lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-23 19:57:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

perf: plugins增加图标

Browse Source
This commit is contained in:
xiaojunnuo
2024-09-19 17:38:51 +08:00
parent e5a5d0a607
commit a8da658a97
41 changed files with 1137 additions and 633 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-ack-ingress/index.ts
-236
View File
@@ -1,236 +0,0 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, utils } from '@certd/pipeline';
import { AliyunAccess, AliyunClient } from '@certd/plugin-plus';
import { appendTimeSuffix } from '../../utils/index.js';
import { CertInfo } from '@certd/plugin-cert';
@IsTaskPlugin({
name: 'DeployCertToAliyunAckIngress',
title: '部署到阿里云AckIngress',
group: pluginGroups.aliyun.key,
input: {},
output: {},
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class DeployCertToAliyunAckIngressPlugin extends AbstractTaskPlugin {
@TaskInput({
title: '集群id',
component: {
placeholder: '集群id',
},
})
clusterId!: string;
@TaskInput({
title: '保密字典Id',
component: {
placeholder: '保密字典Id',
},
required: true,
})
secretName!: string | string[];
@TaskInput({
title: '大区',
value: 'cn-shanghai',
component: {
placeholder: '集群所属大区',
},
required: true,
})
regionId!: string;
@TaskInput({
title: '命名空间',
value: 'default',
component: {
placeholder: '命名空间',
},
required: true,
})
namespace: string = 'default';
@TaskInput({
title: 'ingress名称',
value: '',
component: {
placeholder: 'ingress名称',
},
required: true,
helper: '可以传入一个数组',
})
ingressName!: string;
@TaskInput({
title: 'ingress类型',
value: 'nginx',
component: {
placeholder: '暂时只支持nginx类型',
},
required: true,
})
ingressClass!: string;
@TaskInput({
title: '是否私网ip',
value: false,
component: {
name: 'a-switch',
vModel: 'checked',
placeholder: '集群连接端点是否是私网ip',
},
helper: '如果您当前certd运行在同一个私网下,可以选择是。',
required: true,
})
isPrivateIpAddress!: boolean;
@TaskInput({
title: '域名证书',
helper: '请选择前置任务输出的域名证书',
component: {
name: 'pi-output-selector',
from: ['CertApply', 'CertApplyLego'],
},
required: true,
})
cert!: CertInfo;
@TaskInput({
title: 'Access授权',
helper: '阿里云授权AccessKeyId、AccessKeySecret',
component: {
name: 'pi-access-selector',
type: 'aliyun',
},
required: true,
})
accessId!: string;
K8sClient: any;
async onInstance() {
const sdk = await import('@certd/lib-k8s');
this.K8sClient = sdk.K8sClient;
}
async execute(): Promise<void> {
this.logger.info('开始部署证书到阿里云cdn');
const { regionId, ingressClass, clusterId, isPrivateIpAddress, cert } = this;
const access = (await this.accessService.getById(this.accessId)) as AliyunAccess;
const client = await this.getClient(access, regionId);
const kubeConfigStr = await this.getKubeConfig(client, clusterId, isPrivateIpAddress);
this.logger.info('kubeconfig已成功获取');
const k8sClient = new this.K8sClient({
kubeConfigStr,
logger: this.logger,
});
const ingressType = ingressClass || 'qcloud';
if (ingressType === 'qcloud') {
throw new Error('暂未实现');
// await this.patchQcloudCertSecret({ k8sClient, props, context })
} else {
await this.patchNginxCertSecret({ cert, k8sClient });
}
await utils.sleep(3000); // 停留2秒,等待secret部署完成
// await this.restartIngress({ k8sClient, props })
}
async restartIngress(options: { k8sClient: any }) {
const { k8sClient } = options;
const { namespace } = this;
const body = {
metadata: {
labels: {
certd: appendTimeSuffix('certd'),
},
},
};
const ingressList = await k8sClient.getIngressList({ namespace });
this.logger.info('ingressList:', ingressList);
if (!ingressList || !ingressList.items) {
return;
}
const ingressNames = ingressList.items
.filter((item: any) => {
if (!item.spec.tls) {
return false;
}
for (const tls of item.spec.tls) {
if (tls.secretName === this.secretName) {
return true;
}
}
return false;
})
.map((item: any) => {
return item.metadata.name;
});
for (const ingress of ingressNames) {
await k8sClient.patchIngress({ namespace, ingressName: ingress, body });
this.logger.info(`ingress已重启:${ingress}`);
}
}
async patchNginxCertSecret(options: { cert: CertInfo; k8sClient: any }) {
const { cert, k8sClient } = options;
const crt = cert.crt;
const key = cert.key;
const crtBase64 = Buffer.from(crt).toString('base64');
const keyBase64 = Buffer.from(key).toString('base64');
const { namespace, secretName } = this;
const body = {
data: {
'tls.crt': crtBase64,
'tls.key': keyBase64,
},
metadata: {
labels: {
certd: appendTimeSuffix('certd'),
},
},
};
let secretNames: any = secretName;
if (typeof secretName === 'string') {
secretNames = [secretName];
}
for (const secret of secretNames) {
await k8sClient.patchSecret({ namespace, secretName: secret, body });
this.logger.info(`CertSecret已更新:${secret}`);
}
}
async getClient(aliyunProvider: any, regionId: string) {
const client = new AliyunClient({logger:this.logger})
await client.init({
accessKeyId: aliyunProvider.accessKeyId,
accessKeySecret: aliyunProvider.accessKeySecret,
endpoint: `https://cs.${regionId}.aliyuncs.com`,
apiVersion: '2015-12-15',
})
return client
}
async getKubeConfig(client: any, clusterId: string, isPrivateIpAddress = false) {
const httpMethod = 'GET';
const uriPath = `/k8s/${clusterId}/user_config`;
const queries = {
PrivateIpAddress: isPrivateIpAddress,
};
const body = '{}';
const headers = {
'Content-Type': 'application/json',
};
const requestOption = {};
try {
const res = await client.request(httpMethod, uriPath, queries, body, headers, requestOption);
return res.config;
} catch (e) {
console.error('请求出错:', e);
throw e;
}
}
}
new DeployCertToAliyunAckIngressPlugin();
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-cdn/index.ts
+1
View File
@@ -4,6 +4,7 @@ import { AliyunAccess, AliyunClient } from "@certd/plugin-plus";
@IsTaskPlugin({
name: 'DeployCertToAliyunCDN',
title: '部署证书至阿里云CDN',
icon: 'ant-design:aliyun-outlined',
group: pluginGroups.aliyun.key,
desc: '自动部署域名证书至阿里云CDN',
default: {
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-dcdn/index.ts
+5 -4
View File
@@ -1,9 +1,10 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import dayjs from 'dayjs';
import { AliyunAccess, AliyunClient } from "@certd/plugin-plus";
import { AliyunAccess, AliyunClient } from '@certd/plugin-plus';
@IsTaskPlugin({
name: 'DeployCertToAliyunDCDN',
title: '部署证书至阿里云DCDN',
icon: 'ant-design:aliyun-outlined',
group: pluginGroups.aliyun.key,
desc: '依赖证书申请前置任务,自动部署域名证书至阿里云DCDN',
default: {
@@ -59,14 +60,14 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
}
async getClient(access: AliyunAccess) {
const client = new AliyunClient({logger:this.logger})
const client = new AliyunClient({ logger: this.logger });
await client.init({
accessKeyId: access.accessKeyId,
accessKeySecret: access.accessKeySecret,
endpoint: 'https://dcdn.aliyuncs.com',
apiVersion: '2018-01-15',
})
return client
});
return client;
}
async buildParams() {
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/index.ts
-1
View File
@@ -1,4 +1,3 @@
export * from './deploy-to-cdn/index.js';
export * from './deploy-to-dcdn/index.js';
export * from './deploy-to-ack-ingress/index.js';
export * from './upload-to-aliyun/index.js';
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts
+1
View File
@@ -5,6 +5,7 @@ import { AliyunAccess, AliyunClient } from '@certd/plugin-plus';
@IsTaskPlugin({
name: 'uploadCertToAliyun',
title: '上传证书到阿里云',
icon: 'ant-design:aliyun-outlined',
group: pluginGroups.aliyun.key,
desc: '',
default: {