From 41767c68f25ac62f9609806040e0f0d2d2e6173d Mon Sep 17 00:00:00 2001 From: ci-bot Date: Tue, 19 Mar 2024 03:31:27 +0000 Subject: [PATCH] update ks-core helm chart --- src/test/ks-core/Chart.yaml | 2 +- .../crds/kubesphere.io_extensions.yaml | 2 + .../crds/kubesphere.io_installplans.yaml | 4 ++ src/test/ks-core/templates/_helpers.tpl | 24 ++++++++++ src/test/ks-core/templates/builtinroles.yaml | 7 --- src/test/ks-core/templates/clusterroles.yaml | 6 +-- .../templates/extension-categories.yaml | 2 +- src/test/ks-core/templates/globalroles.yaml | 4 +- src/test/ks-core/templates/ks-agent.yml | 2 +- src/test/ks-core/templates/ks-apiserver.yml | 2 +- src/test/ks-core/templates/ks-console.yml | 2 +- .../templates/ks-controller-manager.yaml | 2 +- .../ks-core/templates/kubesphere-config.yaml | 15 +++++- .../ks-core/templates/marketplace-config.yaml | 2 +- .../ks-core/templates/oauthclient-config.yaml | 2 +- .../templates/prepare-upgrade-job.yaml | 46 +++++++++++++++++++ src/test/ks-core/templates/services.yml | 4 +- src/test/ks-core/templates/webhook.yaml | 2 +- src/test/ks-core/templates/workspace.yaml | 2 +- src/test/ks-core/values.yaml | 16 ++++++- 20 files changed, 118 insertions(+), 30 deletions(-) create mode 100644 src/test/ks-core/templates/prepare-upgrade-job.yaml diff --git a/src/test/ks-core/Chart.yaml b/src/test/ks-core/Chart.yaml index ba592c365..8cdbfbb4f 100644 --- a/src/test/ks-core/Chart.yaml +++ b/src/test/ks-core/Chart.yaml @@ -7,7 +7,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.12 +version: 0.6.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/src/test/ks-core/crds/kubesphere.io_extensions.yaml b/src/test/ks-core/crds/kubesphere.io_extensions.yaml index 9579c30e1..715bc687d 100644 --- a/src/test/ks-core/crds/kubesphere.io_extensions.yaml +++ b/src/test/ks-core/crds/kubesphere.io_extensions.yaml @@ -156,6 +156,8 @@ spec: - type type: object type: array + configHash: + type: string jobName: type: string releaseName: diff --git a/src/test/ks-core/crds/kubesphere.io_installplans.yaml b/src/test/ks-core/crds/kubesphere.io_installplans.yaml index cd163f4a2..af0eb32f7 100644 --- a/src/test/ks-core/crds/kubesphere.io_installplans.yaml +++ b/src/test/ks-core/crds/kubesphere.io_installplans.yaml @@ -204,6 +204,8 @@ spec: - type type: object type: array + configHash: + type: string jobName: type: string releaseName: @@ -300,6 +302,8 @@ spec: - type type: object type: array + configHash: + type: string enabled: type: boolean jobName: diff --git a/src/test/ks-core/templates/_helpers.tpl b/src/test/ks-core/templates/_helpers.tpl index 66a8cf117..01d47caa1 100644 --- a/src/test/ks-core/templates/_helpers.tpl +++ b/src/test/ks-core/templates/_helpers.tpl @@ -96,6 +96,30 @@ Create the name of the service account to use {{- end }} {{- end }} +{{- define "role" -}} +{{- if eq .Values.role "" }} +{{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }} +{{- with (fromYaml (index .data "kubesphere.yaml")) }} +{{- if and .multicluster (.multicluster).clusterRole }} +{{- if eq .multicluster.clusterRole "none" }} +{{- "host" }} +{{- else }} +{{- .multicluster.clusterRole }} +{{- end }} +{{- else }} +{{- $.Values.role | default "host" }} +{{- end }} +{{- else }} +{{- $.Values.role | default "host" }} +{{- end }} +{{- else }} +{{- $.Values.role | default "host" }} +{{- end }} +{{- else }} +{{- .Values.role }} +{{- end }} +{{- end }} + {{/* Returns user's password or use default */}} diff --git a/src/test/ks-core/templates/builtinroles.yaml b/src/test/ks-core/templates/builtinroles.yaml index 2bb48b65b..e14db6a72 100644 --- a/src/test/ks-core/templates/builtinroles.yaml +++ b/src/test/ks-core/templates/builtinroles.yaml @@ -19,7 +19,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理项目中的所有资源。", "en": "Manage all resources in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: admin rules: @@ -53,7 +52,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理项目中除用户和角色之外的资源。", "en": "Manage resources other than users and roles in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: operator rules: @@ -107,7 +105,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看项目中的所有资源。", "en": "View all resources in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: viewer rules: @@ -150,7 +147,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理企业空间中的所有资源。", "en": "Manage all resources in the workspace."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: admin rules: @@ -183,7 +179,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业空间设置。", "en": "View workspace settings."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: regular rules: @@ -219,7 +214,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业设置、创建项目。", "en": "View workspace settings, create projects."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: self-provisioner rules: [] @@ -249,7 +243,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业空间中的所有资源。", "en": "View all resources in the workspace."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: viewer rules: diff --git a/src/test/ks-core/templates/clusterroles.yaml b/src/test/ks-core/templates/clusterroles.yaml index 109ddb048..5aa0a707f 100644 --- a/src/test/ks-core/templates/clusterroles.yaml +++ b/src/test/ks-core/templates/clusterroles.yaml @@ -4,9 +4,8 @@ metadata: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理集群中的所有资源。", "en": "Manage all resources in the cluster."}' - name: cluster-admin - labels: iam.kubesphere.io/auto-aggregate: "true" + name: cluster-admin aggregationRoleTemplates: roleSelector: matchLabels: @@ -31,9 +30,8 @@ metadata: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看集群中的所有资源。", "en": "View all resources in the cluster."}' - name: cluster-viewer - labels: iam.kubesphere.io/auto-aggregate: "true" + name: cluster-viewer aggregationRoleTemplates: roleSelector: matchLabels: diff --git a/src/test/ks-core/templates/extension-categories.yaml b/src/test/ks-core/templates/extension-categories.yaml index 517e692c9..f08532039 100644 --- a/src/test/ks-core/templates/extension-categories.yaml +++ b/src/test/ks-core/templates/extension-categories.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} --- apiVersion: kubesphere.io/v1alpha1 kind: Category diff --git a/src/test/ks-core/templates/globalroles.yaml b/src/test/ks-core/templates/globalroles.yaml index dff003ae8..74f1040e4 100644 --- a/src/test/ks-core/templates/globalroles.yaml +++ b/src/test/ks-core/templates/globalroles.yaml @@ -19,9 +19,8 @@ rules: apiVersion: iam.kubesphere.io/v1beta1 kind: GlobalRole metadata: - labels: - iam.kubesphere.io/auto-aggregate: "true" annotations: + iam.kubesphere.io/auto-aggregate: "true" iam.kubesphere.io/rego-override: |- package authz default allow = false @@ -168,7 +167,6 @@ metadata: allowedScopes := ["Workspace","Namespace","Cluster"] allowedScopes[_] == input.ResourceScope } - labels: iam.kubesphere.io/auto-aggregate: "true" name: platform-admin aggregationRoleTemplates: diff --git a/src/test/ks-core/templates/ks-agent.yml b/src/test/ks-core/templates/ks-agent.yml index 0bb0efe92..1b5a3fc54 100644 --- a/src/test/ks-core/templates/ks-agent.yml +++ b/src/test/ks-core/templates/ks-agent.yml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "member" }} +{{ if eq (include "role" .) "member" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/src/test/ks-core/templates/ks-apiserver.yml b/src/test/ks-core/templates/ks-apiserver.yml index e2276f2b5..33a3d232d 100644 --- a/src/test/ks-core/templates/ks-apiserver.yml +++ b/src/test/ks-core/templates/ks-apiserver.yml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/src/test/ks-core/templates/ks-console.yml b/src/test/ks-core/templates/ks-console.yml index 252f08382..24b480490 100644 --- a/src/test/ks-core/templates/ks-console.yml +++ b/src/test/ks-core/templates/ks-console.yml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/src/test/ks-core/templates/ks-controller-manager.yaml b/src/test/ks-core/templates/ks-controller-manager.yaml index 3e22659e7..f47042205 100644 --- a/src/test/ks-core/templates/ks-controller-manager.yaml +++ b/src/test/ks-core/templates/ks-controller-manager.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/src/test/ks-core/templates/kubesphere-config.yaml b/src/test/ks-core/templates/kubesphere-config.yaml index de02155ba..94ebb0703 100644 --- a/src/test/ks-core/templates/kubesphere-config.yaml +++ b/src/test/ks-core/templates/kubesphere-config.yaml @@ -13,14 +13,25 @@ data: host: {{ include "portal.host" . | quote }} jwtSecret: {{ include "jwtSecret" . | quote }} maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }} - {{- if eq .Values.role "member" }} + {{- if eq (include "role" .) "member" }} accessTokenMaxAge: 0s {{- else }} accessTokenMaxAge: {{ .Values.authentication.issuer.accessTokenMaxAge }} {{- end }} accessTokenInactivityTimeout: {{ .Values.authentication.issuer.accessTokenInactivityTimeout }} + {{- if .Values.s3 }} + s3: + endpoint: {{ .Values.s3.endpoint | default "" }} + region: {{ .Values.s3.region | default "us-east-1" }} + disableSSL: {{ .Values.s3.disableSSL | default true }} + forcePathStyle: {{ .Values.s3.forcePathStyle | default true }} + accessKeyID: {{ .Values.s3.accessKeyID | default "admin" }} + secretAccessKey: {{ .Values.s3.secretAccessKey | default "admin" }} + bucket: {{ .Values.s3.bucket | default "uploads" }} + {{- end }} + multicluster: - clusterRole: {{ .Values.role }} + clusterRole: {{ include "role" . | quote }} terminal: kubectl: image: {{ template "kubectl.image" . }} diff --git a/src/test/ks-core/templates/marketplace-config.yaml b/src/test/ks-core/templates/marketplace-config.yaml index 5eefed86e..751fc49a6 100644 --- a/src/test/ks-core/templates/marketplace-config.yaml +++ b/src/test/ks-core/templates/marketplace-config.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.role "host" }} +{{- if eq (include "role" .) "host" }} {{- if .Values.cloud.enabled }} apiVersion: v1 stringData: diff --git a/src/test/ks-core/templates/oauthclient-config.yaml b/src/test/ks-core/templates/oauthclient-config.yaml index 98bfebcba..a97f84779 100644 --- a/src/test/ks-core/templates/oauthclient-config.yaml +++ b/src/test/ks-core/templates/oauthclient-config.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} apiVersion: v1 stringData: configuration.yaml: | diff --git a/src/test/ks-core/templates/prepare-upgrade-job.yaml b/src/test/ks-core/templates/prepare-upgrade-job.yaml new file mode 100644 index 000000000..9e0881a12 --- /dev/null +++ b/src/test/ks-core/templates/prepare-upgrade-job.yaml @@ -0,0 +1,46 @@ +{{- if .Values.upgrade.prepare }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: ks-upgrade-prepare-config + namespace: {{ .Release.Namespace }} +data: + ks-upgrade.yaml: | + storage: + {{- if .Values.upgrade.storage.s3.endpoint }} + s3: {{- toYaml .Values.upgrade.storage.s3 | nindent 8 }} + {{- else }} + local: + path: {{ .Values.upgrade.storage.local.path }} + {{- end }} + jobs: {{- toYaml .Values.upgrade.jobs | nindent 6 }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: prepare-upgrade + namespace: {{ .Release.Namespace }} +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + containers: + - name: prepare-upgrade-job + image: {{ template "upgrade.image" . }} + imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }} + command: + - ks-upgrade + - prepare-upgrade + - --logtostderr=true + - --config=/etc/kubesphere/ks-upgrade.yaml + volumeMounts: + - mountPath: /etc/kubesphere/ + name: config + volumes: + - name: config + configMap: + name: ks-upgrade-prepare-config + defaultMode: 420 +{{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/services.yml b/src/test/ks-core/templates/services.yml index 1c19df1c5..94654c80b 100644 --- a/src/test/ks-core/templates/services.yml +++ b/src/test/ks-core/templates/services.yml @@ -23,7 +23,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} selector: - {{- if eq .Values.role "host" }} + {{- if eq (include "role" .) "host" }} app: ks-apiserver {{- else }} app: ks-agent @@ -52,7 +52,7 @@ spec: protocol: TCP targetPort: 8443 selector: - {{- if eq .Values.role "host" }} + {{- if eq (include "role" .) "host" }} app: ks-controller-manager {{- else }} app: ks-agent diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml index 0c3d05113..5d7d1cf04 100644 --- a/src/test/ks-core/templates/webhook.yaml +++ b/src/test/ks-core/templates/webhook.yaml @@ -14,7 +14,7 @@ metadata: name: ks-controller-manager-webhook-cert type: Opaque -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration diff --git a/src/test/ks-core/templates/workspace.yaml b/src/test/ks-core/templates/workspace.yaml index 40ec9a335..521252180 100644 --- a/src/test/ks-core/templates/workspace.yaml +++ b/src/test/ks-core/templates/workspace.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.role "host" }} +{{ if eq (include "role" .) "host" }} apiVersion: tenant.kubesphere.io/v1beta1 kind: WorkspaceTemplate metadata: diff --git a/src/test/ks-core/values.yaml b/src/test/ks-core/values.yaml index d3dcee6c7..a7f1012f8 100644 --- a/src/test/ks-core/values.yaml +++ b/src/test/ks-core/values.yaml @@ -20,7 +20,8 @@ commonAnnotations: {} ## Role represents the role of the current cluster, ## and it can have one of two values: "host" or "member". -role: host +## Priority: specified in values > get from kubesphere-config > default role (host) +role: "" portal: ## The IP address or hostname to access ks-console service. @@ -31,6 +32,16 @@ portal: # https: # port: 30443 +s3: +# If endpoint is empty, disable s3 storage + endpoint: "" + region: "us-east-1" + disableSSL: true + forcePathStyle: true + accessKeyID: "admin" + secretAccessKey: "admin" + bucket: "uploads" + authentication: authenticateRateLimiterMaxTries: 10 authenticationRateLimiterDuration: 10m0s @@ -40,6 +51,7 @@ authentication: issuer: maximumClockSkew: 10s # Jwt Secret is required by ks-apiserver, a random string would be generated if it's empty + # Priority: specified in values > get from kubesphere-config > default jwtSecret (a random string) jwtSecret: "" accessTokenMaxAge: 2h accessTokenInactivityTimeout: 30m @@ -445,7 +457,7 @@ upgrade: extensionRef: name: "kubefed" version: "1.0.0" - namespace: "extension-kubefed" + namespace: "kube-federation-system" configMap: "extension-kubefed-1.0.0-chart" configMapKey: "chart.tgz" configMapNamespace: "kubesphere-system"