v0.1.21

.gitmodules

@@ -0,0 +1,9 @@
+[submodule "packages/deploy/server"]
+	path = packages/deploy/server
+	url = https://github.com/certd/certd-server.git
+[submodule "packages/deploy/client"]
+	path = packages/deploy/client
+	url = https://github.com/certd/certd-client.git
+[submodule "packages/issuer/node-acme-client"]
+	path = packages/issuer/node-acme-client
+	url = https://github.com/certd/node-acme-client.git

lerna.json

@@ -1,6 +1,8 @@
 {
   "packages": [
-    "packages/*/*"
+    "packages/core/*",
+    "packages/plugins/*",
+    "packages/ui/*"
   ],
-  "version": "0.1.20"
+  "version": "0.1.21"
 }

package.json

@@ -7,7 +7,8 @@
   },
   "scripts": {
     "start": "lerna bootstrap --hoist",
-    "i-all": "lerna link && lerna exec npm install  "
+    "i-all": "lerna link && lerna exec npm install  ",
+    "init": "git submodule update --init --recursive"
   },
   "license": "MIT",
   "dependencies": {

packages/core/executor/package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "@certd/executor",
-	"version": "0.1.20",
+	"version": "0.1.21",
 	"lockfileVersion": 2,
 	"requires": true,
 	"packages": {

packages/core/executor/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/executor",
-  "version": "0.1.20",
+  "version": "0.1.21",
   "description": "",
   "main": "src/index.js",
   "scripts": {
@@ -17,8 +17,8 @@
   },
   "devDependencies": {
     "@certd/plugin-aliyun": "^0.1.19",
-    "@certd/plugin-host": "^0.1.19",
-    "@certd/plugin-tencent": "^0.1.19",
+    "@certd/plugin-host": "^0.1.21",
+    "@certd/plugin-tencent": "^0.1.21",
     "@rollup/plugin-commonjs": "^17.0.0",
     "@rollup/plugin-json": "^4.1.0",
     "@rollup/plugin-node-resolve": "^11.0.1",

packages/plugins/plugin-host/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/plugin-host",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

packages/plugins/plugin-host/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@certd/plugin-host",
-	"version": "0.1.19",
+	"version": "0.1.21",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",

packages/plugins/plugin-tencent/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/plugin-tencent",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

packages/plugins/plugin-tencent/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@certd/plugin-tencent",
-	"version": "0.1.19",
+	"version": "0.1.21",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",

packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js

@@ -41,6 +41,11 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
           label: 'ingress名称',
           desc: '支持多个（传入数组）'
         },
+        ingressClass: {
+          type: String,
+          label: 'ingress类型',
+          desc: '可选 qcloud / nginx'
+        },
         clusterIp: {
           type: String,
           label: '集群内网ip',
@@ -86,7 +91,13 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
       // 修改内网解析ip地址
       k8sClient.setLookup({ [clusterDomain]: { ip: props.clusterIp } })
     }
-    await this.patchCertSecret({ k8sClient, props, context })
+    const ingressType = props.ingressClass || 'qcloud'
+    if (ingressType === 'qcloud') {
+      await this.patchQcloudCertSecret({ k8sClient, props, context })
+    } else {
+      await this.patchNginxCertSecret({ cert, k8sClient, props, context })
+    }
+
     await this.sleep(2000) // 停留2秒，等待secret部署完成
     await this.restartIngress({ k8sClient, props })
     return true
@@ -121,7 +132,7 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
     return ret.Kubeconfig
   }
 
-  async patchCertSecret ({ k8sClient, props, context }) {
+  async patchQcloudCertSecret ({ k8sClient, props, context }) {
     const { tencentCertId } = context
     if (tencentCertId == null) {
       throw new Error('请先将【上传证书到腾讯云】作为前置任务')
@@ -151,6 +162,35 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
     }
   }
 
+  async patchNginxCertSecret ({ cert, k8sClient, props, context }) {
+    const crt = cert.crt
+    const key = cert.key
+    const crtBase64 = Buffer.from(crt).toString('base64')
+    const keyBase64 = Buffer.from(key).toString('base64')
+
+    const { namespace, secretName } = props
+
+    const body = {
+      data: {
+        'tls.crt': crtBase64,
+        'tls.key': keyBase64
+      },
+      metadata: {
+        labels: {
+          certd: this.appendTimeSuffix('certd')
+        }
+      }
+    }
+    let secretNames = secretName
+    if (typeof secretName === 'string') {
+      secretNames = [secretName]
+    }
+    for (const secret of secretNames) {
+      await k8sClient.patchSecret({ namespace, secretName: secret, body })
+      this.logger.info(`CertSecret已更新:${secret}`)
+    }
+  }
+
   async restartIngress ({ k8sClient, props }) {
     const { namespace, ingressName } = props
 

packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js

@@ -0,0 +1,59 @@
+import pkg from 'chai'
+import { DeployCertToTencentTKEIngress } from '../../src/plugins/deploy-to-tke-ingress/index.js'
+import { Certd } from '@certd/certd'
+import { createOptions } from '../../../../../test/options.js'
+import { K8sClient } from '../../src/utils/util.k8s.client.js'
+
+const { expect } = pkg
+
+async function getOptions () {
+  const options = createOptions()
+  options.args.test = false
+  options.cert.email = 'xiaojunnuo@qq.com'
+  options.cert.domains = ['*.docmirror.cn']
+  const certd = new Certd(options)
+  const cert = await certd.readCurrentCert()
+  const context = {}
+  const deployOpts = {
+    accessProviders: options.accessProviders,
+    cert,
+    props: {
+      accessProvider: 'tencent-yonsz',
+      region: 'ap-guangzhou',
+      clusterId: 'cls-6lbj1vee'
+    },
+    context
+  }
+  return { options, deployOpts }
+}
+
+describe('DeployCertToTencentTKEIngressNginx', function () {
+  it('#getTKESecrets', async function () {
+    this.timeout(50000)
+    const { options, deployOpts } = await getOptions()
+    const plugin = new DeployCertToTencentTKEIngress(options)
+    const tkeClient = plugin.getTkeClient(options.accessProviders[deployOpts.props.accessProvider], deployOpts.props.region)
+    const kubeConfig = await plugin.getTkeKubeConfig(tkeClient, deployOpts.props.clusterId)
+
+    const k8sClient = new K8sClient(kubeConfig)
+    k8sClient.setLookup({
+      'cls-6lbj1vee.ccs.tencent-cloud.com': { ip: '13.123.123.123' }
+    })
+    const secrets = await k8sClient.getSecret({ namespace: 'stress' })
+
+    console.log('secrets:', secrets)
+  })
+  it('#execute', async function () {
+    this.timeout(5000)
+
+    const { options, deployOpts } = await getOptions()
+    deployOpts.props.ingressName = 'stress-ingress-nginx'
+    deployOpts.props.ingressClass = 'nginx'
+    deployOpts.props.secretName = 'stress-all'
+    deployOpts.props.namespace = 'stress'
+    const plugin = new DeployCertToTencentTKEIngress(options)
+
+    const ret = await plugin.doExecute(deployOpts)
+    console.log('sucess', ret)
+  })
+})

packages/ui/certd-server/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/server",
-  "version": "0.1.20",
+  "version": "0.1.21",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/server",
-  "version": "0.1.20",
+  "version": "0.1.21",
   "private": false,
   "type": "module",
   "scripts": {
@@ -11,10 +11,10 @@
   },
   "dependencies": {
     "@certd/api": "^0.1.17",
-    "@certd/executor": "^0.1.20",
+    "@certd/executor": "^0.1.21",
     "@certd/plugin-aliyun": "^0.1.19",
-    "@certd/plugin-host": "^0.1.19",
-    "@certd/plugin-tencent": "^0.1.19",
+    "@certd/plugin-host": "^0.1.21",
+    "@certd/plugin-tencent": "^0.1.21",
     "compressing": "^1.5.1",
     "debug": "^4.1.1",
     "fs-extra": "^9.1.0",