This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch refactor-with-go
in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
The following commit(s) were added to refs/heads/refactor-with-go by this push:
new 796265e Support deploy on k8s
796265e is described below
commit 796265e25ff775146df0f8aef6e12241f2d9ff78
Author: Albumen Kevin <[email protected]>
AuthorDate: Thu Feb 23 18:51:43 2023 +0800
Support deploy on k8s
---
ca/Dockerfile | 25 +++++++++++++
ca/{cmd => }/main.go | 0
ca/permission.yml | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++
ca/pkg/k8s/client.go | 26 ++++++-------
4 files changed, 140 insertions(+), 13 deletions(-)
diff --git a/ca/Dockerfile b/ca/Dockerfile
new file mode 100644
index 0000000..2ffe04d
--- /dev/null
+++ b/ca/Dockerfile
@@ -0,0 +1,25 @@
+FROM golang:1.20.1-alpine3.17 as builder
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g'
/etc/apk/repositories
+
+RUN apk --update add gcc libc-dev upx ca-certificates && update-ca-certificates
+
+ADD . /workspace
+
+WORKDIR /workspace
+
+RUN --mount=type=cache,target=/go \
+ env GOPROXY=https://goproxy.cn,direct \
+ go build -buildmode=pie -ldflags "-linkmode external -extldflags -static -w"
\
+ -o /workspace/ca
+
+FROM alpine:3.17
+
+EXPOSE 30060
+EXPOSE 30062
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g'
/etc/apk/repositories
+
+COPY --from=builder /workspace/ca /ca
+
+CMD ["/ca"]
diff --git a/ca/cmd/main.go b/ca/main.go
similarity index 100%
rename from ca/cmd/main.go
rename to ca/main.go
diff --git a/ca/permission.yml b/ca/permission.yml
new file mode 100644
index 0000000..a754947
--- /dev/null
+++ b/ca/permission.yml
@@ -0,0 +1,102 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: dubbo-ca
+ namespace: dubbo-system
+ labels:
+ app: dubbo-ca
+rules:
+ # For storing CA secret
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["create", "get", "watch", "list", "update", "delete"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: dubbo-ca
+ labels:
+ app: dubbo-ca
+rules:
+ - apiGroups: [""]
+ resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
+ verbs: ["get", "list", "watch"]
+
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["update"]
+
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["create", "get", "list", "watch", "update"]
+
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "watch", "list"]
+
+ - apiGroups: ["authentication.k8s.io"]
+ resources: ["tokenreviews"]
+ verbs: ["create"]
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: dubbo-ca
+ namespace: dubbo-system
+ labels:
+ app: dubbo-ca
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: dubbo-ca
+roleRef:
+ kind: ClusterRole
+ name: dubbo-ca
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: dubbo-ca
+ namespace: dubbo-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: dubbo-ca
+ namespace: dubbo-system
+roleRef:
+ kind: Role
+ name: dubbo-ca
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: dubbo-ca
+ namespace: dubbo-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dubbo-ca
+ namespace: dubbo-system
+ labels:
+ app: dubbo-ca
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: dubbo-ca
+ template:
+ metadata:
+ labels:
+ app: dubbo-ca
+ spec:
+ serviceAccountName: dubbo-ca
+ containers:
+ - name: ca
+ image: albumen/dubbo-ca:1.0.0
+---
diff --git a/ca/pkg/k8s/client.go b/ca/pkg/k8s/client.go
index 57e63e9..737610a 100644
--- a/ca/pkg/k8s/client.go
+++ b/ca/pkg/k8s/client.go
@@ -37,21 +37,21 @@ func (c *Client) Init() bool {
config, err := rest.InClusterConfig()
if err != nil {
logger.Sugar.Infof("Failed to load config from Pod. Will fall
back to kube config file.")
- }
- var kubeconfig *string
- if home := homedir.HomeDir(); home != "" {
- kubeconfig = flag.String("kubeconfig", filepath.Join(home,
".kube", "config"), "(optional) absolute path to the kubeconfig file")
- } else {
- kubeconfig = flag.String("kubeconfig", "", "absolute path to
the kubeconfig file")
- }
- flag.Parse()
+ var kubeconfig *string
+ if home := homedir.HomeDir(); home != "" {
+ kubeconfig = flag.String("kubeconfig",
filepath.Join(home, ".kube", "config"), "(optional) absolute path to the
kubeconfig file")
+ } else {
+ kubeconfig = flag.String("kubeconfig", "", "absolute
path to the kubeconfig file")
+ }
+ flag.Parse()
- // use the current context in kubeconfig
- config, err = clientcmd.BuildConfigFromFlags("", *kubeconfig)
- if err != nil {
- logger.Sugar.Warnf("Failed to load config from kube config
file.")
- return false
+ // use the current context in kubeconfig
+ config, err = clientcmd.BuildConfigFromFlags("", *kubeconfig)
+ if err != nil {
+ logger.Sugar.Warnf("Failed to load config from kube
config file.")
+ return false
+ }
}
// creates the clientset
