99 lines
3.1 KiB
Go
99 lines
3.1 KiB
Go
|
package apiserver
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"context"
|
|||
|
|
"fmt"
|
|||
|
|
"os"
|
|||
|
|
|
|||
|
|
"github.com/gin-gonic/gin"
|
|||
|
|
zeldaiov1alpha1 "github.com/ycyxuehan/zelda/api/v1alpha1"
|
|||
|
|
authapi "github.com/ycyxuehan/zelda/apiserver/auth/api"
|
|||
|
|
proxyapi "github.com/ycyxuehan/zelda/apiserver/proxy/api"
|
|||
|
|
corev1 "k8s.io/api/core/v1"
|
|||
|
|
kubeclient "sigs.k8s.io/controller-runtime/pkg/client"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
type APIServer struct {
|
|||
|
|
client kubeclient.Client
|
|||
|
|
authManager authapi.AuthManager
|
|||
|
|
proxies []proxyapi.Proxy
|
|||
|
|
namesapce string
|
|||
|
|
zserviceHandler *ZServiceHandler
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func NewAPIServer(client kubeclient.Client, authManager authapi.AuthManager) *APIServer {
|
|||
|
|
server := &APIServer{
|
|||
|
|
client: client,
|
|||
|
|
authManager: authManager,
|
|||
|
|
zserviceHandler: NewZServiceHandler(client),
|
|||
|
|
}
|
|||
|
|
server.setNamespace()
|
|||
|
|
return server
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func (a *APIServer) setNamespace() error {
|
|||
|
|
data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
|
|||
|
|
a.namesapce = string(data)
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func (a *APIServer) UseProxies(proxies ...proxyapi.Proxy) {
|
|||
|
|
a.proxies = append(a.proxies, proxies...)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//设置路由
|
|||
|
|
func (a *APIServer) SetRoute(engine *gin.Engine) {
|
|||
|
|
//添加认证接口
|
|||
|
|
authGroup := engine.Group("/auth")
|
|||
|
|
a.authManager.InitAuthRoute(a.IdentifyFunc(), authGroup)
|
|||
|
|
//添加代理接口
|
|||
|
|
for _, proxy := range a.proxies {
|
|||
|
|
proxyGroup := engine.Group(proxy.Path())
|
|||
|
|
proxyGroup.Use(a.authManager.MiddleWare())
|
|||
|
|
proxyGroup.GET("/", proxy.Proxy())
|
|||
|
|
proxyGroup.PUT("/", proxy.Proxy())
|
|||
|
|
proxyGroup.POST("/", proxy.Proxy())
|
|||
|
|
proxyGroup.PATCH("/", proxy.Proxy())
|
|||
|
|
proxyGroup.DELETE("/", proxy.Proxy())
|
|||
|
|
proxyGroup.OPTIONS("/", proxy.Proxy())
|
|||
|
|
}
|
|||
|
|
//添加服务接口
|
|||
|
|
apiGroup := engine.Group("/api/v1alpha1")
|
|||
|
|
apiGroup.Use(a.authManager.MiddleWare())
|
|||
|
|
|
|||
|
|
//zservice
|
|||
|
|
zserviceGroup := apiGroup.Group("/zservice")
|
|||
|
|
zserviceGroup.GET("/:name/restart", a.zserviceHandler.HandleRestart)
|
|||
|
|
zserviceGroup.GET("/:name/start", a.zserviceHandler.HandleStart)
|
|||
|
|
zserviceGroup.GET("/:name/stop", a.zserviceHandler.HandleStop)
|
|||
|
|
zserviceGroup.POST("/:name/scale", a.zserviceHandler.HandleScale)
|
|||
|
|
zserviceGroup.POST("/:name/version", a.zserviceHandler.HandleChangeVersion)
|
|||
|
|
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func (a *APIServer) IdentifyFunc() authapi.IdentifyFunc {
|
|||
|
|
return func(ar *authapi.AuthentitionRequest) (authapi.IdentifyResult, error) {
|
|||
|
|
zuser := zeldaiov1alpha1.ZUser{}
|
|||
|
|
err := a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: ar.Username}, &zuser)
|
|||
|
|
if err != nil {
|
|||
|
|
return authapi.IdentifyResult{}, err
|
|||
|
|
}
|
|||
|
|
if ar.Password != zuser.Spec.Password {
|
|||
|
|
return authapi.IdentifyResult{}, fmt.Errorf("password is invalid")
|
|||
|
|
}
|
|||
|
|
//密码验证通过,获取kubernetes token
|
|||
|
|
secret := corev1.Secret{}
|
|||
|
|
err = a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: zuser.Status.Token}, &secret)
|
|||
|
|
if err != nil {
|
|||
|
|
return authapi.IdentifyResult{}, err
|
|||
|
|
}
|
|||
|
|
//这里处理证书和token
|
|||
|
|
return authapi.IdentifyResult{KubernetesToken: secret.StringData["token"], Cert: secret.StringData["ca.crt"]}, nil
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func (a *APIServer)Run(addr string)error{
|
|||
|
|
engine := gin.Default()
|
|||
|
|
a.SetRoute(engine)
|
|||
|
|
return engine.Run(addr)
|
|||
|
|
}
|