2026-01-22 17:54:31 +01:00
|
|
|
const Cluster = {
|
2023-02-12 11:58:26 +01:00
|
|
|
components: { Downloads, GetCopy },
|
2023-02-07 21:29:19 +01:00
|
|
|
props: [ 'cluster', 'token', 'state' ],
|
2025-06-29 00:12:12 +02:00
|
|
|
data() {
|
|
|
|
|
return {
|
2025-07-02 21:47:08 +02:00
|
|
|
signReqValidity: "1d",
|
2025-06-29 00:12:12 +02:00
|
|
|
sshSignReq: {
|
|
|
|
|
PubKey: "",
|
|
|
|
|
Principal: "root",
|
|
|
|
|
},
|
|
|
|
|
sshUserCert: null,
|
2025-07-02 21:47:08 +02:00
|
|
|
kubeSignReq: {
|
|
|
|
|
CSR: "",
|
2026-01-19 17:57:15 +01:00
|
|
|
User: "",
|
|
|
|
|
Group: "system:masters",
|
2025-07-02 21:47:08 +02:00
|
|
|
},
|
|
|
|
|
kubeUserCert: null,
|
2026-06-17 12:20:37 +02:00
|
|
|
downloadSet: null,
|
2025-06-29 00:12:12 +02:00
|
|
|
};
|
|
|
|
|
},
|
|
|
|
|
methods: {
|
|
|
|
|
sshCASign() {
|
|
|
|
|
event.preventDefault();
|
|
|
|
|
fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, {
|
|
|
|
|
method: 'POST',
|
2025-07-02 21:47:08 +02:00
|
|
|
body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),
|
2025-06-29 00:12:12 +02:00
|
|
|
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
|
2026-01-19 17:57:15 +01:00
|
|
|
}).then((resp) => {
|
|
|
|
|
if (resp.ok) {
|
|
|
|
|
resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })
|
|
|
|
|
} else {
|
|
|
|
|
resp.json().then((resp) => alert('failed to sign: '+resp.message))
|
|
|
|
|
}
|
|
|
|
|
})
|
2025-06-29 00:12:12 +02:00
|
|
|
.catch((e) => { alert('failed to sign: '+e); })
|
|
|
|
|
},
|
2025-07-02 21:47:08 +02:00
|
|
|
kubeCASign() {
|
|
|
|
|
event.preventDefault();
|
|
|
|
|
fetch(`/clusters/${this.cluster.Name}/kube/sign`, {
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),
|
|
|
|
|
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
|
2026-01-19 17:57:15 +01:00
|
|
|
}).then((resp) => {
|
|
|
|
|
if (resp.ok) {
|
|
|
|
|
resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })
|
|
|
|
|
} else {
|
|
|
|
|
resp.json().then((resp) => alert('failed to sign: '+resp.message))
|
|
|
|
|
}
|
|
|
|
|
})
|
2025-07-02 21:47:08 +02:00
|
|
|
.catch((e) => { alert('failed to sign: '+e); })
|
|
|
|
|
},
|
2026-01-22 17:54:31 +01:00
|
|
|
readFile(e, onload) {
|
|
|
|
|
const file = e.target.files[0];
|
|
|
|
|
if (!file) { return; }
|
|
|
|
|
const reader = new FileReader();
|
|
|
|
|
reader.onload = () => { onload(reader.result) };
|
|
|
|
|
reader.onerror = () => { alert("error reading file"); };
|
|
|
|
|
reader.readAsText(file);
|
|
|
|
|
},
|
|
|
|
|
loadPubKey(e) {
|
|
|
|
|
this.readFile(e, (v) => {
|
|
|
|
|
this.sshSignReq.PubKey = v;
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
loadCSR(e) {
|
|
|
|
|
this.readFile(e, (v) => {
|
|
|
|
|
this.kubeSignReq.CSR = v;
|
|
|
|
|
});
|
|
|
|
|
},
|
2026-06-17 12:20:37 +02:00
|
|
|
generateDownloadSet() {
|
|
|
|
|
event.preventDefault()
|
|
|
|
|
|
|
|
|
|
const hosts = (this.state.Hosts||[]).filter(h => h.Cluster == this.cluster.Name)
|
|
|
|
|
const items = hosts.map(h => ({
|
|
|
|
|
Kind: "host",
|
|
|
|
|
Name: h.Name,
|
|
|
|
|
Assets: ["kernel", "initrd", "uki", "bootstrap.tar", "boot.img.gz", "boot.img", "boot.qcow2", "boot.iso", "boot.tar", "bootstrap-config", "config", "config.json", "ipxe"],
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
fetch('/sign-download-set', {
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: JSON.stringify({Expiry: this.signReqValidity, Items: items}),
|
|
|
|
|
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
|
|
|
|
|
}).then((resp) => {
|
|
|
|
|
if (resp.ok) {
|
|
|
|
|
resp.json().then((set) => { this.downloadSet = set })
|
|
|
|
|
} else {
|
|
|
|
|
resp.json().then((resp) => alert('failed to generate: '+resp.message))
|
|
|
|
|
}
|
|
|
|
|
}).catch((e) => { alert('failed to generate: '+e) })
|
|
|
|
|
},
|
2025-06-29 00:12:12 +02:00
|
|
|
},
|
2023-02-07 21:29:19 +01:00
|
|
|
template: `
|
2026-01-22 17:54:31 +01:00
|
|
|
<h3>Access</h3>
|
|
|
|
|
|
|
|
|
|
<p>Allow cluster access from a public key</p>
|
|
|
|
|
|
|
|
|
|
<h4>Grant SSH access</h4>
|
|
|
|
|
|
|
|
|
|
<p>Validity: <input type="text" v-model="signReqValidity"/> <small>time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</small></p>
|
|
|
|
|
<p>User: <input type="text" v-model="sshSignReq.Principal"/></p>
|
|
|
|
|
<p>Public key (OpenSSH format):<br/>
|
|
|
|
|
<span class="text-and-file"><textarea v-model="sshSignReq.PubKey" style="height:3lh"></textarea>
|
|
|
|
|
<input type="file" accept=".pub" @change="loadPubKey" /></span>
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
<p><button @click="sshCASign">Sign SSH access</button>
|
|
|
|
|
<template v-if="sshUserCert">
|
|
|
|
|
=> <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
|
|
|
|
|
</template>
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
<h4>Grant Kubernetes API access</h4>
|
|
|
|
|
|
|
|
|
|
<p>Validity: <input type="text" v-model="signReqValidity"/> <small>time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</small></p>
|
|
|
|
|
<p>User: <input type="text" v-model="kubeSignReq.User"/> (by default, from the CSR)</p>
|
|
|
|
|
<p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>
|
|
|
|
|
<p>Certificate signing request (PEM format):<br/>
|
|
|
|
|
<span class="text-and-file"><textarea v-model="kubeSignReq.CSR" style="height:7lh;"></textarea>
|
|
|
|
|
<input type="file" accept=".csr" @change="loadCSR" /></span>
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
<p><button @click="kubeCASign">Sign Kubernetes API access</button>
|
|
|
|
|
<template v-if="kubeUserCert">
|
|
|
|
|
=> <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
|
|
|
|
|
</template>
|
|
|
|
|
</p>
|
|
|
|
|
|
2025-06-29 00:12:12 +02:00
|
|
|
<h3>Tokens</h3>
|
2023-02-12 11:58:26 +01:00
|
|
|
<section class="links">
|
|
|
|
|
<GetCopy v-for="n in cluster.Tokens" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/tokens/'+n" />
|
|
|
|
|
</section>
|
2025-06-29 00:12:12 +02:00
|
|
|
|
|
|
|
|
<h3>Passwords</h3>
|
2023-02-12 11:58:26 +01:00
|
|
|
<section class="links">
|
|
|
|
|
<GetCopy v-for="n in cluster.Passwords" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/passwords/'+n" />
|
|
|
|
|
</section>
|
2025-06-29 00:12:12 +02:00
|
|
|
|
|
|
|
|
<h3>Downloads</h3>
|
|
|
|
|
<Downloads :token="token" :state="state" kind="cluster" :name="cluster.Name" />
|
|
|
|
|
|
2026-06-17 12:20:37 +02:00
|
|
|
<h3>Download set</h3>
|
|
|
|
|
<p>Validity: <input type="text" v-model="signReqValidity"/> <small>time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</small></p>
|
|
|
|
|
<p><button @click="generateDownloadSet">Generate download set ({{ (state.Hosts||[]).filter(h => h.Cluster == cluster.Name).length }} hosts)</button></p>
|
|
|
|
|
<p v-if="downloadSet" style="word-break:break-all">
|
|
|
|
|
<a :href="'/public/download-set?set='+downloadSet" target="_blank">Open download set page</a>
|
|
|
|
|
<br/>
|
|
|
|
|
<button @click="navigator.clipboard.writeText(window.location.origin+'/public/download-set?set='+downloadSet)">Copy URL</button>
|
|
|
|
|
</p>
|
|
|
|
|
|
2025-06-29 00:12:12 +02:00
|
|
|
<h3>CAs</h3>
|
2023-02-15 08:49:34 +01:00
|
|
|
<table><tr><th>Name</th><th>Certificate</th><th>Signed certificates</th></tr>
|
|
|
|
|
<tr v-for="ca in cluster.CAs">
|
|
|
|
|
<td>{{ ca.Name }}</td>
|
|
|
|
|
<td><GetCopy :token="token" name="cert" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/certificate'" /></td>
|
|
|
|
|
<td><template v-for="signed in ca.Signed">
|
|
|
|
|
{{" "}}
|
|
|
|
|
<GetCopy :token="token" :name="signed" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/signed?name='+signed" />
|
|
|
|
|
</template></td>
|
|
|
|
|
</tr></table>
|
2025-06-29 00:12:12 +02:00
|
|
|
|
2023-02-07 21:29:19 +01:00
|
|
|
`
|
|
|
|
|
}
|
