Fix Huawei Cloud Create Network Bug

2022-03-04 12:45:11 +08:00 · 2022-03-04 12:45:11 +08:00 · 082275a0d8
parent 42356f034b
commit 082275a0d8
5 changed files with 61 additions and 47 deletions
--- a/container_api_adaptor/huawei/cmd/main.go
+++ b/container_api_adaptor/huawei/cmd/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"PCM/huawei/demos/deployment"
 	"PCM/huawei/demos/namespace"
+	"PCM/huawei/demos/network"
 	"PCM/huawei/pkg/auth/aksk"
 	"fmt"
 )
@ -11,27 +12,27 @@ func main() {
 	// 有多种认证方式，具体请参考
 	//《使用cci-iam-authenticator进行认证并创建client》，https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html
 	cs, err := aksk.NewClient()
+	networkCs, err := aksk.NewNetworkClient()
 	if err != nil {
 		panic(err)
 	}

-	//Network为CRD对象，创建Network对象请参考
-	//《使用client-go访问CCI的CRD资源Network》，https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html
-	//《Namespace和Network》，https://support.huaweicloud.com/devg-cci/cci_05_0023.html#section3
-	//fmt.Println("start to create network")
-	//_, err = network.CreateNetwork()
-	//if err != nil {
-	//	panic(err)
-	//}
-	//fmt.Println("network created")
-
-	fmt.Println("start to get namespace details")
+	fmt.Println("start to namespace created")
 	_, err = namespace.CreateNamespace(cs)
 	if err != nil {
 		panic(err)
 	}
 	fmt.Println("namespace created")

+	//Network为CRD对象，创建Network对象请参考
+	//《使用client-go访问CCI的CRD资源Network》，https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html
+	//《Namespace和Network》，https://support.huaweicloud.com/devg-cci/cci_05_0023.html#section3
+	fmt.Println("start to network created")
+	_, err = network.CreateNetwork(networkCs)
+	if err != nil {
+		panic(err)
+	}
+
 	fmt.Println("start to create deployment")
 	_, err = deployment.CreateDeployment(cs)
 	if err != nil {
--- a/container_api_adaptor/huawei/demos/deployment/deployment.go
+++ b/container_api_adaptor/huawei/demos/deployment/deployment.go
@ -10,7 +10,7 @@ import (

 const (
 	app       = "test-k8s-client-deployment"
-	namespace = "test-k8s-client-namespace"
+	namespace = "test-k8s-client-namespace1"
 )

 // CreateDeployment 创建Deployment
--- a/container_api_adaptor/huawei/demos/namespace/namespace.go
+++ b/container_api_adaptor/huawei/demos/namespace/namespace.go
@ -10,7 +10,7 @@ import (
 )

 const (
-	namespace = "test-k8s-client-namespace"
+	namespace = "test-k8s-client-namespace1"
 )

 // CreateNamespace 创建命名空间
--- a/container_api_adaptor/huawei/demos/network/network.go
+++ b/container_api_adaptor/huawei/demos/network/network.go
@ -2,58 +2,43 @@ package network

 import (
 	"PCM/huawei/pkg/apis/networking.cci.io/v1beta1"
+	"PCM/huawei/pkg/auth/aksk"
 	"time"

+	clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/client-go/tools/clientcmd"
-
-	clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1"
 )

 const (
 	name      = "test-k8s-client-namespace-cn-north-1-default-network"
-	namespace = "test-k8s-client-namespace"
+	namespace = "test-k8s-client-namespace1"
 )

 // CreateNetwork 创建Network，并等待其状态变更为Active
 // 参考《Namespace和Network》 https://support.huaweicloud.com/devg-cci/cci_05_0023.html
 // API参考：https://support.huaweicloud.com/api-cci/createNetworkingCciIoV1beta1NamespacedNetwork.html
-func CreateNetwork() (*v1beta1.Network, error) {
-	config, _ := clientcmd.BuildConfigFromFlags("", "{path to kubeconfig}")
-	cs, err := clientset.NewForConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	projectId := "<账号ID，可以在我的凭证获取>"
-	domainId := "<项目ID，可以在我的凭证获取>"
-	securityGroupID := "<安全组ID，可以在安全组控制台获取>"
-	availableZone := "<az名称，例如cn-north-1a、cn-north-4a或cn-east-3a>"
-	vpcID := "虚拟私有云的ID，可在VPC控制台获取"
-	cidr := "<子网网段，例如192.168.128.0/18>"
-	networkID := "<子网的网络ID，可在VPC控制台 > 子网中获取>"
-	subnetID := "<子网ID，可在VPC控制台 > 子网获取>"
+func CreateNetwork(cs *clientset.Clientset) (*v1beta1.Network, error) {

 	network := &v1beta1.Network{
 		ObjectMeta: metav1.ObjectMeta{
 			Annotations: map[string]string{
-				"network.alpha.kubernetes.io/default-security-group": securityGroupID,
-				"network.alpha.kubernetes.io/domain-id":              domainId,
-				"network.alpha.kubernetes.io/project-id":             projectId,
+				"network.alpha.kubernetes.io/default-security-group": aksk.SecurityGroupID,
+				"network.alpha.kubernetes.io/domain-id":              aksk.DomainId,
+				"network.alpha.kubernetes.io/project-id":             aksk.ProjectId,
 			},
 			Name: name,
 		},
 		Spec: v1beta1.NetworkSpec{
-			AvailableZone: availableZone,
-			CIDR:          cidr,
-			AttachedVPC:   vpcID,
-			NetworkID:     networkID,
+			AvailableZone: aksk.AvailableZone,
+			CIDR:          aksk.Cidr,
+			AttachedVPC:   aksk.VpcID,
+			NetworkID:     aksk.NetworkID,
 			NetworkType:   "underlay_neutron",
-			SubnetID:      subnetID,
+			SubnetID:      aksk.SubnetID,
 		},
 	}
-	network, err = cs.NetworkingCCIV1beta1().Networks(namespace).Create(network)
+	network, err := cs.NetworkingCCIV1beta1().Networks(namespace).Create(network)
 	if err != nil {
 		return nil, err
 	}
--- a/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go
+++ b/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go
@ -1,6 +1,7 @@
 package aksk

 import (
+	clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1"
 	"fmt"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@ -10,14 +11,23 @@ import (
 const (
 	apiVersion = "client.authentication.k8s.io/v1beta1"
 	// 云容器实例 CCI，参考https://developer.huaweicloud.com/endpoint
-	cciEndpoint = "<例如华北-北京四: https://cci.cn-north-4.myhuaweicloud.com>"
+	cciEndpoint = "https://cci.cn-north-4.myhuaweicloud.com"
 	// 统一身份认证服务 IAM，参考https://developer.huaweicloud.com/endpoint
-	iamEndpoint = "<例如华北-北京四: https://iam.cn-north-4.myhuaweicloud.com>"
+	iamEndpoint = "https://iam.myhuaweicloud.com"
 	// 地区和终端节点，参考https://developer.huaweicloud.com/endpoint
-	projectName = "<例如华北-北京四: 'cn-north-4'>"
+	projectName = "cn-north-4"
 	// 获取AK/SK参考: https://support.huaweicloud.com/devg-cci/cci_kubectl_01.html#cci_kubectl_01__section17023744719
-	ak = "<Your Account AK>"
-	sk = "<Your Account SK>"
+	ak = ""
+	sk = ""
+
+	DomainId        = "" //账号ID，可以在我的凭证获取
+	ProjectId       = "" //项目ID，可以在我的凭证获取
+	SecurityGroupID = "" //安全组ID，可以在安全组控制台获取
+	AvailableZone   = "" //az名称，例如cn-north-1a、cn-north-4a或cn-east-3a
+	VpcID           = "" //虚拟私有云的ID，可在VPC控制台获取
+	Cidr            = "" //子网网段，例如192.168.128.0/18
+	NetworkID       = "" //<子网的网络ID，可在VPC控制台 > 子网中获取>
+	SubnetID        = "" //<子网ID，可在VPC控制台 > 子网获取>
 )

 // NewClient 通过AK/SK认证创建Clientset
@ -29,7 +39,6 @@ func NewClient() (*kubernetes.Clientset, error) {
 	var optionArgs []string
 	optionArgs = append(optionArgs, fmt.Sprintf("--iam-endpoint=%s", iamEndpoint))
 	optionArgs = append(optionArgs, fmt.Sprintf("--project-name=%s", projectName))
-	optionArgs = append(optionArgs, fmt.Sprintf("--token-only=false"))
 	optionArgs = append(optionArgs, fmt.Sprintf("--ak=%s", ak))
 	optionArgs = append(optionArgs, fmt.Sprintf("--sk=%s", sk))
 	config.ExecProvider = &api.ExecConfig{
@ -40,3 +49,22 @@ func NewClient() (*kubernetes.Clientset, error) {
 	}
 	return kubernetes.NewForConfig(config)
 }
+
+func NewNetworkClient() (*clientset.Clientset, error) {
+	config, err := clientcmd.BuildConfigFromFlags(cciEndpoint, "")
+	if err != nil {
+		return nil, err
+	}
+	var optionArgs []string
+	optionArgs = append(optionArgs, fmt.Sprintf("--iam-endpoint=%s", iamEndpoint))
+	optionArgs = append(optionArgs, fmt.Sprintf("--project-name=%s", projectName))
+	optionArgs = append(optionArgs, fmt.Sprintf("--ak=%s", ak))
+	optionArgs = append(optionArgs, fmt.Sprintf("--sk=%s", sk))
+	config.ExecProvider = &api.ExecConfig{
+		Command:    "cci-iam-authenticator",
+		APIVersion: apiVersion,
+		Args:       append([]string{"token"}, optionArgs...),
+		Env:        make([]api.ExecEnvVar, 0),
+	}
+	return clientset.NewForConfig(config)
+}