bump CertificateSigningRequest version from v1beta1 to v1
Signed-off-by: yuswift <yuswift2018@gmail.com>
This commit is contained in:
yuswift
@@ -155,7 +155,7 @@ func addControllers(
|
||||
authenticationOptions.LoginHistoryMaximumEntries)
|
||||
|
||||
csrController := certificatesigningrequest.NewController(client.Kubernetes(),
|
||||
kubernetesInformer.Certificates().V1beta1().CertificateSigningRequests(),
|
||||
kubernetesInformer.Certificates().V1().CertificateSigningRequests(),
|
||||
kubernetesInformer.Core().V1().ConfigMaps(), client.Config())
|
||||
|
||||
clusterRoleBindingController := clusterrolebinding.NewController(client.Kubernetes(),
|
||||
|
||||
@@ -21,18 +21,18 @@ import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
||||
certificatesv1 "k8s.io/api/certificates/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
certificatesinformers "k8s.io/client-go/informers/certificates/v1beta1"
|
||||
certificatesinformers "k8s.io/client-go/informers/certificates/v1"
|
||||
corev1informers "k8s.io/client-go/informers/core/v1"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/scheme"
|
||||
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
certificateslisters "k8s.io/client-go/listers/certificates/v1beta1"
|
||||
certificateslisters "k8s.io/client-go/listers/certificates/v1"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/client-go/tools/record"
|
||||
@@ -244,13 +244,13 @@ func (c *Controller) Start(ctx context.Context) error {
|
||||
return c.Run(4, ctx.Done())
|
||||
}
|
||||
|
||||
func (c *Controller) Approve(csr *certificatesv1beta1.CertificateSigningRequest) error {
|
||||
func (c *Controller) Approve(csr *certificatesv1.CertificateSigningRequest) error {
|
||||
// is approved
|
||||
if len(csr.Status.Certificate) > 0 {
|
||||
return nil
|
||||
}
|
||||
csr.Status = certificatesv1beta1.CertificateSigningRequestStatus{
|
||||
Conditions: []certificatesv1beta1.CertificateSigningRequestCondition{{
|
||||
csr.Status = certificatesv1.CertificateSigningRequestStatus{
|
||||
Conditions: []certificatesv1.CertificateSigningRequestCondition{{
|
||||
Type: "Approved",
|
||||
Reason: "KubeSphereApprove",
|
||||
Message: "This CSR was approved by KubeSphere",
|
||||
@@ -261,7 +261,7 @@ func (c *Controller) Approve(csr *certificatesv1beta1.CertificateSigningRequest)
|
||||
}
|
||||
|
||||
// approve csr
|
||||
csr, err := c.k8sclient.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(context.Background(), csr, metav1.UpdateOptions{})
|
||||
csr, err := c.k8sclient.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.Background(), csr.Name, csr, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
return err
|
||||
@@ -270,7 +270,7 @@ func (c *Controller) Approve(csr *certificatesv1beta1.CertificateSigningRequest)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Controller) UpdateKubeconfig(csr *certificatesv1beta1.CertificateSigningRequest) error {
|
||||
func (c *Controller) UpdateKubeconfig(csr *certificatesv1.CertificateSigningRequest) error {
|
||||
username := csr.Labels[constants.UsernameLabelKey]
|
||||
err := c.kubeconfigOperator.UpdateKubeconfig(username, csr)
|
||||
if err != nil {
|
||||
|
||||
@@ -26,7 +26,7 @@ import (
|
||||
"io/ioutil"
|
||||
"time"
|
||||
|
||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
||||
certificatesv1 "k8s.io/api/certificates/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
@@ -63,7 +63,7 @@ const (
|
||||
type Interface interface {
|
||||
GetKubeConfig(username string) (string, error)
|
||||
CreateKubeConfig(user *iamv1alpha2.User) error
|
||||
UpdateKubeconfig(username string, csr *certificatesv1beta1.CertificateSigningRequest) error
|
||||
UpdateKubeconfig(username string, csr *certificatesv1.CertificateSigningRequest) error
|
||||
}
|
||||
|
||||
type operator struct {
|
||||
@@ -236,7 +236,7 @@ func (o *operator) createCSR(username string) error {
|
||||
csr := csrBuffer.Bytes()
|
||||
key := keyBuffer.Bytes()
|
||||
csrName := fmt.Sprintf("%s-csr-%d", username, time.Now().Unix())
|
||||
k8sCSR := &certificatesv1beta1.CertificateSigningRequest{
|
||||
k8sCSR := &certificatesv1.CertificateSigningRequest{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
Kind: "CertificateSigningRequest",
|
||||
APIVersion: "certificates.k8s.io/v1beta1",
|
||||
@@ -246,16 +246,16 @@ func (o *operator) createCSR(username string) error {
|
||||
Labels: map[string]string{constants.UsernameLabelKey: username},
|
||||
Annotations: map[string]string{privateKeyAnnotation: string(key)},
|
||||
},
|
||||
Spec: certificatesv1beta1.CertificateSigningRequestSpec{
|
||||
Spec: certificatesv1.CertificateSigningRequestSpec{
|
||||
Request: csr,
|
||||
Usages: []certificatesv1beta1.KeyUsage{certificatesv1beta1.UsageKeyEncipherment, certificatesv1beta1.UsageClientAuth, certificatesv1beta1.UsageDigitalSignature},
|
||||
Usages: []certificatesv1.KeyUsage{certificatesv1.UsageKeyEncipherment, certificatesv1.UsageClientAuth, certificatesv1.UsageDigitalSignature},
|
||||
Username: username,
|
||||
Groups: []string{user.AllAuthenticated},
|
||||
},
|
||||
}
|
||||
|
||||
// create csr
|
||||
if _, err = o.k8sClient.CertificatesV1beta1().CertificateSigningRequests().Create(context.Background(), k8sCSR, metav1.CreateOptions{}); err != nil {
|
||||
if _, err = o.k8sClient.CertificatesV1().CertificateSigningRequests().Create(context.Background(), k8sCSR, metav1.CreateOptions{}); err != nil {
|
||||
klog.Errorln(err)
|
||||
return err
|
||||
}
|
||||
@@ -264,7 +264,7 @@ func (o *operator) createCSR(username string) error {
|
||||
}
|
||||
|
||||
// Update client key and client certificate after CertificateSigningRequest has been approved
|
||||
func (o *operator) UpdateKubeconfig(username string, csr *certificatesv1beta1.CertificateSigningRequest) error {
|
||||
func (o *operator) UpdateKubeconfig(username string, csr *certificatesv1.CertificateSigningRequest) error {
|
||||
configName := fmt.Sprintf(kubeconfigNameFormat, username)
|
||||
configMap, err := o.k8sClient.CoreV1().ConfigMaps(constants.KubeSphereControlNamespace).Get(context.Background(), configName, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
@@ -281,7 +281,7 @@ func (o *operator) UpdateKubeconfig(username string, csr *certificatesv1beta1.Ce
|
||||
return nil
|
||||
}
|
||||
|
||||
func applyCert(cm *corev1.ConfigMap, csr *certificatesv1beta1.CertificateSigningRequest) *corev1.ConfigMap {
|
||||
func applyCert(cm *corev1.ConfigMap, csr *certificatesv1.CertificateSigningRequest) *corev1.ConfigMap {
|
||||
data := []byte(cm.Data[kubeconfigFileName])
|
||||
kubeconfig, err := clientcmd.Load(data)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user