From 082275a0d899c3c3045763c5caa54aa1a89ca936 Mon Sep 17 00:00:00 2001 From: dev Date: Fri, 4 Mar 2022 12:45:11 +0800 Subject: [PATCH] Fix Huawei Cloud Create Network Bug --- container_api_adaptor/huawei/cmd/main.go | 23 ++++++----- .../huawei/demos/deployment/deployment.go | 2 +- .../huawei/demos/namespace/namespace.go | 2 +- .../huawei/demos/network/network.go | 41 ++++++------------- .../huawei/pkg/auth/aksk/aksk.go | 40 +++++++++++++++--- 5 files changed, 61 insertions(+), 47 deletions(-) diff --git a/container_api_adaptor/huawei/cmd/main.go b/container_api_adaptor/huawei/cmd/main.go index 734cd28..0a1f77f 100644 --- a/container_api_adaptor/huawei/cmd/main.go +++ b/container_api_adaptor/huawei/cmd/main.go @@ -3,6 +3,7 @@ package main import ( "PCM/huawei/demos/deployment" "PCM/huawei/demos/namespace" + "PCM/huawei/demos/network" "PCM/huawei/pkg/auth/aksk" "fmt" ) @@ -11,27 +12,27 @@ func main() { // 有多种认证方式,具体请参考 //《使用cci-iam-authenticator进行认证并创建client》,https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html cs, err := aksk.NewClient() + networkCs, err := aksk.NewNetworkClient() if err != nil { panic(err) } - //Network为CRD对象,创建Network对象请参考 - //《使用client-go访问CCI的CRD资源Network》,https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html - //《Namespace和Network》,https://support.huaweicloud.com/devg-cci/cci_05_0023.html#section3 - //fmt.Println("start to create network") - //_, err = network.CreateNetwork() - //if err != nil { - // panic(err) - //} - //fmt.Println("network created") - - fmt.Println("start to get namespace details") + fmt.Println("start to namespace created") _, err = namespace.CreateNamespace(cs) if err != nil { panic(err) } fmt.Println("namespace created") + //Network为CRD对象,创建Network对象请参考 + //《使用client-go访问CCI的CRD资源Network》,https://support.huaweicloud.com/sdkreference-cci/cci_09_0004.html + //《Namespace和Network》,https://support.huaweicloud.com/devg-cci/cci_05_0023.html#section3 + fmt.Println("start to network created") + _, err = network.CreateNetwork(networkCs) + if err != nil { + panic(err) + } + fmt.Println("start to create deployment") _, err = deployment.CreateDeployment(cs) if err != nil { diff --git a/container_api_adaptor/huawei/demos/deployment/deployment.go b/container_api_adaptor/huawei/demos/deployment/deployment.go index b98edb7..fb19902 100644 --- a/container_api_adaptor/huawei/demos/deployment/deployment.go +++ b/container_api_adaptor/huawei/demos/deployment/deployment.go @@ -10,7 +10,7 @@ import ( const ( app = "test-k8s-client-deployment" - namespace = "test-k8s-client-namespace" + namespace = "test-k8s-client-namespace1" ) // CreateDeployment 创建Deployment diff --git a/container_api_adaptor/huawei/demos/namespace/namespace.go b/container_api_adaptor/huawei/demos/namespace/namespace.go index e9b1445..8d9c13f 100644 --- a/container_api_adaptor/huawei/demos/namespace/namespace.go +++ b/container_api_adaptor/huawei/demos/namespace/namespace.go @@ -10,7 +10,7 @@ import ( ) const ( - namespace = "test-k8s-client-namespace" + namespace = "test-k8s-client-namespace1" ) // CreateNamespace 创建命名空间 diff --git a/container_api_adaptor/huawei/demos/network/network.go b/container_api_adaptor/huawei/demos/network/network.go index 5d53d72..915bc33 100644 --- a/container_api_adaptor/huawei/demos/network/network.go +++ b/container_api_adaptor/huawei/demos/network/network.go @@ -2,58 +2,43 @@ package network import ( "PCM/huawei/pkg/apis/networking.cci.io/v1beta1" + "PCM/huawei/pkg/auth/aksk" "time" + clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/tools/clientcmd" - - clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1" ) const ( name = "test-k8s-client-namespace-cn-north-1-default-network" - namespace = "test-k8s-client-namespace" + namespace = "test-k8s-client-namespace1" ) // CreateNetwork 创建Network,并等待其状态变更为Active // 参考《Namespace和Network》 https://support.huaweicloud.com/devg-cci/cci_05_0023.html // API参考:https://support.huaweicloud.com/api-cci/createNetworkingCciIoV1beta1NamespacedNetwork.html -func CreateNetwork() (*v1beta1.Network, error) { - config, _ := clientcmd.BuildConfigFromFlags("", "{path to kubeconfig}") - cs, err := clientset.NewForConfig(config) - if err != nil { - return nil, err - } - - projectId := "<账号ID,可以在我的凭证获取>" - domainId := "<项目ID,可以在我的凭证获取>" - securityGroupID := "<安全组ID,可以在安全组控制台获取>" - availableZone := "" - vpcID := "虚拟私有云的ID,可在VPC控制台获取" - cidr := "<子网网段,例如192.168.128.0/18>" - networkID := "<子网的网络ID,可在VPC控制台 > 子网中获取>" - subnetID := "<子网ID,可在VPC控制台 > 子网获取>" +func CreateNetwork(cs *clientset.Clientset) (*v1beta1.Network, error) { network := &v1beta1.Network{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "network.alpha.kubernetes.io/default-security-group": securityGroupID, - "network.alpha.kubernetes.io/domain-id": domainId, - "network.alpha.kubernetes.io/project-id": projectId, + "network.alpha.kubernetes.io/default-security-group": aksk.SecurityGroupID, + "network.alpha.kubernetes.io/domain-id": aksk.DomainId, + "network.alpha.kubernetes.io/project-id": aksk.ProjectId, }, Name: name, }, Spec: v1beta1.NetworkSpec{ - AvailableZone: availableZone, - CIDR: cidr, - AttachedVPC: vpcID, - NetworkID: networkID, + AvailableZone: aksk.AvailableZone, + CIDR: aksk.Cidr, + AttachedVPC: aksk.VpcID, + NetworkID: aksk.NetworkID, NetworkType: "underlay_neutron", - SubnetID: subnetID, + SubnetID: aksk.SubnetID, }, } - network, err = cs.NetworkingCCIV1beta1().Networks(namespace).Create(network) + network, err := cs.NetworkingCCIV1beta1().Networks(namespace).Create(network) if err != nil { return nil, err } diff --git a/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go b/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go index 2291e39..25d5376 100644 --- a/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go +++ b/container_api_adaptor/huawei/pkg/auth/aksk/aksk.go @@ -1,6 +1,7 @@ package aksk import ( + clientset "PCM/huawei/pkg/client/networking.cci.io/v1beta1" "fmt" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" @@ -10,14 +11,23 @@ import ( const ( apiVersion = "client.authentication.k8s.io/v1beta1" // 云容器实例 CCI,参考https://developer.huaweicloud.com/endpoint - cciEndpoint = "<例如华北-北京四: https://cci.cn-north-4.myhuaweicloud.com>" + cciEndpoint = "https://cci.cn-north-4.myhuaweicloud.com" // 统一身份认证服务 IAM,参考https://developer.huaweicloud.com/endpoint - iamEndpoint = "<例如华北-北京四: https://iam.cn-north-4.myhuaweicloud.com>" + iamEndpoint = "https://iam.myhuaweicloud.com" // 地区和终端节点,参考https://developer.huaweicloud.com/endpoint - projectName = "<例如华北-北京四: 'cn-north-4'>" + projectName = "cn-north-4" // 获取AK/SK参考: https://support.huaweicloud.com/devg-cci/cci_kubectl_01.html#cci_kubectl_01__section17023744719 - ak = "" - sk = "" + ak = "" + sk = "" + + DomainId = "" //账号ID,可以在我的凭证获取 + ProjectId = "" //项目ID,可以在我的凭证获取 + SecurityGroupID = "" //安全组ID,可以在安全组控制台获取 + AvailableZone = "" //az名称,例如cn-north-1a、cn-north-4a或cn-east-3a + VpcID = "" //虚拟私有云的ID,可在VPC控制台获取 + Cidr = "" //子网网段,例如192.168.128.0/18 + NetworkID = "" //<子网的网络ID,可在VPC控制台 > 子网中获取> + SubnetID = "" //<子网ID,可在VPC控制台 > 子网获取> ) // NewClient 通过AK/SK认证创建Clientset @@ -29,7 +39,6 @@ func NewClient() (*kubernetes.Clientset, error) { var optionArgs []string optionArgs = append(optionArgs, fmt.Sprintf("--iam-endpoint=%s", iamEndpoint)) optionArgs = append(optionArgs, fmt.Sprintf("--project-name=%s", projectName)) - optionArgs = append(optionArgs, fmt.Sprintf("--token-only=false")) optionArgs = append(optionArgs, fmt.Sprintf("--ak=%s", ak)) optionArgs = append(optionArgs, fmt.Sprintf("--sk=%s", sk)) config.ExecProvider = &api.ExecConfig{ @@ -40,3 +49,22 @@ func NewClient() (*kubernetes.Clientset, error) { } return kubernetes.NewForConfig(config) } + +func NewNetworkClient() (*clientset.Clientset, error) { + config, err := clientcmd.BuildConfigFromFlags(cciEndpoint, "") + if err != nil { + return nil, err + } + var optionArgs []string + optionArgs = append(optionArgs, fmt.Sprintf("--iam-endpoint=%s", iamEndpoint)) + optionArgs = append(optionArgs, fmt.Sprintf("--project-name=%s", projectName)) + optionArgs = append(optionArgs, fmt.Sprintf("--ak=%s", ak)) + optionArgs = append(optionArgs, fmt.Sprintf("--sk=%s", sk)) + config.ExecProvider = &api.ExecConfig{ + Command: "cci-iam-authenticator", + APIVersion: apiVersion, + Args: append([]string{"token"}, optionArgs...), + Env: make([]api.ExecEnvVar, 0), + } + return clientset.NewForConfig(config) +}