HAOJX

如何代码创建自定义用户的config文件

字数统计: 398阅读时长: 2 min
2022/01/01 Share

如何查看config文件

1
kubectl config view

或者在cat $HOME/.kube/config

简单事例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package main

import (
"encoding/pem"
"io/ioutil"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
"os"
)

func caData() []byte {
f,_:=os.Open("./test/certs/ca.crt")
b,_:=ioutil.ReadAll(f)
decode,_:=pem.Decode(b)
return decode.Bytes
}

func userData(path string) []byte {
f,_:= os.Open("./test/certs/"+path)
b,_:= ioutil.ReadAll(f)
decode,_:= pem.Decode(b)
return decode.Bytes
}

func main() {
config:= api.NewConfig()

config.Clusters["kubernetes"]= &api.Cluster{
Server: "<https://192.168.92.129:6443>",
CertificateAuthorityData:caData(),
}

config.Contexts["abc@kuberentes"]=&api.Context{
Cluster: "kubernetes",
AuthInfo: "abc",
}

config.CurrentContext="abc@kubernetes"

config.AuthInfos["abc"]=&api.AuthInfo{
ClientCertificateData: userData("abc.pem"),
ClientKeyData: userData("abc_key.pem"),
}

clientcmd.WriteToFile(*config,"./test/certs/abc.config")

}

放到gin中示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
func (rbac *RBACCtl) Clientconfig(c *gin.Context) goft.Json {
user:= c.DefaultQuery("user","")
if user == "" {
panic("no such user or usr is empt")
}

cfg:= api.NewConfig()

clusterName:="kubernetes"

cfg.Clusters[clusterName]=&api.Cluster{
Server:rbac.Sysconfig.K8s.ClusterInfo.EndPoint,
CertificateAuthorityData: helpers.CertData(rbac.Sysconfig.K8s.ClusterInfo.CaFile),
}

cfg.Contexts[user]=&api.Context{
Cluster: clusterName,
AuthInfo: user,
}
contextName:=fmt.Sprintf("%s@kubernetes",user)
cfg.CurrentContext=contextName

usercertpempath:=fmt.Sprintf("%s/%s.pem",rbac.Sysconfig.K8s.ClusterInfo.UserCert,user)
usercertkeypath:=fmt.Sprintf("%s/%s_key.pem",rbac.Sysconfig.K8s.ClusterInfo.UserCert,user)
cfg.AuthInfos[user]=&api.AuthInfo{
ClientCertificateData: helpers.CertData(usercertpempath),
ClientKeyData: helpers.CertData(usercertkeypath),
}

fileconfig,err:=clientcmd.Write(*cfg)
goft.Error(err)
return gin.H{
"code":20000,
"data":string(fileconfig),
}
}

help.CertData函数如下

1
2
3
4
5
6
7
8
func  CertData(path string) []byte {
f,err:=os.Open(path)
goft.Error(err)
defer f.Close()
b,_:=ioutil.ReadAll(f)
decode,_:=pem.Decode(b)
return decode.Bytes
}

简单代码

1
2
3
4
config.AuthInfos["abc"]=&api.AuthInfo{
ClientCertificateData: userData("abc.pem"),
ClientKeyData: userData("abc_key.pem"),
}

这是取的是这个用户的key和pem

关于如何代码创建用户, 以及如何给这个用户签发证书, 请看下面文章

CATALOG
  1. 1. 简单事例
  2. 2. 放到gin中示例