feat: rent and release ip use api

pkg/webhook/dhcp.go

@@ -0,0 +1,74 @@
+package webhook
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+
+	log "github.com/sirupsen/logrus"
+	"k8s.io/kubectl/pkg/cmd/util"
+
+	"github.com/wencaiwulue/kubevpn/pkg/config"
+	"github.com/wencaiwulue/kubevpn/pkg/handler"
+)
+
+type dhcpServer struct {
+	f util.Factory
+}
+
+func (d *dhcpServer) rentIP(w http.ResponseWriter, r *http.Request) {
+	podName := r.Header.Get("POD_NAME")
+	namespace := r.Header.Get("POD_NAMESPACE")
+
+	log.Infof("handling rent ip request, pod name: %s, ns: %s", podName, namespace)
+	clientset, err := d.f.KubernetesClientSet()
+	if err != nil {
+		log.Error(err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	cmi := clientset.CoreV1().ConfigMaps(namespace)
+	dhcp := handler.NewDHCPManager(cmi, namespace, &net.IPNet{IP: config.RouterIP, Mask: config.CIDR.Mask})
+	random, err := dhcp.RentIPRandom()
+	if err != nil {
+		log.Error(err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+	_, err = w.Write([]byte(random.String()))
+	if err != nil {
+		log.Error(err)
+	}
+}
+
+func (d *dhcpServer) releaseIP(w http.ResponseWriter, r *http.Request) {
+	podName := r.Header.Get("POD_NAME")
+	namespace := r.Header.Get("POD_NAMESPACE")
+	ip := r.Header.Get("IP")
+
+	_, ipNet, err := net.ParseCIDR(ip)
+	if err != nil {
+		log.Errorf("ip is invailed, ip: %s, err: %v", ip, err)
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(fmt.Sprintf("ip is invailed, ip: %s, err: %v", ip, err)))
+		return
+	}
+
+	log.Infof("handling rent ip request, pod name: %s, ns: %s", podName, namespace)
+	clientset, err := d.f.KubernetesClientSet()
+	if err != nil {
+		log.Error(err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	cmi := clientset.CoreV1().ConfigMaps(namespace)
+	dhcp := handler.NewDHCPManager(cmi, namespace, &net.IPNet{IP: config.RouterIP, Mask: config.CIDR.Mask})
+	err = dhcp.ReleaseIpToDHCP(ipNet)
+	if err != nil {
+		log.Error(err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+}

pkg/webhook/mutateadmissionwebhook.go

@@ -2,7 +2,6 @@ package webhook
 
 import (
 	"crypto/tls"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -12,6 +11,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/admission/v1"
 	"k8s.io/api/admission/v1beta1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 )
@@ -122,21 +122,20 @@ func serve(w http.ResponseWriter, r *http.Request, admit admitHandler) {
 
 func Main(f cmdutil.Factory) error {
 	h := &admissionReviewHandler{f: f}
-	http.HandleFunc("/pods", func(w http.ResponseWriter, r *http.Request) {
-		serve(w, r, newDelegateToV1AdmitHandler(h.admitPods))
-	})
-	http.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) {
-		_, _ = w.Write([]byte("ok"))
-	})
-	cert, err := base64.StdEncoding.DecodeString(os.Getenv("CERT"))
-	if err != nil {
-		return err
+	http.HandleFunc("/pods", func(w http.ResponseWriter, r *http.Request) { serve(w, r, newDelegateToV1AdmitHandler(h.admitPods)) })
+	http.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) { _, _ = w.Write([]byte("ok")) })
+	s := dhcpServer{f: f}
+	http.HandleFunc("/rent/ip", s.rentIP)
+	http.HandleFunc("/release/ip", s.releaseIP)
+	cert, ok := os.LookupEnv(corev1.TLSCertKey)
+	if !ok {
+		return fmt.Errorf("can not get %s from env", corev1.TLSCertKey)
 	}
-	key, err := base64.StdEncoding.DecodeString(os.Getenv("KEY"))
-	if err != nil {
-		return err
+	key, ok := os.LookupEnv(corev1.TLSPrivateKeyKey)
+	if !ok {
+		return fmt.Errorf("can not get %s from env", corev1.TLSPrivateKeyKey)
 	}
-	pair, err := tls.X509KeyPair(cert, key)
+	pair, err := tls.X509KeyPair([]byte(cert), []byte(key))
 	if err != nil {
 		return err
 	}