automatically create kubeconfig
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
@@ -96,6 +96,7 @@ func GetApp(clusterId string) (*Application, error) {
|
||||
item, err := openpitrix.GetCluster(clusterId)
|
||||
|
||||
if err != nil {
|
||||
glog.Error(err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
||||
@@ -30,7 +30,6 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/informers"
|
||||
"kubesphere.io/kubesphere/pkg/models"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam/policy"
|
||||
"kubesphere.io/kubesphere/pkg/models/kubeconfig"
|
||||
"kubesphere.io/kubesphere/pkg/models/kubectl"
|
||||
"kubesphere.io/kubesphere/pkg/models/resources"
|
||||
"kubesphere.io/kubesphere/pkg/params"
|
||||
@@ -39,6 +38,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
"sort"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -643,9 +643,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
|
||||
glog.Errorln("create cluster role binding", err)
|
||||
return err
|
||||
}
|
||||
if err := kubeconfig.CreateKubeConfig(username); err != nil {
|
||||
glog.Errorln("create user kubeconfig failed", username, err)
|
||||
}
|
||||
if clusterRoleName == constants.ClusterAdmin {
|
||||
if err := kubectl.CreateKubectlDeploy(username); err != nil {
|
||||
glog.Errorln("create user terminal pod failed", username, err)
|
||||
@@ -667,17 +664,21 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
|
||||
return err
|
||||
}
|
||||
if found.RoleRef.Name == constants.ClusterAdmin {
|
||||
if err := kubeconfig.DelKubeConfig(username); err != nil {
|
||||
glog.Error("delete user kubeconfig failed", username, err)
|
||||
}
|
||||
if err := kubectl.DelKubectlDeploy(username); err != nil {
|
||||
glog.Error("delete user terminal pod failed", username, err)
|
||||
}
|
||||
}
|
||||
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
|
||||
if err != nil {
|
||||
glog.Errorln("create cluster role binding", err)
|
||||
return err
|
||||
maxRetries := 3
|
||||
for i := 0; i < maxRetries; i++ {
|
||||
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
|
||||
if apierrors.IsAlreadyExists(err) {
|
||||
time.Sleep(300 * time.Millisecond)
|
||||
continue
|
||||
}
|
||||
if err != nil {
|
||||
glog.Errorln("create cluster role binding", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -24,6 +24,8 @@ import (
|
||||
"io/ioutil"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/informers"
|
||||
"kubesphere.io/kubesphere/pkg/models/kubeconfig"
|
||||
"kubesphere.io/kubesphere/pkg/models/kubectl"
|
||||
"kubesphere.io/kubesphere/pkg/params"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/redis"
|
||||
@@ -499,16 +501,24 @@ func DeleteUser(username string) error {
|
||||
|
||||
deleteRequest := ldap.NewDelRequest(fmt.Sprintf("uid=%s,%s", username, ldapclient.UserSearchBase), nil)
|
||||
|
||||
err = conn.Del(deleteRequest)
|
||||
|
||||
if err != nil {
|
||||
if err = conn.Del(deleteRequest); err != nil {
|
||||
glog.Errorln("delete user", err)
|
||||
return err
|
||||
}
|
||||
|
||||
err = deleteRoleBindings(username)
|
||||
if err = deleteRoleBindings(username); err != nil {
|
||||
glog.Errorln("delete user role bindings failed", username, err)
|
||||
}
|
||||
|
||||
return err
|
||||
if err := kubeconfig.DelKubeConfig(username); err != nil {
|
||||
glog.Errorln("delete user kubeconfig failed", username, err)
|
||||
}
|
||||
|
||||
if err := kubectl.DelKubectlDeploy(username); err != nil {
|
||||
glog.Errorln("delete user terminal pod failed", username, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteRoleBindings(username string) error {
|
||||
@@ -686,6 +696,10 @@ func CreateUser(user *models.User) (*models.User, error) {
|
||||
setAvatar(user.Username, user.AvatarUrl)
|
||||
}
|
||||
|
||||
if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
|
||||
glog.Errorln("create user kubeconfig failed", user.Username, err)
|
||||
}
|
||||
|
||||
if user.ClusterRole != "" {
|
||||
err := CreateClusterRoleBinding(user.Username, user.ClusterRole)
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/informers"
|
||||
"kubesphere.io/kubesphere/pkg/params"
|
||||
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
"sort"
|
||||
"strings"
|
||||
@@ -60,6 +61,14 @@ func (*jobSearcher) match(match map[string]string, item *batchv1.Job) bool {
|
||||
if jobStatus(item) != v {
|
||||
return false
|
||||
}
|
||||
case includeCronJob:
|
||||
if v == "false" && k8sutil.IsControlledBy(item.OwnerReferences, cronJobKind, "") {
|
||||
return false
|
||||
}
|
||||
case includeS2iRun:
|
||||
if v == "false" && k8sutil.IsControlledBy(item.OwnerReferences, s2iRunKind, "") {
|
||||
return false
|
||||
}
|
||||
case Name:
|
||||
names := strings.Split(v, "|")
|
||||
if !sliceutil.HasString(names, item.Name) {
|
||||
|
||||
@@ -68,6 +68,10 @@ const (
|
||||
annotation = "annotation"
|
||||
Keyword = "keyword"
|
||||
status = "status"
|
||||
includeCronJob = "includeCronJob"
|
||||
cronJobKind = "CronJob"
|
||||
s2iRunKind = "S2iRun"
|
||||
includeS2iRun = "includeS2iRun"
|
||||
running = "running"
|
||||
paused = "paused"
|
||||
updating = "updating"
|
||||
|
||||
Reference in New Issue
Block a user