Merge pull request #498 from village-way/main

fix: add secret for node-agent websocket auth
kosmos-io · Apr 29, 2024 · 4cc460c · 4cc460c
2 parents 7f7d468 + d1b8ac6
commit 4cc460c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 4 deletions.
diff --git a/deploy/virtual-cluster-operator.yml b/deploy/virtual-cluster-operator.yml
@@ -278,6 +278,16 @@ spec:
             value: v1.25.7
           - name: EXECTOR_HOST_MASTER_NODE_IP
             value: 192.168.0.1
+          - name: WEB_USER
+            valueFrom:
+              secretKeyRef:
+                name: node-agent-secret
+                key: username
+          - name: WEB_PASS
+            valueFrom:
+              secretKeyRef:
+                name: node-agent-secret
+                key: password
         volumeMounts:
         - name: credentials
           mountPath: /etc/virtual-cluster-operator
@@ -331,9 +341,15 @@ spec:
             privileged: true
           env:
             - name: WEB_USER
-              value: {{update when you deploy}}
+              valueFrom:
+                secretKeyRef:
+                  name: node-agent-secret
+                  key: username
             - name: WEB_PASS
-              value: {{update when you deploy}}
+              valueFrom:
+                secretKeyRef:
+                  name: node-agent-secret
+                  key: password
           command: ["/bin/bash"]
           args:
             - "-c"
@@ -372,4 +388,13 @@ spec:
         - name: systemd-path
           hostPath:
             path: /etc/systemd/system
-            type: DirectoryOrCreate
+            type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: node-agent-secret
+type: kubernetes.io/basic-auth
+data:
+  username: {{ .USERNAME }}
+  password: {{ .PASSWORD }}
diff --git a/pkg/kubenest/controller/virtualcluster.node.controller/env/env.go b/pkg/kubenest/controller/virtualcluster.node.controller/env/env.go
@@ -1,6 +1,7 @@
 package util
 
 import (
+	"encoding/base64"
 	"fmt"
 	"os"
 
@@ -49,7 +50,9 @@ func GetExectorHostMasterNodeIP() string {
 
 // tobke = base64(`username:password`)
 func GetExectorToken() string {
-	token := os.Getenv("EXECTOR_SHELL_TOKEN")
+	username := os.Getenv("WEB_USER")
+	password := os.Getenv("WEB_PASS")
+	token := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
 	if len(token) == 0 {
 		klog.Fatal("EXECTOR_SHELL_TOKEN is none")
 	}