代码拉取完成,页面将自动刷新
package systemaccount
import (
"fmt"
"github.com/rancher/rancher/pkg/randomtoken"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/config"
"github.com/rancher/types/user"
errors2 "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
clusterOwnerRole = "cluster-owner"
)
func NewManager(management *config.ManagementContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
}
}
func NewManagerFromScale(management *config.ScaledContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
}
}
type Manager struct {
userManager user.Manager
crtbs v3.ClusterRoleTemplateBindingInterface
crts v3.ClusterRegistrationTokenInterface
}
func (s *Manager) CreateSystemAccount(cluster *v3.Cluster) error {
user, err := s.GetSystemUser(cluster)
if err != nil {
return err
}
bindingName := user.Name + "-admin"
_, err = s.crtbs.GetNamespaced(cluster.Name, bindingName, v1.GetOptions{})
if err == nil {
return nil
}
_, err = s.crtbs.Create(&v3.ClusterRoleTemplateBinding{
ObjectMeta: v1.ObjectMeta{
Name: bindingName,
Namespace: cluster.Name,
},
ClusterName: cluster.Name,
UserName: user.Name,
RoleTemplateName: clusterOwnerRole,
})
return err
}
func (s *Manager) GetSystemUser(cluster *v3.Cluster) (*v3.User, error) {
return s.userManager.EnsureUser(fmt.Sprintf("system://%s", cluster.Name), "System account for Cluster "+cluster.Name)
}
func (s *Manager) GetOrCreateSystemClusterToken(clusterName string) (string, error) {
token := ""
crt, err := s.crts.GetNamespaced(clusterName, "system", v1.GetOptions{})
if errors2.IsNotFound(err) {
token, err = randomtoken.Generate()
if err != nil {
return "", err
}
crt = &v3.ClusterRegistrationToken{
ObjectMeta: v1.ObjectMeta{
Name: "system",
Namespace: clusterName,
},
Spec: v3.ClusterRegistrationTokenSpec{
ClusterName: clusterName,
},
Status: v3.ClusterRegistrationTokenStatus{
Token: token,
},
}
if _, err := s.crts.Create(crt); err != nil {
return "", err
}
} else if err != nil {
return "", err
} else {
token = crt.Status.Token
}
return token, nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手