15308555518/ kubekey
1
0
Fork 0
mirror of https://github.com/kubesphere/kubekey.git synced 2025-12-25 17:12:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: add secret option to auth-type.

This commit is contained in:
joyceliu 2023-07-03 17:31:23 +08:00
parent 4f989abe08
commit eb0868c017
6 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/v1beta1/auth_types.go
View File

@ -42,6 +42,12 @@ type Auth struct {
// +optional
PrivateKeyPath string `yaml:"privateKeyPath,omitempty" json:"privateKeyPath,omitempty"`
// Secret is the secret of the PrivateKey or Password for SSH authentication.It should in the same namespace as capkk.
// When Password is empty, replace it with data.password.
// When PrivateKey is empty, replace it with data.privateKey
// +optional
Secret string `yaml:"secret,omitempty" json:"secret,omitempty"`
// Timeout is the timeout for establish an SSH connection.
// +optional
Timeout *time.Duration `yaml:"timeout,omitempty" json:"timeout,omitempty"`

2
api/v1beta1/kkcluster_webhook.go
View File

@ -195,7 +195,7 @@ func validateLoadBalancer(loadBalancer *KKLoadBalancerSpec) []*field.Error {
func validateClusterNodes(nodes Nodes) []*field.Error {
var errs field.ErrorList
if nodes.Auth.Password == "" && nodes.Auth.PrivateKey == "" && nodes.Auth.PrivateKeyPath == "" {
if nodes.Auth.Password == "" && nodes.Auth.PrivateKey == "" && nodes.Auth.PrivateKeyPath == "" && nodes.Auth.Secret == "" {
errs = append(errs, field.Required(field.NewPath("spec", "nodes", "auth"), "password and privateKey can't both be empty"))
}

13
config/crd/bases/infrastructure.cluster.x-k8s.io_kkclusters.yaml
View File

@ -154,6 +154,12 @@ spec:
description: PrivateKeyFile is the path to the private key
for SSH authentication.
type: string
secret:
description: Secret is the secret of the PrivateKey or Password
for SSH authentication.It should in the same namespace as
capkk. When Password is empty, replace it with data.password.
When PrivateKey is empty, replace it with data.privateKey
type: string
timeout:
description: Timeout is the timeout for establish an SSH connection.
format: int64
@ -193,6 +199,13 @@ spec:
description: PrivateKeyFile is the path to the private
key for SSH authentication.
type: string
secret:
description: Secret is the secret of the PrivateKey
or Password for SSH authentication.It should in the
same namespace as capkk. When Password is empty, replace
it with data.password. When PrivateKey is empty, replace
it with data.privateKey
type: string
timeout:
description: Timeout is the timeout for establish an
SSH connection.

14
config/crd/bases/infrastructure.cluster.x-k8s.io_kkclustertemplates.yaml
View File

@ -175,6 +175,13 @@ spec:
description: PrivateKeyFile is the path to the private
key for SSH authentication.
type: string
secret:
description: Secret is the secret of the PrivateKey
or Password for SSH authentication.It should in
the same namespace as capkk. When Password is empty,
replace it with data.password. When PrivateKey is
empty, replace it with data.privateKey
type: string
timeout:
description: Timeout is the timeout for establish
an SSH connection.
@ -218,6 +225,13 @@ spec:
description: PrivateKeyFile is the path to the
private key for SSH authentication.
type: string
secret:
description: Secret is the secret of the PrivateKey
or Password for SSH authentication.It should
in the same namespace as capkk. When Password
is empty, replace it with data.password. When
PrivateKey is empty, replace it with data.privateKey
type: string
timeout:
description: Timeout is the timeout for establish
an SSH connection.

6
config/crd/bases/infrastructure.cluster.x-k8s.io_kkinstances.yaml
View File

@ -85,6 +85,12 @@ spec:
description: PrivateKeyFile is the path to the private key for
SSH authentication.
type: string
secret:
description: Secret is the secret of the PrivateKey or Password
for SSH authentication.It should in the same namespace as capkk.
When Password is empty, replace it with data.password. When
PrivateKey is empty, replace it with data.privateKey
type: string
timeout:
description: Timeout is the timeout for establish an SSH connection.
format: int64

15
controllers/kkinstance/kkinstance_controller.go
View File

@ -19,6 +19,8 @@ package kkinstance
import (
"context"
"fmt"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
"reflect"
"time"
@ -95,6 +97,19 @@ func (r *Reconciler) getSSHClient(scope *scope.InstanceScope) ssh.Interface {
if r.sshClientFactory != nil {
return r.sshClientFactory(scope)
}
if scope.KKInstance.Spec.Auth.Secret != "" {
secret := &corev1.Secret{}
ctx, cancel := context.WithTimeout(context.Background(), time.Second*15)
defer cancel()
if err := r.Get(ctx, types.NamespacedName{Namespace: scope.Cluster.Namespace, Name: scope.KKInstance.Spec.Auth.Secret}, secret); err == nil {
if scope.KKInstance.Spec.Auth.PrivateKey == "" { // replace PrivateKey by secret
scope.KKInstance.Spec.Auth.PrivateKey = string(secret.Data["privateKey"])
}
if scope.KKInstance.Spec.Auth.Password == "" { // replace password by secret
scope.KKInstance.Spec.Auth.Password = string(secret.Data["password"])
}
}
}
return ssh.NewClient(scope.KKInstance.Spec.Address, scope.KKInstance.Spec.Auth, &scope.Logger)
}