Skip to content

Secret管理 原创

1、功能

754fb27a71893b06634564ced6aee35a MD5

2、类型转换

2.1、实现类型转换

internal/pkg/k8s/secret/common.go 文件中新增 SecretCell,实现和 corev1.SecretCell 进行类型转换,如下:

go
package secret

import (
	corev1 "k8s.io/api/core/v1"
	"time"

	"github.com/joker-bai/hawkeye/internal/pkg/k8s/dataselect"
)

type SecretCell corev1.Secret

func (p SecretCell) GetCreation() time.Time {
	return p.CreationTimestamp.Time
}

func (p SecretCell) GetName() string {
	return p.Name
}

// toCells batchv1.Secret 类型 转换成 DataCell 类型
// @description: Secret类型转换成DataCell
func toCells(sts []corev1.Secret) []dataselect.DataCell {
	cells := make([]dataselect.DataCell, len(sts))
	for i := range sts {
		cells[i] = SecretCell(sts[i])
	}
	return cells
}

// fromCells DataCell 类型转换成 batchv1.Secret 类型
// @description: DataCell类型转换成Secret
func fromCells(cells []dataselect.DataCell) []corev1.Secret {
	ds := make([]corev1.Secret, len(cells))
	for i := range cells {
		ds[i] = corev1.Secret(cells[i].(SecretCell))
	}
	return ds
}

2.2、实现增删改查

(1)创建 internal/pkg/k8s/secret/create.go 文件,输入以下内容,用于创建 secret

go
package secret

import (
	"context"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"github.com/joker-bai/hawkeye/global"
	"github.com/joker-bai/hawkeye/internal/app/requests"
	"github.com/joker-bai/hawkeye/internal/pkg/k8s/common"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

const (
	DescriptionAnnotationKey = "description"
)

type DockerConfig struct {
	Auths map[string]AuthEntry `json:"auths"`
}

type AuthEntry struct {
	Username string `json:"username"`
	Password string `json:"password"`
	Auth     string `json:"auth"`
}

func CreateSecret(ing *requests.K8sSecretCreateRequest) error {
	annotations := map[string]string{}
	if ing.Description != nil {
		annotations[DescriptionAnnotationKey] = *ing.Description
	}

	labels := common.GetLabelsMap(ing.Labels)

	metadata := metav1.ObjectMeta{
		Annotations: annotations,
		Labels:      labels,
		Name:        ing.Name,
	}

	serv := &corev1.Secret{
		ObjectMeta: metadata,
		Data:       map[string][]byte{},
	}

	if ing.Type == "Opaque" {
		serv.Type = corev1.SecretTypeOpaque
		value := ing.Opaque.Value
		if ing.Opaque.IsBase64 {
			// 对值进行base64转码
			value = base64.StdEncoding.EncodeToString([]byte(value))
		}

		fmt.Println(ing.Opaque.Name, value, "===============")

		serv.Data[ing.Opaque.Name] = []byte(value)

	} else if ing.Type == "docker_registry" {
		// 生成docker config json
		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", ing.DockerRegistry.Username, ing.DockerRegistry.Password)))
		authEntry := AuthEntry{
			Username: ing.DockerRegistry.Username,
			Password: ing.DockerRegistry.Password,
			Auth:     auth,
		}

		dockerConfig := DockerConfig{
			Auths: map[string]AuthEntry{
				ing.DockerRegistry.Repo: authEntry,
			},
		}

		configJSON, err := json.Marshal(dockerConfig)
		if err != nil {
			return fmt.Errorf("生成配置问问你家失败: %s", err.Error())
		}

		// 创建 Secret
		serv.Type = corev1.SecretTypeDockercfg
		serv.Data[corev1.DockerConfigKey] = configJSON

	} else if ing.Type == "tls" {
		serv.Type = corev1.SecretTypeTLS
		serv.Data[corev1.TLSPrivateKeyKey] = []byte(ing.TLSInfo.Key)
		serv.Data[corev1.TLSCertKey] = []byte(ing.TLSInfo.Cert)
	} else {
		return fmt.Errorf("不支持的类型")
	}

	if _, err := global.K8S.CoreV1().Secrets(ing.Namespace).Create(context.TODO(), serv, metav1.CreateOptions{}); err != nil {
		return err
	}

	return nil
}

(2)在 internal/pkg/k8s/secret/delete.go 中创建以下内容,用户删除 secret

go
package secret

import (
	"context"
	"github.com/joker-bai/hawkeye/global"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func DeleteSecret(name, namespace string) error {
	return global.K8S.CoreV1().Secrets(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
}

(3)在 internal/pkg/k8s/secret/list.go 中创建以下内容,用于列出 secret 列表

go
package secret

import (
	"context"
	"github.com/joker-bai/hawkeye/global"
	"github.com/joker-bai/hawkeye/internal/pkg/k8s/dataselect"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func ListSecret(name, namespace string, page, limit int) ([]corev1.Secret, error) {
	global.Log.Info("获取ingress的列表")
	list, err := global.K8S.CoreV1().Secrets(namespace).List(context.TODO(), metav1.ListOptions{})
	if err != nil {
		return nil, err
	}

	// 做排序
	selector := dataselect.DataSelector{
		GenericDataList: toCells(list.Items),
		DataSelectQuery: &dataselect.DataSelectQuery{
			Filter: &dataselect.FilterQuery{
				Name: name,
			},
			Paginate: &dataselect.PaginateQuery{
				Limit: limit,
				Page:  page,
			},
		},
	}

	filted := selector.Filter()
	data := filted.Sort().Paginate()
	return fromCells(data.GenericDataList), nil
}

(4)在 internal/pkg/k8s/secret/update.go 中创建以下内容,用于更新 secret

go
package secret

import (
	"context"
	"encoding/json"
	"github.com/joker-bai/hawkeye/global"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func UpdateSecret(namespace, content string) error {
	var sts corev1.Secret
	if err := json.Unmarshal([]byte(content), &sts); err != nil {
		return err
	}

	if _, err := global.K8S.CoreV1().Secrets(namespace).Update(context.TODO(), &sts, metav1.UpdateOptions{}); err != nil {
		return err
	}

	return nil
}

(5)在 internal/pkg/k8s/secret/detail.go 中创建以下内容,用于获取 secret 详情

go
package secret

import (
	"context"
	"github.com/joker-bai/hawkeye/global"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func GetSecretDetail(name, namespace string) (*corev1.Secret, error) {
	sts, err := global.K8S.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{})
	if err != nil {
		return nil, err
	}
	return sts, nil
}

3、实现 services 方法

3.1、请求参数校验

internal/app/requests 目录中新建 k8s_secret.go 文件,写入以下内容以完成请求参数校验:

go
package requests

import (
	"github.com/gin-gonic/gin"
	"github.com/joker-bai/hawkeye/pkg/app"
	"github.com/thedevsaddam/govalidator"
)

type K8sSecretCreateRequest struct {
	Name           string         `json:"name" form:"name" valid:"name"`                      // Secret的名字
	Namespace      string         `json:"namespace" form:"namespace" valid:"namespace"`       // 名称空间
	Description    *string        `json:"description" form:"description" valid:"description"` // 描述
	Labels         []Label        `json:"labels" form:"labels" valid:"labels"`                // 关联标签
	Type           string         `json:"type" form:"type" valid:"type"`                      // 类型
	Opaque         Opaque         `json:"opaque" valid:"opaque"`                              // 类型为Opaque的信息
	DockerRegistry DockerRegistry `json:"docker_registry" valid:"docker_registry"`            // 类型为docker-registry的信息
	TLSInfo        TLSInfo        `json:"tls_info" valid:"tls_info"`                          // 类型为tls的信息
}

type Opaque struct {
	Name     string `json:"name" valid:"name"`           // 名称
	Value    string `json:"value" valid:"value"`         // 值
	IsBase64 bool   `json:"is_base64" valid:"is_base64"` // 是否对数据进行Base64编码
}

type DockerRegistry struct {
	Repo     string `json:"repo" valid:"repo"`         // 镜像仓库地址
	Username string `json:"username" valid:"username"` // 用户名
	Password string `json:"password" valid:"password"` // 密码
}

type TLSInfo struct {
	Cert string `json:"cert" valid:"cert"`
	Key  string `json:"key" valid:"key"`
}

func ValidK8sSecretCreateRequest(data interface{}, ctx *gin.Context) map[string][]string {
	rules := govalidator.MapData{
		"name":      []string{"required"},
		"namespace": []string{"required"},
		"type":      []string{"required"},
	}

	messages := govalidator.MapData{
		"namespace": []string{
			"required: namespace不能为空",
		},
		"name": []string{
			"required: name不能为空",
		},
		"type": []string{
			"required: type不能为空",
		},
	}

	return app.ValidateOptions(data, rules, messages)
}

type K8sSecretUpdateRequest struct {
	Namespace string `json:"namespace" form:"namespace" valid:"namespace"`
	Content   string `json:"content" form:"content" valid:"content"`
}

func ValidK8sSecretUpdateRequest(data interface{}, ctx *gin.Context) map[string][]string {
	rules := govalidator.MapData{
		"namespace": []string{"required"},
		"content":   []string{"required"},
	}
	messages := govalidator.MapData{
		"namespace": []string{
			"required: namespace 不能为空",
		},
		"content": []string{
			"required: content 不能为空",
		},
	}

	// 校验入参

	return app.ValidateOptions(data, rules, messages)
}

type K8sSecretListRequest struct {
	K8sCommonRequest
	Page  int `json:"page" form:"page" valid:"page"`    // 页数
	Limit int `json:"limit" form:"limit" valid:"limit"` // 每页条数
}

func ValidK8sSecretListRequest(data interface{}, ctx *gin.Context) map[string][]string {
	rules := govalidator.MapData{
		"namespace": []string{"required"},
		"page":      []string{"required"},
		"limit":     []string{"required"},
	}
	messages := govalidator.MapData{
		"namespace": []string{
			"required: namespace不能为空",
		},
		"page": []string{
			"required: page不能为空",
		},
		"limit": []string{
			"required: limit不能为空",
		},
	}

	// 校验入参

	return app.ValidateOptions(data, rules, messages)
}

3.2、实现 services 方法

internal/app/services/k8s_secret.go 文件中新增 Secret操作的 services 方法,如下:

go
package services

import (
	"github.com/joker-bai/hawkeye/internal/app/requests"
	"github.com/joker-bai/hawkeye/internal/pkg/k8s/secret"
	corev1 "k8s.io/api/core/v1"
)

// Secret

func (s *Services) K8sSecretList(param *requests.K8sSecretListRequest) ([]corev1.Secret, error) {
	return secret.ListSecret(param.Name, param.Namespace, param.Page, param.Limit)
}

func (s *Services) K8sSecretDelete(param *requests.K8sCommonRequest) error {
	return secret.DeleteSecret(param.Name, param.Namespace)
}

func (s *Services) K8sSecretUpdate(param *requests.K8sSecretUpdateRequest) error {
	return secret.UpdateSecret(param.Namespace, param.Content)
}

func (s *Services) K8sSecretCreate(param *requests.K8sSecretCreateRequest) error {
	return secret.CreateSecret(param)
}

func (s *Services) K8sSecretDetail(param *requests.K8sCommonRequest) (*corev1.Secret, error) {
	return secret.GetSecretDetail(param.Name, param.Namespace)
}

4、新增 controllers 方法

在 internal/app/controllers/api/v1/k8s 目录中新增 secret.go 文件,实现如下方法:

go
package k8s

import (
	"github.com/gin-gonic/gin"
	"github.com/joker-bai/hawkeye/global"
	"github.com/joker-bai/hawkeye/internal/app/requests"
	"github.com/joker-bai/hawkeye/internal/app/services"
	"github.com/joker-bai/hawkeye/pkg/app"
	"github.com/joker-bai/hawkeye/pkg/errorcode"
	"go.uber.org/zap"
)

type SecretController struct{}

// List godoc
// @Summary 列出K8s Secret
// @Description 列出K8s Secret
// @Tags K8s Secret管理
// @Produce json
// @Param name query string false "Secret名" maxlength(100)
// @Param namespace query string false "命名空间" maxlength(100)
// @Param page query int true "页码"
// @Param limit query int true "每页数量"
// @Success 200 {object} string "成功"
// @Failure 400 {object} errorcode.Error "请求错误"
// @Failure 500 {object} errorcode.Error "内部错误"
// @Router /api/v1/k8s/secret/list [get]
func (k *SecretController) List(ctx *gin.Context) {
	param := requests.K8sSecretListRequest{}
	response := app.NewResponse(ctx)

	if ok := app.Validate(ctx, &param, requests.ValidK8sSecretListRequest); !ok {
		return
	}

	svc := services.New(ctx)
	secrets, err := svc.K8sSecretList(&param)
	if err != nil {
		global.Log.Error("获取Secret列表失败", zap.String("error", err.Error()))
		response.ToErrorResponse(errorcode.ErrorK8sSecretListFail)
		return
	}

	response.ToResponseList(secrets, len(secrets))
}

// Update godoc
// @Summary 更新Secret
// @Description 更新Secret
// @Tags K8s Secret管理
// @Produce json
// @Param body body requests.K8sSecretUpdateRequest true "body"
// @Success 200 {object} string "成功"
// @Failure 400 {object} errorcode.Error "请求错误"
// @Failure 500 {object} errorcode.Error "内部错误"
// @Router /api/v1/k8s/secret/update [post]
func (k *SecretController) Update(ctx *gin.Context) {
	param := requests.K8sSecretUpdateRequest{}
	response := app.NewResponse(ctx)

	if ok := app.Validate(ctx, &param, requests.ValidK8sSecretUpdateRequest); !ok {
		return
	}

	svc := services.New(ctx)
	err := svc.K8sSecretUpdate(&param)
	if err != nil {
		global.Log.Error("更新Secret失败", zap.String("error", err.Error()))
		response.ToErrorResponse(errorcode.ErrorK8sSecretUpdateFail)
		return
	}

	response.ToResponse(gin.H{
		"msg": "Secret更新成功",
	})
}

// Delete godoc
// @Summary 删除Secret
// @Description 删除Secret
// @Tags K8s Secret管理
// @Produce json
// @Param body body requests.K8sCommonRequest true "body"
// @Success 200 {object} string "成功"
// @Failure 400 {object} errorcode.Error "请求错误"
// @Failure 500 {object} errorcode.Error "内部错误"
// @Router /api/v1/k8s/secret/delete [post]
func (k *SecretController) Delete(ctx *gin.Context) {
	param := requests.K8sCommonRequest{}
	response := app.NewResponse(ctx)

	if ok := app.Validate(ctx, &param, requests.ValidK8sCommonRequest); !ok {
		return
	}

	svc := services.New(ctx)
	err := svc.K8sSecretDelete(&param)
	if err != nil {
		global.Log.Error("删除Secrets失败", zap.String("error", err.Error()))
		response.ToErrorResponse(errorcode.ErrorK8sSecretDeleteFail)
		return
	}

	response.ToResponse(gin.H{
		"msg": "Secret删除成功",
	})
}

// Create godoc
// @Summary 创建Secret
// @Description 创建Secret
// @Tags K8s Secret管理
// @Produce json
// @Param body body requests.K8sSecretCreateRequest true "body"
// @Success 200 {object} string "成功"
// @Failure 400 {object} errorcode.Error "请求错误"
// @Failure 500 {object} errorcode.Error "内部错误"
// @Router /api/v1/k8s/secret/create [post]
func (k *SecretController) Create(ctx *gin.Context) {
	param := requests.K8sSecretCreateRequest{}
	response := app.NewResponse(ctx)

	if ok := app.Validate(ctx, &param, requests.ValidK8sSecretCreateRequest); !ok {
		return
	}

	svc := services.New(ctx)
	err := svc.K8sSecretCreate(&param)
	if err != nil {
		global.Log.Error("创建Secret失败", zap.String("error", err.Error()))
		response.ToErrorResponse(errorcode.ErrorK8sSecretCreateFail)
		return
	}

	response.ToResponse(gin.H{
		"msg": "Secret创建成功",
	})
}

// Detail godoc
// @Summary 获取Secret的详情
// @Description 获取Secret的详情
// @Tags K8s Secret管理
// @Produce json
// @Param name query string false "Secret名" maxlength(100)
// @Param namespace query string false "命名空间" maxlength(100)
// @Success 200 {object} string "成功"
// @Failure 400 {object} errorcode.Error "请求错误"
// @Failure 500 {object} errorcode.Error "内部错误"
// @Router /api/v1/k8s/secret/detail [get]
func (k *SecretController) Detail(ctx *gin.Context) {
	param := requests.K8sCommonRequest{}
	response := app.NewResponse(ctx)

	if ok := app.Validate(ctx, &param, requests.ValidK8sCommonRequest); !ok {
		return
	}

	svc := services.New(ctx)
	secret, err := svc.K8sSecretDetail(&param)
	if err != nil {
		global.Log.Error("获取获取Secret的详情失败", zap.String("error", err.Error()))
		response.ToErrorResponse(errorcode.ErrorK8sSecretDetailFail)
		return
	}

	response.ToResponse(gin.H{
		"data": secret,
		"msg":  "获取Secret的详情成功",
	})
}

再到 pkg/errorcode/k8s.go 文件中新增如下错误代码:

go
package errorcode

var (
	......
	// K8s Secret 错误码

	ErrorK8sSecretUpdateFail = NewError(500091, "更新K8s Secret 失败")
	ErrorK8sSecretDeleteFail = NewError(500092, "删除K8s Secret 失败")
	ErrorK8sSecretListFail   = NewError(500093, "获取K8s Secret 列表失败")
	ErrorK8sSecretDetailFail = NewError(500094, "获取K8s Secret 详情失败")
	ErrorK8sSecretCreateFail = NewError(500095, "创建K8s Secret 失败")
)

5、新增路由

internal/app/routers/k8s.go 文件中新增 Secret操作的路由,如下:

go
package routers

import (
	"github.com/gin-gonic/gin"
	v1 "github.com/joker-bai/kubemana/internal/app/controllers/api/v1"
)

type K8sRouter struct{}

func (r *K8sRouter) Inject(router *gin.RouterGroup) {

	k8s := router.Group("/k8s")
	{
		......

		// Secret 管理
		sec := new(k8s.SecretController)
		ks.GET("/secret/list", sec.List)
		ks.POST("/secret/create", sec.Create)
		ks.POST("/secret/update", sec.Update)
		ks.POST("/secret/delete", sec.Delete)
		ks.GET("/secret/detail", sec.Detail)
	}
}

6、测试一下

PS:测试之前都需要先初始化集群,在 4.3.1 Pod 章节有介绍。

这里简单测试列出 Secret 接口,如下:

1b1955ca66e7ba7d86672497353629f9 MD5

其他接口自行下去测试。

7、代码版本

本节开发完成后,记得生成 swag 和标记代码版本,如下:

go
$ swag init
$ git add .
$ git commit -m "新增k8s集群secret操作"
最近更新