admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: recreate kubectl pod

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-07-06 21:13:25 +08:00
committed by zryfish
parent a5a46517bc
commit d2452c97e8
2 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/models/iam/am.go
View File

@@ -628,6 +628,18 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
return err
}
// create kubectl pod if cluster role is cluster-admin
if clusterRoleName == constants.ClusterAdmin {
if err := kubectl.CreateKubectlDeploy(username); err != nil {
glog.Error("create user terminal pod failed", username, err)
}
// delete kubectl pod if cluster role is not cluster-admin, whether it exists or not
} else {
if err := kubectl.DelKubectlDeploy(username); err != nil {
glog.Error("delete user terminal pod failed", username, err)
}
}
clusterRoleBinding := &rbacv1.ClusterRoleBinding{}
clusterRoleBinding.Name = username
clusterRoleBinding.RoleRef = rbacv1.RoleRef{Name: clusterRoleName, Kind: ClusterRoleKind}
@@ -657,11 +669,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
glog.Errorln("delete cluster role binding", err)
return err
}
if found.RoleRef.Name == constants.ClusterAdmin {
if err := kubectl.DelKubectlDeploy(username); err != nil {
glog.Error("delete user terminal pod failed", username, err)
}
}
maxRetries := 3
for i := 0; i < maxRetries; i++ {
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
@@ -674,12 +681,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
return err
}
if clusterRoleName == constants.ClusterAdmin {
if err := kubectl.CreateKubectlDeploy(username); err != nil {
glog.Errorln("create user terminal pod failed", username, err)
}
}
if !k8sutil.ContainsUser(found.Subjects, username) {
found.Subjects = clusterRoleBinding.Subjects
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Update(found)

9
pkg/models/iam/im.go
View File

@@ -786,6 +786,11 @@ func CreateUser(user *models.User) (*models.User, error) {
userCreateRequest.Attribute("description", []string{user.Description}) // RFC4519: descriptive information
}
if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
glog.Errorln("create user kubeconfig failed", user.Username, err)
return nil, err
}
err = conn.Add(userCreateRequest)
if err != nil {
@@ -797,10 +802,6 @@ func CreateUser(user *models.User) (*models.User, error) {
setAvatar(user.Username, user.AvatarUrl)
}
if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
glog.Errorln("create user kubeconfig failed", user.Username, err)
}
if user.ClusterRole != "" {
err := CreateClusterRoleBinding(user.Username, user.ClusterRole)