Merge pull request teamhephy#6 from jianxiaoguo/master

chore(Certificate):change cluster-issuer location
duanhongyi · Aug 6, 2020 · a75b226 · a75b226
2 parents 0b4327c + 2fcb15f
commit a75b226
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 15 deletions.
diff --git a/charts/controller/templates/controller-certificate.yaml b/charts/controller/templates/controller-certificate.yaml
@@ -1,5 +1,5 @@
 {{ if .Values.cert_manager_enabled }}
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
 kind: Certificate
 metadata:
   name: drycc-controller
@@ -11,10 +11,10 @@ spec:
     kind: ClusterIssuer
   dnsNames:
   - drycc.{{ .Values.platform_domain }}
-  acme:
-    config:
-    - http01:
-        ingressClass: "{{ .Values.global.ingress_class }}"
-      domains:
-      - drycc.{{ .Values.platform_domain }}
+  # acme:
+  #   config:
+  #   - http01:
+  #       ingressClass: "{{ .Values.global.ingress_class }}"
+  #     domains:
+  #     - drycc.{{ .Values.platform_domain }}
 {{- end }}
diff --git a/charts/controller/templates/controller-cluster-issuer.yaml b/charts/controller/templates/controller-cluster-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: drycc-letsencrypt
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: "{{ .Values.global.email }}"
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: drycc-letsencrypt
+    # Enable HTTP01 validations
+    # http01: {}
diff --git a/rootfs/scheduler/resources/certificate.py b/rootfs/scheduler/resources/certificate.py
@@ -3,10 +3,12 @@
 
 
 class Certificate(Resource):
+    api_version = 'certmanager.k8s.io/v1alpha1'
+    api_prefix = 'apis'
 
-    def manifest(self, namespace, name, ingress_class, hosts, version=None):
+    def manifest(self, api_version, namespace, name, ingress_class, hosts, version=None):
         data = {
-            "apiVersion": "certmanager.k8s.io/v1alpha1",
+            "apiVersion": api_version,
             "kind": "Certificate",
             "metadata": {
                 "name": name,
@@ -42,9 +44,10 @@ def get(self, namespace, name=None, **kwargs):
         if name is not None:
             url = "/apis/certmanager.k8s.io/v1alpha1/namespaces/%s/certificates/%s" % (
                 namespace, name)
+            url = self.api('/namespaces/{}/certificates/{}', namespace, name)
             message = 'get certificate ' + name
         else:
-            url = "/apis/certmanager.k8s.io/v1alpha1/namespaces/%s/certificates" % namespace
+            url = self.api('/namespaces/{}/certificates', namespace)
             message = 'get certificates'
         response = self.http_get(url)
         if self.unhealthy(response.status_code):
@@ -53,8 +56,9 @@ def get(self, namespace, name=None, **kwargs):
         return response
 
     def create(self, namespace, name, ingress_class, hosts):
-        url = "/apis/certmanager.k8s.io/v1alpha1/namespaces/%s/certificates" % namespace
-        data = self.manifest(namespace, name, ingress_class, hosts)
+
+        url = self.api('/namespaces/{}/certificates', namespace)
+        data = self.manifest(self.api_version, namespace, name, ingress_class, hosts)
         response = self.http_post(url, json=data)
 
         if not response.status_code == 201:
@@ -63,8 +67,8 @@ def create(self, namespace, name, ingress_class, hosts):
         return response
 
     def put(self, namespace, name, ingress_class, hosts, version):
-        url = "/apis/certmanager.k8s.io/v1alpha1/namespaces/%s/certificates/%s" % (namespace, name)
-        data = self.manifest(namespace, name, ingress_class, hosts, version)
+        url = self.api('/namespaces/{}/certificates/{}', namespace, name)
+        data = self.manifest(self.api_version, namespace, name, ingress_class, hosts, version)
         response = self.http_put(url, json=data)
 
         if self.unhealthy(response.status_code):
@@ -75,7 +79,7 @@ def delete(self, namespace, name):
         """
         Delete certificate
         """
-        url = "/apis/certmanager.k8s.io/v1alpha1/namespaces/%s/certificates/%s" % (namespace, name)
+        url = self.api('/namespaces/{}/certificates/{}', namespace, name)
         response = self.http_delete(url)
         if self.unhealthy(response.status_code):
             raise KubeHTTPException(response, 'delete certificate ' + name)