From bdb9cace032fba964befad2adc8324d47e42e8a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Wed, 28 Aug 2024 15:37:42 +0800 Subject: [PATCH 01/24] add generate public and private key --- .../internal/controller/devbox_controller.go | 73 +++++++++++++++---- 1 file changed, 60 insertions(+), 13 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 5a110a8b58b..47a52feb70e 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -18,7 +18,13 @@ package controller import ( "context" + cryptorand "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" "fmt" + "golang.org/x/crypto/ssh" + "k8s.io/utils/ptr" "time" "k8s.io/apimachinery/pkg/util/rand" @@ -32,7 +38,6 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/tools/record" - "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -136,9 +141,20 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha // if secret not found, create a new one if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret + //secret := &corev1.Secret{ + // ObjectMeta: objectMeta, + // Data: map[string][]byte{"SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12))}, + //} + publicKey, privateKey, err := generatePublicAndPrivateKey(512) + if err != nil { + logger.Error(err, "generate public and private key failed") + } secret := &corev1.Secret{ ObjectMeta: objectMeta, - Data: map[string][]byte{"SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12))}, + Data: map[string][]byte{ + "SEALOS_DEVBOX_PUBLIC_KEY": publicKey, + "SEALOS_DEVBOX_PRIVATE_KEY": privateKey, + }, } if err := controllerutil.SetControllerReference(devbox, secret, r.Scheme); err != nil { return err @@ -152,6 +168,24 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha return nil } +func generatePublicAndPrivateKey(bits int) ([]byte, []byte, error) { + private, err := rsa.GenerateKey(cryptorand.Reader, bits) + if err != nil { + return []byte(""), []byte(""), err + } + public := &private.PublicKey + privateKeyPem := pem.EncodeToMemory(&pem.Block{ + Bytes: x509.MarshalPKCS1PrivateKey(private), + Type: "RSA PRIVATE KEY", + }) + publicKey, err := ssh.NewPublicKey(public) + if err != nil { + return []byte(""), []byte(""), err + } + sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) + return sshPublicKey, privateKeyPem, nil +} + func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.Devbox, recLabels map[string]string) error { logger := log.FromContext(ctx, "devbox", devbox.Name, "namespace", devbox.Namespace) @@ -304,17 +338,6 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Name: "SEALOS_COMMIT_IMAGE_SQUASH", Value: fmt.Sprintf("%v", devbox.Spec.Squash), }, - { - Name: "SEALOS_DEVBOX_PASSWORD", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: "SEALOS_DEVBOX_PASSWORD", - LocalObjectReference: corev1.LocalObjectReference{ - Name: devbox.Name, - }, - }, - }, - }, { Name: "SEALOS_DEVBOX_POD_UID", ValueFrom: &corev1.EnvVarSource{ @@ -349,6 +372,29 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox "memory": devbox.Spec.Resource["memory"], }, }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: devbox.Name + "public-key-volume", + MountPath: "/usr/start", + ReadOnly: true, + }, + }, + }, + } + volume := []corev1.Volume{ + { + Name: devbox.Name + "public-key-volume", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: devbox.Name, + Items: []corev1.KeyToPath{ + { + Key: "SEALOS_DEVBOX_PUBLIC_KEY", + Path: "publicKey", + }, + }, + }, + }, }, } terminationGracePeriodSeconds := 300 @@ -358,6 +404,7 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, Containers: containers, + Volumes: volume, TerminationGracePeriodSeconds: ptr.To(int64(terminationGracePeriodSeconds)), AutomountServiceAccountToken: ptr.To(automountServiceAccountToken), }, From 09064d87b893f98e9b64ff6d1e29dd76c3fe04b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Wed, 28 Aug 2024 18:22:32 +0800 Subject: [PATCH 02/24] add generate public and private key --- .../internal/controller/devbox_controller.go | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 47a52feb70e..857d738d722 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -18,8 +18,9 @@ package controller import ( "context" + "crypto/ecdsa" + "crypto/elliptic" cryptorand "crypto/rand" - "crypto/rsa" "crypto/x509" "encoding/pem" "fmt" @@ -141,17 +142,14 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha // if secret not found, create a new one if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret - //secret := &corev1.Secret{ - // ObjectMeta: objectMeta, - // Data: map[string][]byte{"SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12))}, - //} - publicKey, privateKey, err := generatePublicAndPrivateKey(512) + publicKey, privateKey, err := generatePublicAndPrivateKey() if err != nil { logger.Error(err, "generate public and private key failed") } secret := &corev1.Secret{ ObjectMeta: objectMeta, Data: map[string][]byte{ + "SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12)), "SEALOS_DEVBOX_PUBLIC_KEY": publicKey, "SEALOS_DEVBOX_PRIVATE_KEY": privateKey, }, @@ -168,15 +166,16 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha return nil } -func generatePublicAndPrivateKey(bits int) ([]byte, []byte, error) { - private, err := rsa.GenerateKey(cryptorand.Reader, bits) +func generatePublicAndPrivateKey() ([]byte, []byte, error) { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) if err != nil { return []byte(""), []byte(""), err } - public := &private.PublicKey + public := &privateKey.PublicKey + derPrivateKey, err := x509.MarshalECPrivateKey(privateKey) privateKeyPem := pem.EncodeToMemory(&pem.Block{ - Bytes: x509.MarshalPKCS1PrivateKey(private), - Type: "RSA PRIVATE KEY", + Type: "PRIVATE KEY", + Bytes: derPrivateKey, }) publicKey, err := ssh.NewPublicKey(public) if err != nil { @@ -374,8 +373,8 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox }, VolumeMounts: []corev1.VolumeMount{ { - Name: devbox.Name + "public-key-volume", - MountPath: "/usr/start", + Name: "devbox-ssh-public-key", + MountPath: "/usr/start/.ssh", ReadOnly: true, }, }, @@ -390,7 +389,7 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Items: []corev1.KeyToPath{ { Key: "SEALOS_DEVBOX_PUBLIC_KEY", - Path: "publicKey", + Path: "id_rsa.pub", }, }, }, From 90cbb69095c9387457630946e87ec27e7259d788 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Wed, 28 Aug 2024 18:23:55 +0800 Subject: [PATCH 03/24] add generate public and private key --- .../devbox/internal/controller/devbox_controller.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 857d738d722..94758153fc3 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -337,6 +337,17 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Name: "SEALOS_COMMIT_IMAGE_SQUASH", Value: fmt.Sprintf("%v", devbox.Spec.Squash), }, + { + Name: "SEALOS_DEVBOX_PASSWORD", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "SEALOS_DEVBOX_PASSWORD", + LocalObjectReference: corev1.LocalObjectReference{ + Name: devbox.Name, + }, + }, + }, + }, { Name: "SEALOS_DEVBOX_POD_UID", ValueFrom: &corev1.EnvVarSource{ From ea4a520f1efea1d56cb2a4ec04cb1abfa02eefb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 11:23:17 +0800 Subject: [PATCH 04/24] add generate public and private key --- .../internal/controller/devbox_controller.go | 39 +++---------------- .../internal/controller/helper/devbox.go | 29 +++++++++++++- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 94758153fc3..84868119272 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -18,31 +18,23 @@ package controller import ( "context" - "crypto/ecdsa" - "crypto/elliptic" - cryptorand "crypto/rand" - "crypto/x509" - "encoding/pem" "fmt" - "golang.org/x/crypto/ssh" - "k8s.io/utils/ptr" - "time" - - "k8s.io/apimachinery/pkg/util/rand" - devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" + "github.com/labring/sealos/controllers/devbox/internal/controller/helper" "github.com/labring/sealos/controllers/devbox/label" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/util/rand" "k8s.io/client-go/tools/record" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" + "time" ) const ( @@ -142,7 +134,7 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha // if secret not found, create a new one if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret - publicKey, privateKey, err := generatePublicAndPrivateKey() + publicKey, privateKey, err := helper.GeneratePublicAndPrivateKey() if err != nil { logger.Error(err, "generate public and private key failed") } @@ -166,25 +158,6 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha return nil } -func generatePublicAndPrivateKey() ([]byte, []byte, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) - if err != nil { - return []byte(""), []byte(""), err - } - public := &privateKey.PublicKey - derPrivateKey, err := x509.MarshalECPrivateKey(privateKey) - privateKeyPem := pem.EncodeToMemory(&pem.Block{ - Type: "PRIVATE KEY", - Bytes: derPrivateKey, - }) - publicKey, err := ssh.NewPublicKey(public) - if err != nil { - return []byte(""), []byte(""), err - } - sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) - return sshPublicKey, privateKeyPem, nil -} - func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.Devbox, recLabels map[string]string) error { logger := log.FromContext(ctx, "devbox", devbox.Name, "namespace", devbox.Namespace) @@ -393,7 +366,7 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox } volume := []corev1.Volume{ { - Name: devbox.Name + "public-key-volume", + Name: "devbox-ssh-public-key", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: devbox.Name, diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index a09ff654d01..24ae6464908 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -14,7 +14,15 @@ package helper -import devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" +import ( + "crypto/ecdsa" + "crypto/elliptic" + cryptorand "crypto/rand" + "crypto/x509" + "encoding/pem" + devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" + "golang.org/x/crypto/ssh" +) func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.CommitHistory { if devbox.Status.CommitHistory == nil { @@ -27,3 +35,22 @@ func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1. } return nil } + +func GeneratePublicAndPrivateKey() ([]byte, []byte, error) { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) + if err != nil { + return []byte(""), []byte(""), err + } + public := &privateKey.PublicKey + derPrivateKey, err := x509.MarshalECPrivateKey(privateKey) + privateKeyPem := pem.EncodeToMemory(&pem.Block{ + Type: "PRIVATE KEY", + Bytes: derPrivateKey, + }) + publicKey, err := ssh.NewPublicKey(public) + if err != nil { + return []byte(""), []byte(""), err + } + sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) + return sshPublicKey, privateKeyPem, nil +} From 2be964e80940dbacf95396667ccf31a4ba94e834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 11:26:46 +0800 Subject: [PATCH 05/24] add generate public and private key --- controllers/devbox/internal/controller/devbox_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 84868119272..166e885a055 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -373,7 +373,7 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Items: []corev1.KeyToPath{ { Key: "SEALOS_DEVBOX_PUBLIC_KEY", - Path: "id_rsa.pub", + Path: "id.pub", }, }, }, From 67b1f9b9b0dd56dd262d08e9209f02e32ed647cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 11:36:14 +0800 Subject: [PATCH 06/24] add generate public and private key --- controllers/devbox/internal/controller/devbox_controller.go | 3 ++- controllers/devbox/internal/controller/helper/devbox.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 166e885a055..a6c11d0cdd3 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -134,9 +134,10 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha // if secret not found, create a new one if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret - publicKey, privateKey, err := helper.GeneratePublicAndPrivateKey() + publicKey, privateKey, err := helper.GenerateSSHKeyPair() if err != nil { logger.Error(err, "generate public and private key failed") + return err } secret := &corev1.Secret{ ObjectMeta: objectMeta, diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 24ae6464908..278fe2c33b1 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -36,7 +36,7 @@ func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1. return nil } -func GeneratePublicAndPrivateKey() ([]byte, []byte, error) { +func GenerateSSHKeyPair() ([]byte, []byte, error) { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) if err != nil { return []byte(""), []byte(""), err From 541b1c428f8f18b1224b4283e15061b95699c1c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 11:44:15 +0800 Subject: [PATCH 07/24] fix bug --- controllers/devbox/internal/controller/devbox_controller.go | 2 +- controllers/devbox/internal/controller/helper/devbox.go | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index a6c11d0cdd3..bae13dcd965 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -19,6 +19,7 @@ package controller import ( "context" "fmt" + "time" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" "github.com/labring/sealos/controllers/devbox/internal/controller/helper" "github.com/labring/sealos/controllers/devbox/label" @@ -34,7 +35,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" - "time" ) const ( diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 278fe2c33b1..9c2f91d05cf 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -20,8 +20,8 @@ import ( cryptorand "crypto/rand" "crypto/x509" "encoding/pem" - devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" "golang.org/x/crypto/ssh" + devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" ) func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.CommitHistory { @@ -43,6 +43,9 @@ func GenerateSSHKeyPair() ([]byte, []byte, error) { } public := &privateKey.PublicKey derPrivateKey, err := x509.MarshalECPrivateKey(privateKey) + if err != nil { + return []byte(""), []byte(""), err + } privateKeyPem := pem.EncodeToMemory(&pem.Block{ Type: "PRIVATE KEY", Bytes: derPrivateKey, From 1f67d37e9f20a726c33869c1577680cb38a2dae9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 12:17:41 +0800 Subject: [PATCH 08/24] Changes --- controllers/devbox/internal/controller/devbox_controller.go | 2 +- controllers/devbox/internal/controller/helper/devbox.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index bae13dcd965..a6c11d0cdd3 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -19,7 +19,6 @@ package controller import ( "context" "fmt" - "time" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" "github.com/labring/sealos/controllers/devbox/internal/controller/helper" "github.com/labring/sealos/controllers/devbox/label" @@ -35,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" + "time" ) const ( diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 9c2f91d05cf..0fbd3979455 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -20,8 +20,8 @@ import ( cryptorand "crypto/rand" "crypto/x509" "encoding/pem" - "golang.org/x/crypto/ssh" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" + "golang.org/x/crypto/ssh" ) func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.CommitHistory { From 859e390f88ff9a0835b1c5ee6bb3949fa0ec425e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 12:23:15 +0800 Subject: [PATCH 09/24] Changes --- controllers/devbox/internal/controller/devbox_controller.go | 4 +++- controllers/devbox/internal/controller/helper/devbox.go | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index a6c11d0cdd3..e3335b1fe3b 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -19,9 +19,12 @@ package controller import ( "context" "fmt" + "time" + devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" "github.com/labring/sealos/controllers/devbox/internal/controller/helper" "github.com/labring/sealos/controllers/devbox/label" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,7 +37,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" - "time" ) const ( diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 0fbd3979455..7118b4f7975 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -20,8 +20,9 @@ import ( cryptorand "crypto/rand" "crypto/x509" "encoding/pem" - devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" "golang.org/x/crypto/ssh" + + devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" ) func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.CommitHistory { From 4cd35e2af0ef125b0330d93d038768f0696a0da3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 12:26:41 +0800 Subject: [PATCH 10/24] Changes --- controllers/devbox/internal/controller/helper/devbox.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 7118b4f7975..35526f3b3e9 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -19,6 +19,7 @@ import ( "crypto/elliptic" cryptorand "crypto/rand" "crypto/x509" + "encoding/pem" "golang.org/x/crypto/ssh" From b504a5a39335f89d538f061e085bc4a86150d137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 12:26:57 +0800 Subject: [PATCH 11/24] Changes --- controllers/devbox/internal/controller/helper/devbox.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 35526f3b3e9..17adfc7019c 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -21,6 +21,7 @@ import ( "crypto/x509" "encoding/pem" + "golang.org/x/crypto/ssh" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" From 470875d84185209d411b01c6e0ba38137f273cc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 12:30:15 +0800 Subject: [PATCH 12/24] Changes --- controllers/devbox/internal/controller/helper/devbox.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 17adfc7019c..6c00cf2da36 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -21,7 +21,7 @@ import ( "crypto/x509" "encoding/pem" - + "golang.org/x/crypto/ssh" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" From b3464fb1bf4ed82cf1ceb60c04075150dc288877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 14:20:55 +0800 Subject: [PATCH 13/24] add devbox restart pod --- .../internal/controller/devbox_controller.go | 50 ++++++++++++++++++- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index e3335b1fe3b..20493605b39 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -219,8 +219,32 @@ func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.D return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) } case corev1.PodRunning: - // we do not recreate pod if it is running, even if pod does not have expected values - // update commit history status to success by pod name + //if pod is running,check pod need restart + tag, err := r.CheckPodConsistency(ctx, devbox, podList.Items[0]) + if err != nil { + logger.Error(err, "check pod consistency failed") + return err + } + if !tag { + err := r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) + if err != nil { + return err + } + _ = r.Delete(ctx, &podList.Items[0]) + nextCommitHistory := r.generateNextCommitHistory(devbox) + expectPod, err := r.generateDevboxPod(ctx, devbox, nextCommitHistory) + if err != nil { + logger.Error(err, "generate pod failed") + return err + } + if err := r.Create(ctx, expectPod); err != nil { + logger.Error(err, "create pod failed") + return err + } + // add next commit history to status + devbox.Status.CommitHistory = append(devbox.Status.CommitHistory, nextCommitHistory) + return r.Status().Update(ctx, devbox) + } return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) case corev1.PodSucceeded: if controllerutil.RemoveFinalizer(&podList.Items[0], FinalizerName) { @@ -270,6 +294,28 @@ func commitSuccess(podStatus corev1.PodPhase) bool { return false } +func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod corev1.Pod) (bool, error) { + container := pod.Spec.Containers[0] + //check cpu and memory + if !container.Resources.Limits.Cpu().Equal(devbox.Spec.Resource["cpu"]) { + return false, nil + } + if !container.Resources.Limits.Memory().Equal(devbox.Spec.Resource["memory"]) { + return false, nil + } + //check ports + if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts) { + return false, nil + } + for i, podPort := range container.Ports { + devboxPort := devbox.Spec.NetworkSpec.ExtraPorts[i] + if podPort.ContainerPort != devboxPort.ContainerPort || podPort.Protocol != devboxPort.Protocol { + return false, nil + } + } + return true, nil +} + func (r *DevboxReconciler) updateDevboxCommitHistory(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) error { for i := len(devbox.Status.CommitHistory) - 1; i >= 0; i-- { if devbox.Status.CommitHistory[i].Pod == pod.Name { From 00158c1a413674acbc205d81a3c7831f06a04164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 14:48:57 +0800 Subject: [PATCH 14/24] add devbox restart pod --- .../internal/controller/devbox_controller.go | 53 ++++++++----------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 20493605b39..dbab3a20bd9 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -220,30 +220,9 @@ func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.D } case corev1.PodRunning: //if pod is running,check pod need restart - tag, err := r.CheckPodConsistency(ctx, devbox, podList.Items[0]) - if err != nil { - logger.Error(err, "check pod consistency failed") - return err - } + tag := r.CheckPodConsistency(ctx, devbox, podList.Items[0]) if !tag { - err := r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) - if err != nil { - return err - } _ = r.Delete(ctx, &podList.Items[0]) - nextCommitHistory := r.generateNextCommitHistory(devbox) - expectPod, err := r.generateDevboxPod(ctx, devbox, nextCommitHistory) - if err != nil { - logger.Error(err, "generate pod failed") - return err - } - if err := r.Create(ctx, expectPod); err != nil { - logger.Error(err, "create pod failed") - return err - } - // add next commit history to status - devbox.Status.CommitHistory = append(devbox.Status.CommitHistory, nextCommitHistory) - return r.Status().Update(ctx, devbox) } return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) case corev1.PodSucceeded: @@ -294,26 +273,38 @@ func commitSuccess(podStatus corev1.PodPhase) bool { return false } -func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod corev1.Pod) (bool, error) { +func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod corev1.Pod) bool { container := pod.Spec.Containers[0] //check cpu and memory if !container.Resources.Limits.Cpu().Equal(devbox.Spec.Resource["cpu"]) { - return false, nil + return false } if !container.Resources.Limits.Memory().Equal(devbox.Spec.Resource["memory"]) { - return false, nil + return false } //check ports if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts) { - return false, nil + return false + } + portMap := make(map[string]int) + for _, podPort := range container.Ports { + key := fmt.Sprintf("%d-%s", podPort.ContainerPort, podPort.Protocol) + portMap[key]++ } - for i, podPort := range container.Ports { - devboxPort := devbox.Spec.NetworkSpec.ExtraPorts[i] - if podPort.ContainerPort != devboxPort.ContainerPort || podPort.Protocol != devboxPort.Protocol { - return false, nil + for _, devboxPort := range devbox.Spec.NetworkSpec.ExtraPorts { + key := fmt.Sprintf("%d-%s", devboxPort.ContainerPort, devboxPort.Protocol) + if _, found := portMap[key]; !found { + return false } + portMap[key]-- + if portMap[key] == 0 { + delete(portMap, key) + } + } + if len(portMap) != 0 { + return false } - return true, nil + return true } func (r *DevboxReconciler) updateDevboxCommitHistory(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) error { From 31a2c179e32632dbec4458f0ba0e3a36ead93b1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 15:23:02 +0800 Subject: [PATCH 15/24] add devbox restart pod --- controllers/devbox/internal/controller/devbox_controller.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index dbab3a20bd9..8ea6436f4ce 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -222,6 +222,7 @@ func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.D //if pod is running,check pod need restart tag := r.CheckPodConsistency(ctx, devbox, podList.Items[0]) if !tag { + fmt.Println("进行重启!") _ = r.Delete(ctx, &podList.Items[0]) } return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) From 49a0ef4317f35940e4979eb3cc335ea530ed37b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 15:35:44 +0800 Subject: [PATCH 16/24] add devbox restart pod --- controllers/devbox/internal/controller/devbox_controller.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 8ea6436f4ce..3e81aaaa2d1 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -284,7 +284,8 @@ func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devb return false } //check ports - if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts) { + if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts)+1 { + fmt.Println("1111111") return false } portMap := make(map[string]int) @@ -303,6 +304,7 @@ func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devb } } if len(portMap) != 0 { + fmt.Println("2222222") return false } return true From 9b4bd6963a620ba80f6d96b166481abf5132ef33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 15:37:50 +0800 Subject: [PATCH 17/24] add devbox restart pod --- controllers/devbox/internal/controller/devbox_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 3e81aaaa2d1..8f8f90d0542 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -303,7 +303,7 @@ func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devb delete(portMap, key) } } - if len(portMap) != 0 { + if len(portMap) != 1 { fmt.Println("2222222") return false } From 8f5780719fddde40f030fdab4700ae92218f9983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 15:55:57 +0800 Subject: [PATCH 18/24] add devbox restart pod --- .../internal/controller/devbox_controller.go | 43 +++---------------- .../internal/controller/helper/devbox.go | 36 ++++++++++++++++ 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 8f8f90d0542..b5fda0560b1 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -218,11 +218,14 @@ func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.D if removeFlag { return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) } + tag := helper.CheckPodConsistency(devbox, &podList.Items[0]) + if !tag { + _ = r.Delete(ctx, &podList.Items[0]) + } case corev1.PodRunning: //if pod is running,check pod need restart - tag := r.CheckPodConsistency(ctx, devbox, podList.Items[0]) + tag := helper.CheckPodConsistency(devbox, &podList.Items[0]) if !tag { - fmt.Println("进行重启!") _ = r.Delete(ctx, &podList.Items[0]) } return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) @@ -274,42 +277,6 @@ func commitSuccess(podStatus corev1.PodPhase) bool { return false } -func (r *DevboxReconciler) CheckPodConsistency(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod corev1.Pod) bool { - container := pod.Spec.Containers[0] - //check cpu and memory - if !container.Resources.Limits.Cpu().Equal(devbox.Spec.Resource["cpu"]) { - return false - } - if !container.Resources.Limits.Memory().Equal(devbox.Spec.Resource["memory"]) { - return false - } - //check ports - if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts)+1 { - fmt.Println("1111111") - return false - } - portMap := make(map[string]int) - for _, podPort := range container.Ports { - key := fmt.Sprintf("%d-%s", podPort.ContainerPort, podPort.Protocol) - portMap[key]++ - } - for _, devboxPort := range devbox.Spec.NetworkSpec.ExtraPorts { - key := fmt.Sprintf("%d-%s", devboxPort.ContainerPort, devboxPort.Protocol) - if _, found := portMap[key]; !found { - return false - } - portMap[key]-- - if portMap[key] == 0 { - delete(portMap, key) - } - } - if len(portMap) != 1 { - fmt.Println("2222222") - return false - } - return true -} - func (r *DevboxReconciler) updateDevboxCommitHistory(ctx context.Context, devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) error { for i := len(devbox.Status.CommitHistory) - 1; i >= 0; i-- { if devbox.Status.CommitHistory[i].Pod == pod.Name { diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 6c00cf2da36..e7e89a45b1b 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -19,6 +19,8 @@ import ( "crypto/elliptic" cryptorand "crypto/rand" "crypto/x509" + "fmt" + corev1 "k8s.io/api/core/v1" "encoding/pem" @@ -60,3 +62,37 @@ func GenerateSSHKeyPair() ([]byte, []byte, error) { sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) return sshPublicKey, privateKeyPem, nil } + +func CheckPodConsistency(devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) bool { + container := pod.Spec.Containers[0] + //check cpu and memory + if !container.Resources.Limits.Cpu().Equal(devbox.Spec.Resource["cpu"]) { + return false + } + if !container.Resources.Limits.Memory().Equal(devbox.Spec.Resource["memory"]) { + return false + } + //check ports + if len(container.Ports) != len(devbox.Spec.NetworkSpec.ExtraPorts)+1 { + return false + } + portMap := make(map[string]int) + for _, podPort := range container.Ports { + key := fmt.Sprintf("%d-%s", podPort.ContainerPort, podPort.Protocol) + portMap[key]++ + } + for _, devboxPort := range devbox.Spec.NetworkSpec.ExtraPorts { + key := fmt.Sprintf("%d-%s", devboxPort.ContainerPort, devboxPort.Protocol) + if _, found := portMap[key]; !found { + return false + } + portMap[key]-- + if portMap[key] == 0 { + delete(portMap, key) + } + } + if len(portMap) != 1 { + return false + } + return true +} From eb458509ebc18c45998f760b67197fb3e1dc8126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 16:06:17 +0800 Subject: [PATCH 19/24] add devbox restart pod --- controllers/devbox/internal/controller/devbox_controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index b5fda0560b1..8ac5a7c112e 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -137,6 +137,8 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret publicKey, privateKey, err := helper.GenerateSSHKeyPair() + fmt.Println("公钥为" + string(publicKey)) + fmt.Println("私钥为" + string(privateKey)) if err != nil { logger.Error(err, "generate public and private key failed") return err From d9050e27ef45da16e6e07940c7cc9e753d4a1f10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 21:46:31 +0800 Subject: [PATCH 20/24] add devbox restart pod --- .../internal/controller/devbox_controller.go | 4 +++ .../internal/controller/helper/devbox.go | 26 ++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 8ac5a7c112e..ec8f54aa0c1 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -322,6 +322,10 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox Name: "SEALOS_COMMIT_IMAGE_SQUASH", Value: fmt.Sprintf("%v", devbox.Spec.Squash), }, + { + Name: "SEALOS_DEVBOX_NAME", + Value: devbox.ObjectMeta.Namespace + devbox.ObjectMeta.Name, + }, { Name: "SEALOS_DEVBOX_PASSWORD", ValueFrom: &corev1.EnvVarSource{ diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index e7e89a45b1b..388f21b042a 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -15,10 +15,8 @@ package helper import ( - "crypto/ecdsa" - "crypto/elliptic" + "crypto/ed25519" cryptorand "crypto/rand" - "crypto/x509" "fmt" corev1 "k8s.io/api/core/v1" @@ -42,25 +40,23 @@ func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1. } func GenerateSSHKeyPair() ([]byte, []byte, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) + pubKey, privKey, err := ed25519.GenerateKey(cryptorand.Reader) if err != nil { - return []byte(""), []byte(""), err + return nil, nil, err } - public := &privateKey.PublicKey - derPrivateKey, err := x509.MarshalECPrivateKey(privateKey) + pemKey, err := ssh.MarshalPrivateKey(privKey, "") if err != nil { - return []byte(""), []byte(""), err + return nil, nil, err } - privateKeyPem := pem.EncodeToMemory(&pem.Block{ - Type: "PRIVATE KEY", - Bytes: derPrivateKey, - }) - publicKey, err := ssh.NewPublicKey(public) + privateKey := pem.EncodeToMemory(pemKey) + fmt.Println("私钥为:" + string(privateKey)) + publicKey, err := ssh.NewPublicKey(pubKey) if err != nil { - return []byte(""), []byte(""), err + return nil, nil, err } sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) - return sshPublicKey, privateKeyPem, nil + fmt.Print("公钥为:" + string(sshPublicKey)) + return privateKey, sshPublicKey, nil } func CheckPodConsistency(devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) bool { From a1e9c769c62cb7d14972e0c0bc72cd068b470161 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Thu, 29 Aug 2024 22:04:30 +0800 Subject: [PATCH 21/24] add devbox restart pod --- controllers/devbox/internal/controller/helper/devbox.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 388f21b042a..3b300ecb7f2 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -56,7 +56,7 @@ func GenerateSSHKeyPair() ([]byte, []byte, error) { } sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) fmt.Print("公钥为:" + string(sshPublicKey)) - return privateKey, sshPublicKey, nil + return sshPublicKey, privateKey, nil } func CheckPodConsistency(devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) bool { From 4eca8216e340a28d9f07b794e3f334d3625fc1d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Fri, 30 Aug 2024 11:10:44 +0800 Subject: [PATCH 22/24] add devbox restart pod --- controllers/devbox/internal/controller/helper/devbox.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 3b300ecb7f2..0f4aa11b522 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -49,13 +49,11 @@ func GenerateSSHKeyPair() ([]byte, []byte, error) { return nil, nil, err } privateKey := pem.EncodeToMemory(pemKey) - fmt.Println("私钥为:" + string(privateKey)) publicKey, err := ssh.NewPublicKey(pubKey) if err != nil { return nil, nil, err } sshPublicKey := ssh.MarshalAuthorizedKey(publicKey) - fmt.Print("公钥为:" + string(sshPublicKey)) return sshPublicKey, privateKey, nil } From 73b2fa85e3c6830f881eb0be961d91703bffbbba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Fri, 30 Aug 2024 11:28:16 +0800 Subject: [PATCH 23/24] add devbox restart pod --- .../devbox/internal/controller/devbox_controller.go | 8 ++------ controllers/devbox/internal/controller/helper/devbox.go | 7 ++++--- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index ec8f54aa0c1..52530b6fe7a 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -137,8 +137,6 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha if err != nil && client.IgnoreNotFound(err) == nil { // set password to context, if error then no need to update secret publicKey, privateKey, err := helper.GenerateSSHKeyPair() - fmt.Println("公钥为" + string(publicKey)) - fmt.Println("私钥为" + string(privateKey)) if err != nil { logger.Error(err, "generate public and private key failed") return err @@ -220,14 +218,12 @@ func (r *DevboxReconciler) syncPod(ctx context.Context, devbox *devboxv1alpha1.D if removeFlag { return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) } - tag := helper.CheckPodConsistency(devbox, &podList.Items[0]) - if !tag { + if !helper.CheckPodConsistency(devbox, &podList.Items[0]) { _ = r.Delete(ctx, &podList.Items[0]) } case corev1.PodRunning: //if pod is running,check pod need restart - tag := helper.CheckPodConsistency(devbox, &podList.Items[0]) - if !tag { + if !helper.CheckPodConsistency(devbox, &podList.Items[0]) { _ = r.Delete(ctx, &podList.Items[0]) } return r.updateDevboxCommitHistory(ctx, devbox, &podList.Items[0]) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 0f4aa11b522..cfb28062206 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -17,12 +17,13 @@ package helper import ( "crypto/ed25519" cryptorand "crypto/rand" - "fmt" - corev1 "k8s.io/api/core/v1" + + "golang.org/x/crypto/ssh" "encoding/pem" + "fmt" - "golang.org/x/crypto/ssh" + corev1 "k8s.io/api/core/v1" devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1" ) From 4dde305cfc9b16706e6ce119026f54291ce361af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=8A=92=E6=83=85=E7=86=8A?= <2669184984@qq.com> Date: Fri, 30 Aug 2024 11:31:23 +0800 Subject: [PATCH 24/24] add devbox restart pod --- controllers/devbox/internal/controller/helper/devbox.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index cfb28062206..9ea0c379f6e 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -86,8 +86,5 @@ func CheckPodConsistency(devbox *devboxv1alpha1.Devbox, pod *corev1.Pod) bool { delete(portMap, key) } } - if len(portMap) != 1 { - return false - } - return true + return len(portMap) == 1 }