Skip to content

Commit

Permalink
fix: add inCluster ip to cert
Browse files Browse the repository at this point in the history 
Signed-off-by: baoyinghai_yewu <baoyinghai_yewu@cmss.chinamobile.com>
  • Loading branch information
@OrangeBao
OrangeBao committed May 23, 2024
1 parent 3c08841 commit 3458584
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 5 deletions.
19 changes: 14 additions & 5 deletions pkg/kubenest/util/cert/certs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
netutils "k8s.io/utils/net"

"github.com/kosmos.io/kosmos/pkg/kubenest/constants"
"github.com/kosmos.io/kosmos/pkg/kubenest/util"
)

type CertConfig struct {
Expand Down Expand Up @@ -203,6 +204,11 @@ func makeAltNamesMutator(f func(cfg *AltNamesMutatorConfig) (*certutil.AltNames,
}

func proxyServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames, error) {
firstIP, err := util.GetFirstIP(constants.ApiServerServiceSubnet)
if err != nil {
return nil, err
}

altNames := &certutil.AltNames{
DNSNames: []string{
"localhost",
Expand All @@ -212,8 +218,7 @@ func proxyServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames,
},
IPs: []net.IP{
net.IPv4(127, 0, 0, 1),
net.IPv4(10, 237, 6, 17),
net.IPv4(10, 237, 0, 1),
firstIP,
},
}

Expand All @@ -236,21 +241,25 @@ func proxyServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames,
}

func apiServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames, error) {
firstIP, err := util.GetFirstIP(constants.ApiServerServiceSubnet)
if err != nil {
return nil, err
}

altNames := &certutil.AltNames{
DNSNames: []string{
"localhost",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"konnectivity-server.kube-system.svc.cluster.local",
fmt.Sprintf("*.%s.svc.cluster.local", constants.VirtualClusterSystemNamespace),
// fmt.Sprintf("*.%s.svc.cluster.local", constants.VirtualClusterSystemNamespace),
fmt.Sprintf("*.%s.svc", constants.VirtualClusterSystemNamespace),
},
//TODO (考虑节点属于当前集群节点和非当前集群节点情况)
IPs: []net.IP{
net.IPv4(127, 0, 0, 1),
net.IPv4(10, 237, 6, 17),
net.IPv4(10, 237, 0, 1),
firstIP,
},
}

Expand Down
17 changes: 17 additions & 0 deletions pkg/kubenest/util/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package util
import (
"encoding/base64"
"fmt"
"net"

"k8s.io/client-go/kubernetes"

Expand Down Expand Up @@ -40,3 +41,19 @@ func GenerateKubeclient(virtualCluster *v1alpha1.VirtualCluster) (kubernetes.Int

return k8sClient, nil
}

func GetFirstIP(ipNetStr string) (net.IP, error) {
_, ipNet, err := net.ParseCIDR(ipNetStr)
if err != nil {
fmt.Println("parse ipNetStr err:", err)
return nil, err
}

firstIP := make(net.IP, len(ipNet.IP))
copy(firstIP, ipNet.IP)
for i := range firstIP {
firstIP[i] |= ipNet.Mask[i]
}

return firstIP, nil
}

0 comments on commit 3458584

Please sign in to comment.