-
Notifications
You must be signed in to change notification settings - Fork 8
/
index.js
94 lines (82 loc) · 2.77 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
const core = require('@actions/core');
const github = require('@actions/github');
const tencentcloud = require("tencentcloud-sdk-nodejs");
const YAML = require('yaml');
const fs = require('fs');
const path = require('path');
const os = require('os');
const retrieveClusterCredential = async (tke) => {
const TkeClient = tencentcloud.tke.v20180525.Client;
const models = tencentcloud.tke.v20180525.Models;
const Credential = tencentcloud.common.Credential;
const cred = new Credential(tke.secretId, tke.secretKey);
const client = new TkeClient(cred, tke.region);
const req = new models.DescribeClusterSecurityRequest();
req.ClusterId = tke.clusterId;
return new Promise((resolve, reject) => {
client.DescribeClusterSecurity(req, (err, data) => {
if (err) {
return reject(err);
} else {
return resolve(data);
}
});
})
}
const generateKubeConfig = (clusterId, clusterCredential) => {
const contextName = clusterId + '-context-default';
const userName = clusterId + '-admin';
const config = {
apiVersion: 'v1',
clusters: [
{
cluster: {
'certificate-authority-data': Buffer.from(clusterCredential.CertificationAuthority).toString('base64'),
server: 'https://' + clusterCredential.Domain
},
name: clusterId
}
],
contexts: [
{
context: {
cluster: clusterId,
user: userName
},
name: contextName
}
],
'current-context': contextName,
kind: 'Config',
preferences: {},
users: [
{
name: userName,
user: {
token: clusterCredential.Password
}
}
]
};
return YAML.stringify(config)
}
const process = async (tke) => {
const credential = await retrieveClusterCredential(tke);
const kubeConfig = generateKubeConfig(tke.clusterId, credential);
await fs.promises.mkdir(path.join(os.homedir(), '.kube'), {recursive: true, mode: 0o700});
await fs.promises.writeFile(path.join(os.homedir(), '.kube/config'), kubeConfig, {mode: 0o600});
console.log(`finish saving TKE config to '$HOME/.kube/config'.`);
}
try {
const tke = {
secretId: core.getInput('secret_id'),
secretKey: core.getInput('secret_key'),
region: core.getInput('tke_region'),
clusterId: core.getInput('cluster_id')
};
process(tke).catch((reason) => {
core.setFailed(`fail to get cluster credentials: ${reason}`);
});
} catch (error) {
core.setFailed(error.message);
}