Skip to content

Commit

Permalink
Merge pull request nacos-group#370 from Accelerator96/master
Browse files Browse the repository at this point in the history 
在创建nacos时添加认证相关配置
  • Loading branch information
@paderlol
paderlol authored Jan 14, 2023
2 parents 7f81017 + ab1e9b1 commit 7214cb0
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 1 deletion.
9 changes: 9 additions & 0 deletions operator/api/v1alpha1/nacos_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,19 @@ type NacosSpec struct {
Volume Storage `json:"volume,omitempty"`
// 配置文件
Config string `json:"config,omitempty"`
// 开启认证
Certification Certification `json:"certification,omitempty"`
// 通用k8s配置包装器
K8sWrapper K8sWrapper `json:"k8sWrapper,omitempty"`
}

type Certification struct {
Enabled bool `json:"enabled,omitempty"`
Token string `json:"token,omitempty"`
TokenExpireSeconds string `json:"token_expire_seconds,omitempty"`
CacheEnabled bool `json:"cache_enabled,omitempty"`
}

type K8sWrapper struct {
PodSpec PodSpecWrapper `json:"PodSpec,omitempty"`
}
Expand Down
16 changes: 16 additions & 0 deletions operator/api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 12 additions & 1 deletion operator/config/crd/bases/nacos.io_nacos.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
Expand Down Expand Up @@ -880,6 +879,18 @@ spec:
type: array
type: object
type: object
certification:
description: 开启认证
properties:
cache_enabled:
type: boolean
enabled:
type: boolean
token:
type: string
token_expire_seconds:
type: string
type: object
config:
description: 配置文件
type: string
Expand Down
50 changes: 50 additions & 0 deletions operator/pkg/service/operator/Kind.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,37 @@ func (e *KindClient) generateClientSvcName(nacos *nacosgroupv1alpha1.Nacos) stri
// CR格式验证
func (e *KindClient) ValidationField(nacos *nacosgroupv1alpha1.Nacos) {

setDefaultValue := []func(nacos *nacosgroupv1alpha1.Nacos){
setDefaultNacosType,
setDefaultMysql,
setDefaultCertification,
}

for _, f := range setDefaultValue {
f(nacos)
}
}

func setDefaultNacosType(nacos *nacosgroupv1alpha1.Nacos) {
// 默认设置单节点
if nacos.Spec.Type == "" {
nacos.Spec.Type = "standalone"
}
}

func setDefaultCertification(nacos *nacosgroupv1alpha1.Nacos) {
// 默认设置认证参数
if nacos.Spec.Certification.Enabled {
if nacos.Spec.Certification.Token == "" {
nacos.Spec.Certification.Token = "SecretKey012345678901234567890123456789012345678901234567890123456789"
}
if nacos.Spec.Certification.TokenExpireSeconds == "" {
nacos.Spec.Certification.TokenExpireSeconds = "18000"
}
}
}

func setDefaultMysql(nacos *nacosgroupv1alpha1.Nacos) {
// 默认设置内置数据库
if nacos.Spec.Database.TypeDatabase == "" {
nacos.Spec.Database.TypeDatabase = "embedded"
Expand Down Expand Up @@ -451,6 +478,29 @@ func (e *KindClient) buildStatefulset(nacos *nacosgroupv1alpha1.Nacos) *appv1.St
Value: "hostname",
})

// 设置认证环境变量
if nacos.Spec.Certification.Enabled {
env = append(env, v1.EnvVar{
Name: "NACOS_AUTH_ENABLE",
Value: strconv.FormatBool(nacos.Spec.Certification.Enabled),
})

env = append(env, v1.EnvVar{
Name: "NACOS_AUTH_TOKEN_EXPIRE_SECONDS",
Value: nacos.Spec.Certification.TokenExpireSeconds,
})

env = append(env, v1.EnvVar{
Name: "NACOS_AUTH_TOKEN",
Value: nacos.Spec.Certification.Token,
})

env = append(env, v1.EnvVar{
Name: "NACOS_AUTH_CACHE_ENABLE",
Value: strconv.FormatBool(nacos.Spec.Certification.CacheEnabled),
})
}

// 数据库设置
if nacos.Spec.Database.TypeDatabase == "embedded" {
env = append(env, v1.EnvVar{
Expand Down

0 comments on commit 7214cb0

Please sign in to comment.