admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automatically create kubeconfig

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-04-25 10:29:57 +08:00
committed by zryfish
parent da0ca36d1a
commit ece9049836
23 changed files with 123 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/models/iam/am.go
View File

@@ -30,7 +30,6 @@ import (
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models"
"kubesphere.io/kubesphere/pkg/models/iam/policy"
"kubesphere.io/kubesphere/pkg/models/kubeconfig"
"kubesphere.io/kubesphere/pkg/models/kubectl"
"kubesphere.io/kubesphere/pkg/models/resources"
"kubesphere.io/kubesphere/pkg/params"
@@ -39,6 +38,7 @@ import (
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
"sort"
"strings"
"time"
)
const (
@@ -643,9 +643,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
glog.Errorln("create cluster role binding", err)
return err
}
if err := kubeconfig.CreateKubeConfig(username); err != nil {
glog.Errorln("create user kubeconfig failed", username, err)
}
if clusterRoleName == constants.ClusterAdmin {
if err := kubectl.CreateKubectlDeploy(username); err != nil {
glog.Errorln("create user terminal pod failed", username, err)
@@ -667,17 +664,21 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
return err
}
if found.RoleRef.Name == constants.ClusterAdmin {
if err := kubeconfig.DelKubeConfig(username); err != nil {
glog.Error("delete user kubeconfig failed", username, err)
}
if err := kubectl.DelKubectlDeploy(username); err != nil {
glog.Error("delete user terminal pod failed", username, err)
}
}
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
if err != nil {
glog.Errorln("create cluster role binding", err)
return err
maxRetries := 3
for i := 0; i < maxRetries; i++ {
_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
if apierrors.IsAlreadyExists(err) {
time.Sleep(300 * time.Millisecond)
continue
}
if err != nil {
glog.Errorln("create cluster role binding", err)
return err
}
}
return nil
}

24
pkg/models/iam/im.go
View File

@@ -24,6 +24,8 @@ import (
"io/ioutil"
"kubesphere.io/kubesphere/pkg/constants"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/kubeconfig"
"kubesphere.io/kubesphere/pkg/models/kubectl"
"kubesphere.io/kubesphere/pkg/params"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/redis"
@@ -499,16 +501,24 @@ func DeleteUser(username string) error {
deleteRequest := ldap.NewDelRequest(fmt.Sprintf("uid=%s,%s", username, ldapclient.UserSearchBase), nil)
err = conn.Del(deleteRequest)
if err != nil {
if err = conn.Del(deleteRequest); err != nil {
glog.Errorln("delete user", err)
return err
}
err = deleteRoleBindings(username)
if err = deleteRoleBindings(username); err != nil {
glog.Errorln("delete user role bindings failed", username, err)
}
return err
if err := kubeconfig.DelKubeConfig(username); err != nil {
glog.Errorln("delete user kubeconfig failed", username, err)
}
if err := kubectl.DelKubectlDeploy(username); err != nil {
glog.Errorln("delete user terminal pod failed", username, err)
}
return nil
}
func deleteRoleBindings(username string) error {
@@ -686,6 +696,10 @@ func CreateUser(user *models.User) (*models.User, error) {
setAvatar(user.Username, user.AvatarUrl)
}
if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
glog.Errorln("create user kubeconfig failed", user.Username, err)
}
if user.ClusterRole != "" {
err := CreateClusterRoleBinding(user.Username, user.ClusterRole)