kube.Conf); err != nil {
-			log.Log.Error("create or update k8s config file error: %s", err.Error())
-		} else {
-			log.Log.Debug("create or update k8s config file success.")
-		}
-	}
 	return pm.model.CreateIntegrateSetting(newIntegrateSetting)
 }


--- a/internal/dao/integrate_settings.go
+++ b/internal/dao/integrate_settings.go
@@ -49,9 +49,18 @@ func (model *SysSettingModel) GetIntegrateSettingByID(integrateSettingID int64)
 	return &integrateSetting, nil
 }

+func (model *SysSettingModel) GetIntegrateSettingByName(name string, integrateType string) (*models.IntegrateSetting, error) {
+	integrateSetting := models.IntegrateSetting{}
+	qs := model.ormer.QueryTable(model.IntegrateSettingTableName).Filter("deleted", false)
+	if err := qs.Filter("name", name).Filter("type", integrateType).One(&integrateSetting); err != nil {
+		return nil, err
+	}
+	return &integrateSetting, nil
+}
+
 // GetIntegrateSettings ...
 func (model *SysSettingModel) GetIntegrateSettings(integrateTypes []string) ([]*models.IntegrateSetting, error) {
-	integrateSettings := []*models.IntegrateSetting{}
+	var integrateSettings []*models.IntegrateSetting
 	qs := model.ormer.QueryTable(model.IntegrateSettingTableName).Filter("deleted", false)
 	if len(integrateTypes) > 0 {
 		qs = qs.Filter("type__in", integrateTypes)

--- a/internal/migrations/migration20220324.go
+++ b/internal/migrations/migration20220324.go
+package migrations
+
+import (
+	"github.com/astaxie/beego/orm"
+	"github.com/go-atomci/atomci/internal/core/settings"
+	"time"
+)
+
+type Migration20220324 struct {
+}
+
+func (m Migration20220324) GetCreateAt() time.Time {
+	return time.Date(2022, 3, 24, 0, 0, 0, 0, time.Local)
+}
+
+func (m Migration20220324) Upgrade(ormer orm.Ormer) error {
+	pm := settings.NewSettingManager()
+	k8sSettings, err := pm.GetIntegrateSettings([]string{"kubernetes"})
+	if err != nil {
+		return err
+	}
+	for _, setting := range k8sSettings {
+		req := &setting.IntegrateSettingReq
+		cfg := req.Config.(*settings.KubeConfig)
+		if cfg.Type == "" {
+			cfg.Type = settings.KubernetesConfig
+			cfg.URL = ""
+			err = pm.UpdateIntegrateSetting(req, setting.ID)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
--- a/internal/migrations/migrations.go
+++ b/internal/migrations/migrations.go
@@ -2,6 +2,7 @@ package migrations

 import (
 	"github.com/astaxie/beego/orm"
+	"os"
 	"sort"
 	"time"
 )
@@ -29,11 +30,12 @@ func (t MigrationTypes) Swap(i, j int) {
 	t[i], t[j] = t[j], t[i]
 }

-// InitMigration db migration register
-func InitMigration() {
+// initMigration db migration register
+func initMigration() {
 	migrationTypes := MigrationTypes{
 		new(Migration20220101),
 		new(Migration20220309),
+		new(Migration20220324),
 	}

 	migrateInTx(migrationTypes)
@@ -95,3 +97,10 @@ func sureCreateTable(ormer orm.Ormer) {
 	)`
 	ormer.Raw(ddl).Exec()
 }
+
+func init() {
+	if len(os.Args) > 1 && os.Args[1][:5] == "-test" {
+		return
+	}
+	initMigration()
+}
--- a/internal/models/integrate.go
+++ b/internal/models/integrate.go
@@ -37,7 +37,6 @@ func (t *IntegrateSetting) TableName() string {
 }

 func (t *IntegrateSetting) CryptoConfig(raw string) {
-	t.crypto(raw)
 	t.Config = t.crypto(raw)
 }


--- a/internal/models/models.go
+++ b/internal/models/models.go
@@ -18,7 +18,6 @@ package models

 import (
 	"fmt"
-	"github.com/go-atomci/atomci/internal/migrations"
 	"os"
 	"time"

@@ -156,6 +155,5 @@ func init() {
 		return
 	}
 	initOrm()
-	migrations.InitMigration()
 	// orm.RunSyncdb("default", false, true)
 }
--- a/pkg/kube/clientset.go
+++ b/pkg/kube/clientset.go
@@ -17,53 +17,38 @@ limitations under the License.
 package kube

 import (
-	"sync"
-
+	"github.com/go-atomci/atomci/internal/core/settings"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 )

-var (
-	clusterClientsetMapMutex sync.RWMutex
-	clusterClientsetMap      = make(map[string]kubernetes.Interface)
-)
-
-func findClientset(cluster string) (client kubernetes.Interface, ok bool) {
-	clusterClientsetMapMutex.RLock()
-	defer clusterClientsetMapMutex.RUnlock()
-	client, ok = clusterClientsetMap[cluster]
-	return client, ok
-}
+func GetClientset(cluster string) (client kubernetes.Interface, cfg *rest.Config, err error) {

-func newClientset(cluster string) (client kubernetes.Interface, err error) {
-	var ok bool
-	clusterClientsetMapMutex.Lock()
-	defer clusterClientsetMapMutex.Unlock()
-	client, ok = clusterClientsetMap[cluster]
-	if !ok {
-		client, err = clientsetProvider(cluster)
-		if err == nil {
-			clusterClientsetMap[cluster] = client
-		}
+	pm := settings.NewSettingManager()
+	resp, err := pm.GetIntegrateSettingByName(cluster, settings.KubernetesType)
+	if err != nil {
+		return nil, nil, err
 	}
-	return client, err
+	return buildK8sClient(resp.IntegrateSettingReq.Config.(*settings.KubeConfig))
 }

-func GetClientset(cluster string) (client kubernetes.Interface, err error) {
-	var ok bool
-	client, ok = findClientset(cluster)
-	if !ok {
-		client, err = newClientset(cluster)
+func buildK8sClient(kube *settings.KubeConfig) (client kubernetes.Interface, cfg *rest.Config, err error) {
+	var k8sConfig *rest.Config
+	switch kube.Type {
+	case settings.KubernetesConfig:
+		k8sConfig, err = clientcmd.RESTConfigFromKubeConfig([]byte(kube.Conf))
+		if err != nil {
+			return nil, nil, err
+		}
+	case settings.KubernetesToken:
+		k8sConfig = &rest.Config{
+			BearerToken:     kube.Conf,
+			TLSClientConfig: rest.TLSClientConfig{Insecure: true},
+			Host:            kube.URL,
+		}
 	}
-	return client, err
-}

-func UpdateClientset(cluster string) (client kubernetes.Interface, err error) {
-	clusterClientsetMapMutex.Lock()
-	defer clusterClientsetMapMutex.Unlock()
-	client, err = clientsetProvider(cluster)
-	if err != nil {
-		return
-	}
-	clusterClientsetMap[cluster] = client
-	return
+	clientSet, err := kubernetes.NewForConfig(k8sConfig)
+	return clientSet, k8sConfig, err
 }
--- a/pkg/kube/kube.go
+++ b/pkg/kube/kube.go
-/*
-Copyright 2021 The AtomCI Group Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package kube
-
-import (
-	"path"
-
-	"github.com/astaxie/beego"
-	"github.com/astaxie/beego/config"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/tools/clientcmd"
-)
-
-var clientsetProvider func(cluster string) (kubernetes.Interface, error)
-
-var appConfigProvider func() config.Configer
-
-func Init() {
-	clientsetProvider = func(cluster string) (kubernetes.Interface, error) {
-		configPath := path.Join(beego.AppConfig.String("k8s::configPath"), cluster)
-		config, err := clientcmd.BuildConfigFromFlags("", configPath)
-
-		if err != nil {
-			return nil, err
-		}
-		return kubernetes.NewForConfig(config)
-	}
-
-	appConfigProvider = func() config.Configer {
-		return beego.AppConfig
-	}
-}
--- a/web/src/views/setting/components/IntegrateCreate.vue
+++ b/web/src/views/setting/components/IntegrateCreate.vue
@@ -22,18 +22,27 @@
        <el-input v-model.trim="form.name" auto-complete="off" maxlength="60" placeholder="请输入名称" :disabled="isKubernetes"></el-input>
      </el-form-item>
      <el-form-item label="配置类型" prop="type" class="form-item">
-        <el-select v-model="form.type" placeholder="请选择" filterable :disabled="isEdit">
+        <el-select v-model="form.type" placeholder="请选择" filterable :disabled="isEdit" @change="selectChange">
          <el-option v-for="(item, index) in settingTypeList" :key="index" :label="item.name" :value="item.name">
          </el-option>
        </el-select>
      </el-form-item>
      <div v-if="form.type ==='kubernetes'">
-        <el-form-item label="Kubernetes URL" prop="config.url" class="form-item">
+        <el-form-item label="认证类型" prop="config.type" class="form-item">
+          <el-radio-group v-model="form.config.type">
+            <el-radio label="kubernetesConfig">Kubernetes Config</el-radio>
+            <el-radio label="kubernetesToken">Service Account Token</el-radio>
+          </el-radio-group>
+        </el-form-item>
+        <el-form-item v-if="form.config.type==='kubernetesToken'" label="Kubernetes URL" prop="config.url" class="form-item">
          <el-input v-model.trim="form.config.url" auto-complete="off" placeholder="请输入Kubernetes地址"></el-input>
        </el-form-item>
-        <el-form-item label="Kubernetes Config" prop="config.conf" class="form-item">
+        <el-form-item v-if="form.config.type==='kubernetesConfig'" label="Kubernetes Config" prop="config.conf" class="form-item">
          <el-input type="textarea" :rows="8" v-model="form.config.conf" placeholder="请输入Kubernetes Config"></el-input>
        </el-form-item>
+        <el-form-item v-else-if="form.config.type==='kubernetesToken'" label="Kubernetes Token" prop="config.conf" class="form-item">
+          <el-input type="textarea" :rows="8" v-model="form.config.conf" placeholder="请输入Kubernetes Token"></el-input>
+        </el-form-item>
      </div>
      <div v-else-if="form.type ==='jenkins'">
        <el-form-item label="Jenkins URL" prop="config.url" class="form-item">
@@ -141,6 +150,9 @@ export default {
        'config.token': [
          { required: true, message: '请输入token信息', trigger: 'blur' },
        ],
+        'config.type': [
+          { required: true, message: '请选择类型', trigger: 'blur' },
+        ],
        description: [
          { required: false, message: '描述信息不能为空', trigger: 'blur' },
        ],
@@ -155,7 +167,15 @@ export default {
  },
  created() {
  },
+
  methods: {
+    selectChange(newVal){
+      console.log("下拉改变",newVal)
+      if (this.form.type === 'kubernetes'){
+        if (this.form.config.type == null)
+          this.$set(this.form.config,"type","kubernetesConfig")
+      }
+    },
    handleClose(done) {
      this.$confirm('确认关闭？')
        .then(_ => {