github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/sealer/cmd/cert.go

github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/sealer/cmd/cert.go (about)

     1  // Copyright © 2021 Alibaba Group Holding Ltd.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package cmd
    16  
    17  import (
    18  	"fmt"
    19  	"strings"
    20  
    21  	"github.com/alibaba/sealer/pkg/clusterfile"
    22  
    23  	"github.com/spf13/cobra"
    24  
    25  	"github.com/alibaba/sealer/common"
    26  	"github.com/alibaba/sealer/pkg/runtime"
    27  )
    28  
    29  var altNames string
    30  
    31  // certCmd represents the cert command
    32  var certCmd = &cobra.Command{
    33  	Use:   "cert",
    34  	Short: "update k8s API server cert",
    35  	Long: `Add domain or ip in certs:
    36      you better to backup your old certs first
    37  	sealer cert --alt-names sealer.cool,10.103.97.2,127.0.0.1,localhost
    38      using "openssl x509 -noout -text -in apiserver.crt" to check the cert
    39  	will update cluster API server cert, you need restart your API server manually after using sealer cert
    40  
    41      For example: add a EIP to cert.
    42      1. sealer cert --alt-names 39.105.169.253
    43      2. update the kubeconfig, cp /etc/kubenretes/admin.conf .kube/config
    44      3. edit .kube/config, set the apiserver address as 39.105.169.253, (don't forget to open the security group port for 6443, if you using public cloud)
    45      4. kubectl get pod, to check it works or not
    46  `,
    47  	RunE: func(cmd *cobra.Command, args []string) error {
    48  		cluster, err := clusterfile.GetDefaultCluster()
    49  		if err != nil {
    50  			return fmt.Errorf("get default cluster failed, %v", err)
    51  		}
    52  		clusterFile, err := clusterfile.NewClusterFile(cluster.GetAnnotationsByKey(common.ClusterfileName))
    53  		if err != nil {
    54  			return err
    55  		}
    56  		r, err := runtime.NewDefaultRuntime(cluster, clusterFile.GetKubeadmConfig())
    57  		if err != nil {
    58  			return fmt.Errorf("get default runtime failed, %v", err)
    59  		}
    60  		return r.UpdateCert(strings.Split(altNames, ","))
    61  	},
    62  }
    63  
    64  func init() {
    65  	rootCmd.AddCommand(certCmd)
    66  
    67  	certCmd.Flags().StringVar(&altNames, "alt-names", "", "add domain or ip in certs, sealer.cool or 10.103.97.2")
    68  }