add shell access to node
Signed-off-by: lynxcat <lynxcatdeng@gmail.com>
This commit is contained in:
lynxcat
@@ -45,10 +45,10 @@ type terminalHandler struct {
|
||||
authorizer authorizer.Authorizer
|
||||
}
|
||||
|
||||
func newTerminalHandler(client kubernetes.Interface, authorizer authorizer.Authorizer, config *rest.Config) *terminalHandler {
|
||||
func newTerminalHandler(client kubernetes.Interface, authorizer authorizer.Authorizer, config *rest.Config, options *terminal.Options) *terminalHandler {
|
||||
return &terminalHandler{
|
||||
authorizer: authorizer,
|
||||
terminaler: terminal.NewTerminaler(client, config),
|
||||
terminaler: terminal.NewTerminaler(client, config, options),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -89,3 +89,38 @@ func (t *terminalHandler) handleTerminalSession(request *restful.Request, respon
|
||||
|
||||
t.terminaler.HandleSession(shell, namespace, podName, containerName, conn)
|
||||
}
|
||||
|
||||
func (t *terminalHandler) handleShellAccessToNode(request *restful.Request, response *restful.Response) {
|
||||
nodename := request.PathParameter("nodename")
|
||||
|
||||
user, _ := requestctx.UserFrom(request.Request.Context())
|
||||
|
||||
createPodsExec := authorizer.AttributesRecord{
|
||||
User: user,
|
||||
Verb: "create",
|
||||
Resource: "pods",
|
||||
Subresource: "exec",
|
||||
Namespace: "kubesphere-controls-system",
|
||||
ResourceRequest: true,
|
||||
ResourceScope: requestctx.NamespaceScope,
|
||||
}
|
||||
|
||||
decision, reason, err := t.authorizer.Authorize(createPodsExec)
|
||||
if err != nil {
|
||||
api.HandleInternalError(response, request, err)
|
||||
return
|
||||
}
|
||||
|
||||
if decision != authorizer.DecisionAllow {
|
||||
api.HandleForbidden(response, request, errors.New(reason))
|
||||
return
|
||||
}
|
||||
|
||||
conn, err := upgrader.Upgrade(response.ResponseWriter, request.Request, nil)
|
||||
if err != nil {
|
||||
klog.Warning(err)
|
||||
return
|
||||
}
|
||||
|
||||
t.terminaler.HandleShellAccessToNode(nodename, conn)
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/models"
|
||||
"kubesphere.io/kubesphere/pkg/models/terminal"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -36,11 +37,11 @@ const (
|
||||
|
||||
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
|
||||
|
||||
func AddToContainer(c *restful.Container, client kubernetes.Interface, authorizer authorizer.Authorizer, config *rest.Config) error {
|
||||
func AddToContainer(c *restful.Container, client kubernetes.Interface, authorizer authorizer.Authorizer, config *rest.Config, options *terminal.Options) error {
|
||||
|
||||
webservice := runtime.NewWebService(GroupVersion)
|
||||
|
||||
handler := newTerminalHandler(client, authorizer, config)
|
||||
handler := newTerminalHandler(client, authorizer, config, options)
|
||||
|
||||
webservice.Route(webservice.GET("/namespaces/{namespace}/pods/{pod}/exec").
|
||||
To(handler.handleTerminalSession).
|
||||
@@ -50,6 +51,14 @@ func AddToContainer(c *restful.Container, client kubernetes.Interface, authorize
|
||||
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TerminalTag}).
|
||||
Writes(models.PodInfo{}))
|
||||
|
||||
//Add new Route to support shell access to the node
|
||||
webservice.Route(webservice.GET("/nodes/{nodename}/exec").
|
||||
To(handler.handleShellAccessToNode).
|
||||
Param(webservice.PathParameter("nodename", "name of cluster node")).
|
||||
Doc("create shell access to node session").
|
||||
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TerminalTag}).
|
||||
Writes(models.PodInfo{}))
|
||||
|
||||
c.Add(webservice)
|
||||
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user