99 lines
3.1 KiB
Go
99 lines
3.1 KiB
Go
package apiserver
|
||
|
||
import (
|
||
"context"
|
||
"fmt"
|
||
"os"
|
||
|
||
"github.com/gin-gonic/gin"
|
||
zeldaiov1alpha1 "github.com/ycyxuehan/zelda/api/v1alpha1"
|
||
authapi "github.com/ycyxuehan/zelda/apiserver/auth/api"
|
||
proxyapi "github.com/ycyxuehan/zelda/apiserver/proxy/api"
|
||
corev1 "k8s.io/api/core/v1"
|
||
kubeclient "sigs.k8s.io/controller-runtime/pkg/client"
|
||
)
|
||
|
||
type APIServer struct {
|
||
client kubeclient.Client
|
||
authManager authapi.AuthManager
|
||
proxies []proxyapi.Proxy
|
||
namesapce string
|
||
zserviceHandler *ZServiceHandler
|
||
}
|
||
|
||
func NewAPIServer(client kubeclient.Client, authManager authapi.AuthManager) *APIServer {
|
||
server := &APIServer{
|
||
client: client,
|
||
authManager: authManager,
|
||
zserviceHandler: NewZServiceHandler(client),
|
||
}
|
||
server.setNamespace()
|
||
return server
|
||
}
|
||
|
||
func (a *APIServer) setNamespace() error {
|
||
data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
|
||
a.namesapce = string(data)
|
||
return err
|
||
}
|
||
|
||
func (a *APIServer) UseProxies(proxies ...proxyapi.Proxy) {
|
||
a.proxies = append(a.proxies, proxies...)
|
||
}
|
||
|
||
//设置路由
|
||
func (a *APIServer) SetRoute(engine *gin.Engine) {
|
||
//添加认证接口
|
||
authGroup := engine.Group("/auth")
|
||
a.authManager.InitAuthRoute(a.IdentifyFunc(), authGroup)
|
||
//添加代理接口
|
||
for _, proxy := range a.proxies {
|
||
proxyGroup := engine.Group(proxy.Path())
|
||
proxyGroup.Use(a.authManager.MiddleWare())
|
||
proxyGroup.GET("/", proxy.Proxy())
|
||
proxyGroup.PUT("/", proxy.Proxy())
|
||
proxyGroup.POST("/", proxy.Proxy())
|
||
proxyGroup.PATCH("/", proxy.Proxy())
|
||
proxyGroup.DELETE("/", proxy.Proxy())
|
||
proxyGroup.OPTIONS("/", proxy.Proxy())
|
||
}
|
||
//添加服务接口
|
||
apiGroup := engine.Group("/api/v1alpha1")
|
||
apiGroup.Use(a.authManager.MiddleWare())
|
||
|
||
//zservice
|
||
zserviceGroup := apiGroup.Group("/zservice")
|
||
zserviceGroup.GET("/:name/restart", a.zserviceHandler.HandleRestart)
|
||
zserviceGroup.GET("/:name/start", a.zserviceHandler.HandleStart)
|
||
zserviceGroup.GET("/:name/stop", a.zserviceHandler.HandleStop)
|
||
zserviceGroup.POST("/:name/scale", a.zserviceHandler.HandleScale)
|
||
zserviceGroup.POST("/:name/version", a.zserviceHandler.HandleChangeVersion)
|
||
|
||
}
|
||
|
||
func (a *APIServer) IdentifyFunc() authapi.IdentifyFunc {
|
||
return func(ar *authapi.AuthentitionRequest) (authapi.IdentifyResult, error) {
|
||
zuser := zeldaiov1alpha1.ZUser{}
|
||
err := a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: ar.Username}, &zuser)
|
||
if err != nil {
|
||
return authapi.IdentifyResult{}, err
|
||
}
|
||
if ar.Password != zuser.Spec.Password {
|
||
return authapi.IdentifyResult{}, fmt.Errorf("password is invalid")
|
||
}
|
||
//密码验证通过,获取kubernetes token
|
||
secret := corev1.Secret{}
|
||
err = a.client.Get(context.Background(), kubeclient.ObjectKey{Namespace: a.namesapce, Name: zuser.Status.Token}, &secret)
|
||
if err != nil {
|
||
return authapi.IdentifyResult{}, err
|
||
}
|
||
//这里处理证书和token
|
||
return authapi.IdentifyResult{KubernetesToken: secret.StringData["token"], Cert: secret.StringData["ca.crt"]}, nil
|
||
}
|
||
}
|
||
|
||
func (a *APIServer)Run(addr string)error{
|
||
engine := gin.Default()
|
||
a.SetRoute(engine)
|
||
return engine.Run(addr)
|
||
} |