支持使用Token方式访问K8S

README.md

@@ -180,7 +180,5 @@ __AtomCI__ 因你而变。
 |`ldap::baseDN`| OU=Xxx,DC=xx,DC=com | |
 | JWT 配置 <br/>|
 |`jwt::secret`| changemeforsecurity |　jwt的加密使用的字段，建议修改 |
-| K8s配置　<br/> |
-|`k8s::configPath`| ./conf/k8sconfig | k8s 配置文件存放路径，不建议修改|
 |<br/>|
 |`atomci::url`| http://localhost:8080 | AtomCI 回调地址　|

cmd/atomci/main.go

@@ -24,15 +24,11 @@ import (
 
 	"github.com/go-atomci/atomci/internal/cronjob"
 	_ "github.com/go-atomci/atomci/internal/initialize"
+	_ "github.com/go-atomci/atomci/internal/migrations"
 	_ "github.com/go-atomci/atomci/internal/models"
 	"github.com/go-atomci/atomci/internal/routers"
-	"github.com/go-atomci/atomci/pkg/kube"
 )
 
-func init() {
-	kube.Init()
-}
-
 func main() {
 	cronjob.RunPublishJobServer()
 	beego.Info("Beego version:", beego.VERSION)

conf/app.conf

@@ -36,9 +36,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity
 
-[k8s]
-configPath = ./conf/k8sconfig
-
 # build/deploy callback 
 [atomci]
 url = http://localhost:8080

conf/app.conf.template

@@ -40,10 +40,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity
 
-[k8s]
-# k8s相关配置文件默认保存地址，一般请不要修改
-configPath = ./conf/k8sconfig
-
 [atomci]
 # atomci后端服务地址，用于k8s/jenkins进行回调，因此请确保地址是可以被k8s集群(jenkins agent)访问到
 url = http://localhost:8080

deploy/docker-compose/conf/app.conf

@@ -36,9 +36,6 @@ baseDN = OU=Xxx,DC=xx,DC=com
 [jwt]
 secret = changemeforsecurity
 
-[k8s]
-configPath = ./conf/k8sconfig
-
 # build/deploy callback 
 [atomci]
 url = http://localhost:8080

internal/api/terminal.go

@@ -18,14 +18,9 @@ package api
 
 import (
 	"fmt"
-	"path"
-
 	"github.com/go-atomci/atomci/internal/core/podexec"
 	"github.com/go-atomci/atomci/internal/middleware/log"
 	"github.com/go-atomci/atomci/pkg/kube"
-
-	"github.com/astaxie/beego"
-	"k8s.io/client-go/tools/clientcmd"
 )
 
 type TerminalController struct {
@@ -57,7 +52,7 @@ func (t *TerminalController) PodTerminal() {
 		_ = pty.Close()
 	}()
 
-	kubeCli, err := kube.GetClientset(cluster)
+	kubeCli, cfg, err := kube.GetClientset(cluster)
 	if err != nil {
 		msg := fmt.Sprintf("get kubecli err :%v", err)
 		log.Log.Error(msg)
@@ -79,14 +74,6 @@ func (t *TerminalController) PodTerminal() {
 		return
 	}
 
-	configFile := path.Join(beego.AppConfig.String("k8s::configPath"), cluster)
-	cfg, err := clientcmd.BuildConfigFromFlags("", configFile)
-	if err != nil {
-		msg := fmt.Sprintf("build config occur error: %s", err.Error())
-		log.Log.Error(msg)
-		t.HandleInternalServerError(msg)
-		return
-	}
 	err = podexec.ExecPod(kubeCli, cfg, []string{"/bin/sh"}, pty, namespace, podName, containerName)
 	if err != nil {
 		msg := fmt.Sprintf("Exec to pod error! err: %v", err)

internal/core/kuberes/application.go

@@ -144,7 +144,7 @@ func NewAppRes(cluster string, envID, projectID int64) (*AppRes, error) {
 			ProjectID: projectID,
 		}, nil
 	}
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		if cluster != "" {
 			return nil, errors.NewInternalServerError().SetCause(err)
@@ -486,7 +486,7 @@ func (ar *AppRes) SetLabels(namespace, name string, labels map[string]string) er
 }
 
 func CreateK8sNamespace(cluster, namespace string) error {
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		return err
 	}
@@ -505,7 +505,7 @@ func CreateK8sNamespace(cluster, namespace string) error {
 }
 
 func CreateRegistrySecret(cluster, namespace string, envID int64) error {
-	client, err := kube.GetClientset(cluster)
+	client, _, err := kube.GetClientset(cluster)
 	if err != nil {
 		log.Log.Warning(fmt.Sprintf("create registry secret failed: %v", err.Error()))
 		return err

internal/core/settings/settings.go

@@ -19,8 +19,7 @@ package settings
 import (
 	"encoding/json"
 	"fmt"
-	"io"
-	"os"
+	"k8s.io/client-go/rest"
 	"strings"
 	"time"
 
@@ -30,7 +29,6 @@ import (
 	"github.com/go-atomci/atomci/utils/query"
 	"github.com/go-atomci/atomci/utils/validate"
 
-	"github.com/astaxie/beego"
 	"github.com/go-atomci/workflow/jenkins"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@@ -69,6 +67,9 @@ const (
 	KubernetesType = "kubernetes"
 	RegistryType   = "registry"
 	JenkinsType    = "jenkins"
+
+	KubernetesConfig = "kubernetesConfig"
+	KubernetesToken  = "kubernetesToken"
 )
 
 type Config struct{}
@@ -81,6 +82,7 @@ type BaseConfig struct {
 type KubeConfig struct {
 	URL  string `json:"url,omitempty"`
 	Conf string `json:"conf,omitempty"`
+	Type string `json:"type,omitempty"`
 }
 type RegistryConfig struct {
 	BaseConfig
@@ -169,6 +171,16 @@ func (pm *SettingManager) GetIntegrateSettingByID(id int64) (*IntegrateSettingRe
 	return formatSignalIntegrateSetting(integrateSetting, config), err
 }
 
+func (pm *SettingManager) GetIntegrateSettingByName(name string, integrateType string) (*IntegrateSettingResponse, error) {
+	integrateSetting, err := pm.model.GetIntegrateSettingByName(name, integrateType)
+	if err != nil {
+		log.Log.Error("when GetIntegrateSettingByName, get GetIntegrateSettingByName occur error: %s", err.Error())
+		return nil, err
+	}
+	config := &Config{}
+	return formatSignalIntegrateSetting(integrateSetting, config), err
+}
+
 // GetIntegrateSettingsByPagination ..
 func (pm *SettingManager) GetIntegrateSettingsByPagination(filter *query.FilterQuery, intergrateTypes []string) (*query.QueryResult, error) {
 	queryResult, settingsList, err := pm.model.GetIntegrateSettingsByPagination(filter, intergrateTypes)
@@ -208,40 +220,10 @@ func (pm *SettingManager) UpdateIntegrateSetting(request *IntegrateSettingReq, s
 		log.Log.Error("json marshal error: %s", err.Error())
 		return err
 	}
-	//stageModel.Config = config
-	stageModel.CryptoConfig(config)
-	if request.Type == KubernetesType {
-		kube := &KubeConfig{}
-		err := json.Unmarshal([]byte(config), kube)
-		if err == nil {
-			pm.createOrupateKubernetesConfig(request.Name, kube.Conf)
-		} else {
-			log.Log.Error("kuber conf format error:  %v", err.Error())
-		}
-	}
-	return pm.model.UpdateIntegrateSetting(stageModel)
-}
 
-func (pm *SettingManager) createOrupateKubernetesConfig(clusterName, config string) error {
-	configPath := beego.AppConfig.String("k8s::configPath")
+	stageModel.CryptoConfig(config)
 
-	log.Log.Debug("configPath: %v", configPath)
-	err := os.MkdirAll(configPath, 0766)
-	if err != nil {
-		log.Log.Error(fmt.Sprintf("Failed to make the k8sconfig dir: %v", err.Error()))
-		return err
-	}
-	fileObj, err := os.OpenFile(configPath+"/"+clusterName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
-	if err != nil {
-		log.Log.Error(fmt.Sprintf("Failed to open the file: %v", err.Error()))
-		return err
-	}
-	if _, err := io.WriteString(fileObj, config); err != nil {
-		log.Log.Error(fmt.Sprintf("init K8S cluster %v configure failed: %v", clusterName, err.Error()))
-		return err
-	}
-	log.Log.Debug(fmt.Sprintf("update K8S cluster %v configure successfully", clusterName))
-	return nil
+	return pm.model.UpdateIntegrateSetting(stageModel)
 }
 
 // VerifyIntegrateSetting ..
@@ -258,16 +240,30 @@ func (pm *SettingManager) VerifyIntegrateSetting(request *IntegrateSettingReq) V
 	case KubernetesType:
 		kube := &KubeConfig{}
 		err := json.Unmarshal([]byte(config), kube)
+		if kube.Type == "" {
+			kube.Type = KubernetesConfig
+		}
 		if err != nil {
 			log.Log.Error("kuber conf format error:  %v", err.Error())
 			resp.Error = err
 			return resp
 		}
-		k8sconf, err := clientcmd.RESTConfigFromKubeConfig([]byte(kube.Conf))
-		if err != nil {
-			resp.Error = err
-			return resp
+		var k8sconf *rest.Config
+		switch kube.Type {
+		case KubernetesConfig:
+			k8sconf, err = clientcmd.RESTConfigFromKubeConfig([]byte(kube.Conf))
+			if err != nil {
+				resp.Error = err
+				return resp
+			}
+		case KubernetesToken:
+			k8sconf = &rest.Config{
+				BearerToken:     kube.Conf,
+				TLSClientConfig: rest.TLSClientConfig{Insecure: true},
+				Host:            kube.URL,
+			}
 		}
+
 		clientset, err := kubernetes.NewForConfig(k8sconf)
 		if err != nil {
 			resp.Error = err
@@ -352,21 +348,6 @@ func (pm *SettingManager) CreateIntegrateSetting(request *IntegrateSettingReq, c
 
 	newIntegrateSetting.CryptoConfig(config)
 
-	if request.Type == KubernetesType {
-		kube := &KubeConfig{}
-		err := json.Unmarshal([]byte(config), kube)
-		if err != nil {
-			msg := fmt.Sprintf("kuber conf format error:  %v", err.Error())
-			log.Log.Error(msg)
-			return fmt.Errorf(msg)
-		}
-
-		if err := pm.createOrupateKubernetesConfig(request.Name, kube.Conf); err != nil {
-			log.Log.Error("create or update k8s config file error: %s", err.Error())
-		} else {
-			log.Log.Debug("create or update k8s config file success.")
-		}
-	}
 	return pm.model.CreateIntegrateSetting(newIntegrateSetting)
 }
 

internal/dao/integrate_settings.go

@@ -49,9 +49,18 @@ func (model *SysSettingModel) GetIntegrateSettingByID(integrateSettingID int64)
 	return &integrateSetting, nil
 }
 
+func (model *SysSettingModel) GetIntegrateSettingByName(name string, integrateType string) (*models.IntegrateSetting, error) {
+	integrateSetting := models.IntegrateSetting{}
+	qs := model.ormer.QueryTable(model.IntegrateSettingTableName).Filter("deleted", false)
+	if err := qs.Filter("name", name).Filter("type", integrateType).One(&integrateSetting); err != nil {
+		return nil, err
+	}
+	return &integrateSetting, nil
+}
+
 // GetIntegrateSettings ...
 func (model *SysSettingModel) GetIntegrateSettings(integrateTypes []string) ([]*models.IntegrateSetting, error) {
-	integrateSettings := []*models.IntegrateSetting{}
+	var integrateSettings []*models.IntegrateSetting
 	qs := model.ormer.QueryTable(model.IntegrateSettingTableName).Filter("deleted", false)
 	if len(integrateTypes) > 0 {
 		qs = qs.Filter("type__in", integrateTypes)

internal/migrations/migration20220324.go

@@ -0,0 +1,35 @@
+package migrations
+
+import (
+	"github.com/astaxie/beego/orm"
+	"github.com/go-atomci/atomci/internal/core/settings"
+	"time"
+)
+
+type Migration20220324 struct {
+}
+
+func (m Migration20220324) GetCreateAt() time.Time {
+	return time.Date(2022, 3, 24, 0, 0, 0, 0, time.Local)
+}
+
+func (m Migration20220324) Upgrade(ormer orm.Ormer) error {
+	pm := settings.NewSettingManager()
+	k8sSettings, err := pm.GetIntegrateSettings([]string{"kubernetes"})
+	if err != nil {
+		return err
+	}
+	for _, setting := range k8sSettings {
+		req := &setting.IntegrateSettingReq
+		cfg := req.Config.(*settings.KubeConfig)
+		if cfg.Type == "" {
+			cfg.Type = settings.KubernetesConfig
+			cfg.URL = ""
+			err = pm.UpdateIntegrateSetting(req, setting.ID)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}

internal/migrations/migrations.go

@@ -2,6 +2,7 @@ package migrations
 
 import (
 	"github.com/astaxie/beego/orm"
+	"os"
 	"sort"
 	"time"
 )
@@ -29,11 +30,12 @@ func (t MigrationTypes) Swap(i, j int) {
 	t[i], t[j] = t[j], t[i]
 }
 
-// InitMigration db migration register
-func InitMigration() {
+// initMigration db migration register
+func initMigration() {
 	migrationTypes := MigrationTypes{
 		new(Migration20220101),
 		new(Migration20220309),
+		new(Migration20220324),
 	}
 
 	migrateInTx(migrationTypes)
@@ -95,3 +97,10 @@ func sureCreateTable(ormer orm.Ormer) {
 	)`
 	ormer.Raw(ddl).Exec()
 }
+
+func init() {
+	if len(os.Args) > 1 && os.Args[1][:5] == "-test" {
+		return
+	}
+	initMigration()
+}

internal/models/integrate.go

@@ -37,7 +37,6 @@ func (t *IntegrateSetting) TableName() string {
 }
 
 func (t *IntegrateSetting) CryptoConfig(raw string) {
-	t.crypto(raw)
 	t.Config = t.crypto(raw)
 }
 

internal/models/models.go

@@ -18,7 +18,6 @@ package models
 
 import (
 	"fmt"
-	"github.com/go-atomci/atomci/internal/migrations"
 	"os"
 	"time"
 
@@ -156,6 +155,5 @@ func init() {
 		return
 	}
 	initOrm()
-	migrations.InitMigration()
 	// orm.RunSyncdb("default", false, true)
 }