mirror of
https://github.com/certd/certd.git
synced 2026-04-24 04:17:25 +08:00
Merge remote-tracking branch 'origin/v2' into v2
# Conflicts: # packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/notification-form/index.vue # packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts
This commit is contained in:
xiaojunnuo
@@ -1 +0,0 @@
|
||||
export * from './k8s-access.js';
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
import { IsAccess, AccessInput } from '@certd/pipeline';
|
||||
|
||||
@IsAccess({
|
||||
name: 'k8s',
|
||||
title: 'k8s授权',
|
||||
desc: '',
|
||||
})
|
||||
export class K8sAccess {
|
||||
@AccessInput({
|
||||
title: 'kubeconfig',
|
||||
component: {
|
||||
name: 'a-textarea',
|
||||
vModel: 'value',
|
||||
placeholder: 'kubeconfig',
|
||||
},
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
kubeconfig = '';
|
||||
}
|
||||
|
||||
new K8sAccess();
|
||||
@@ -1,3 +1,2 @@
|
||||
export * from './plugin-k8s.js';
|
||||
export * from './plugin-restart.js';
|
||||
export * from './plugin-script.js';
|
||||
|
||||
@@ -1,114 +0,0 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, utils } from '@certd/pipeline';
|
||||
import { CertInfo } from '@certd/plugin-cert';
|
||||
import { K8sAccess } from '../access/index.js';
|
||||
import { appendTimeSuffix } from '../../plugin-aliyun/utils/index.js';
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: 'DeployToK8SIngress',
|
||||
title: 'K8S Ingress证书部署',
|
||||
desc: '暂不可用',
|
||||
group: pluginGroups.other.key,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class K8STestPlugin extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: '命名空间',
|
||||
value: 'default',
|
||||
component: {
|
||||
placeholder: '命名空间',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
namespace!: string;
|
||||
@TaskInput({
|
||||
title: 'ingress名称',
|
||||
value: '',
|
||||
component: {
|
||||
placeholder: 'ingress名称',
|
||||
},
|
||||
required: true,
|
||||
helper: '可以传入一个数组',
|
||||
})
|
||||
ingressName!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '保密字典Id',
|
||||
component: {
|
||||
placeholder: '保密字典Id',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
secretName!: string | string[];
|
||||
|
||||
@TaskInput({
|
||||
title: 'k8s授权',
|
||||
helper: 'kubeconfig',
|
||||
component: {
|
||||
name: 'pi-access-selector',
|
||||
type: 'k8s',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
helper: '请选择前置任务输出的域名证书',
|
||||
component: {
|
||||
name: 'pi-output-selector',
|
||||
from: ['CertApply', 'CertApplyLego'],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
K8sClient: any;
|
||||
async onInstance() {
|
||||
const sdk = await import('@certd/lib-k8s');
|
||||
this.K8sClient = sdk.K8sClient;
|
||||
}
|
||||
async execute(): Promise<void> {
|
||||
const access: K8sAccess = await this.accessService.getById(this.accessId);
|
||||
const k8sClient = new this.K8sClient({
|
||||
kubeConfigStr: access.kubeconfig,
|
||||
logger: this.logger,
|
||||
});
|
||||
await this.patchNginxCertSecret({ cert: this.cert, k8sClient });
|
||||
await utils.sleep(3000); // 停留2秒,等待secret部署完成
|
||||
}
|
||||
|
||||
async patchNginxCertSecret(options: { cert: CertInfo; k8sClient: any }) {
|
||||
const { cert, k8sClient } = options;
|
||||
const crt = cert.crt;
|
||||
const key = cert.key;
|
||||
const crtBase64 = Buffer.from(crt).toString('base64');
|
||||
const keyBase64 = Buffer.from(key).toString('base64');
|
||||
|
||||
const { namespace, secretName } = this;
|
||||
|
||||
const body: any = {
|
||||
data: {
|
||||
'tls.crt': crtBase64,
|
||||
'tls.key': keyBase64,
|
||||
},
|
||||
metadata: {
|
||||
labels: {
|
||||
certd: appendTimeSuffix('certd'),
|
||||
},
|
||||
},
|
||||
};
|
||||
let secretNames: any = secretName;
|
||||
if (typeof secretName === 'string') {
|
||||
secretNames = [secretName];
|
||||
}
|
||||
for (const secret of secretNames) {
|
||||
await k8sClient.patchSecret({ namespace, secretName: secret, body });
|
||||
this.logger.info(`ingress cert Secret已更新:${secret}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
new K8STestPlugin();
|
||||
@@ -3,6 +3,7 @@ import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput
|
||||
@IsTaskPlugin({
|
||||
name: 'RestartCertd',
|
||||
title: '重启Certd',
|
||||
icon: 'mdi:restart',
|
||||
desc: '延迟一定时间后自动杀死自己,然后通过Docker来自动重启',
|
||||
group: pluginGroups.other.key,
|
||||
default: {
|
||||
@@ -24,7 +25,7 @@ export class RestartCertdPlugin extends AbstractTaskPlugin {
|
||||
delay = 30;
|
||||
async onInstance() {}
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info(`延迟 ${this.delay} 秒后重启 Certd`);
|
||||
this.logger.info(`Certd 将在 ${this.delay} 秒后关闭`);
|
||||
setTimeout(() => {
|
||||
this.logger.info('重启 Certd');
|
||||
process.exit(1);
|
||||
|
||||
@@ -9,6 +9,7 @@ export type CustomScriptContext = {
|
||||
@IsTaskPlugin({
|
||||
name: 'CustomScript',
|
||||
title: '自定义js脚本',
|
||||
icon:"ri:javascript-line",
|
||||
desc: '测试',
|
||||
group: pluginGroups.other.key,
|
||||
default: {
|
||||
|
||||
Reference in New Issue
Block a user