diff --git a/src/test/ks-core/Chart.yaml b/src/test/ks-core/Chart.yaml index 3e0da785..f292b6c1 100644 --- a/src/test/ks-core/Chart.yaml +++ b/src/test/ks-core/Chart.yaml @@ -7,7 +7,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.8 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/src/test/ks-core/templates/_helpers.tpl b/src/test/ks-core/templates/_helpers.tpl index 8cc73c15..0ee60f31 100644 --- a/src/test/ks-core/templates/_helpers.tpl +++ b/src/test/ks-core/templates/_helpers.tpl @@ -78,7 +78,7 @@ Create the name of the service account to use {{- if eq .Values.role "host" }} {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }} {{- with (fromYaml (index .data "kubesphere.yaml")) }} -{{- if and .authentication .authentication.issuer .authentication.issuer.jwtSecret }} +{{- if and .authentication (.authentication).issuer ((.authentication).issuer).jwtSecret }} {{- .authentication.issuer.jwtSecret }} {{- else }} {{- $.Values.authentication.issuer.jwtSecret | default (randAlphaNum 32 ) }} diff --git a/src/test/ks-core/templates/roletemplates.yaml b/src/test/ks-core/templates/roletemplates.yaml index d5c193df..87b7dcac 100644 --- a/src/test/ks-core/templates/roletemplates.yaml +++ b/src/test/ks-core/templates/roletemplates.yaml @@ -1835,11 +1835,11 @@ metadata: name: workspace-view-app-templates spec: description: - en: 'Workspace App Templates View' - zh: '企业空间查看应用模板,应用版本模板等。' + en: 'Application/application version/application instance view' + zh: '应用/应用版本/应用实例查看' displayName: - en: 'Workspace App Templates View' - zh: '应用模板查看' + en: 'Application/application version/application instance view' + zh: '应用/应用版本/应用实例查看' rules: - apiGroups: - application.kubesphere.io @@ -1847,9 +1847,73 @@ spec: - 'apps' - 'apps/versions' - 'applications' + - 'attachments' verbs: - get - list +--- +apiVersion: iam.kubesphere.io/v1beta1 +kind: RoleTemplate +metadata: + annotations: + iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}' + labels: + iam.kubesphere.io/category: workspace-app + iam.kubesphere.io/scope: workspace + kubesphere.io/managed: "true" + iam.kubesphere.io/aggregate-to-viewer: "" + name: workspace-view-create-app-templates +spec: + description: + en: 'Workspace Application/application version/application instance view and create' + zh: '应用/应用版本/应用实例查看和创建' + displayName: + en: 'Workspace Application/application version/application instance view and create' + zh: '应用/应用版本/应用实例查看和创建' + rules: + - apiGroups: + - application.kubesphere.io + resources: + - 'apps' + - 'apps/versions' + - 'applications' + - 'attachments' + verbs: + - get + - list + - create + - update + - patch + +--- +apiVersion: iam.kubesphere.io/v1beta1 +kind: RoleTemplate +metadata: + annotations: + iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}' + labels: + iam.kubesphere.io/category: workspace-app + iam.kubesphere.io/scope: workspace + kubesphere.io/managed: "true" + iam.kubesphere.io/aggregate-to-viewer: "" + name: workspace-delete-app-templates +spec: + description: + en: 'Workspace Application/application version/application instance deletion' + zh: '应用/应用版本/应用实例删除' + displayName: + en: 'Application/application version/application instance deletion' + zh: '应用/应用版本/应用实例删除' + rules: + - apiGroups: + - application.kubesphere.io + resources: + - 'apps' + - 'apps/versions' + - 'applications' + - 'attachments' + verbs: + - delete --- apiVersion: iam.kubesphere.io/v1beta1 @@ -1857,7 +1921,7 @@ kind: RoleTemplate metadata: annotations: iam.kubesphere.io/role-template-rules: '{"app-templates": "manage"}' - iam.kubesphere.io/dependencies: '["workspace-view-app-templates"]' + iam.kubesphere.io/dependencies: '["workspace-view-app-templates","workspace-view-create-app-templates","workspace-delete-app-templates"]' labels: iam.kubesphere.io/category: workspace-app iam.kubesphere.io/scope: workspace @@ -1867,11 +1931,11 @@ metadata: name: workspace-manage-app-templates spec: description: - en: 'Workspace App Templates Management' - zh: '企业空间上传应用模板,应用版本模板等。' + en: 'Workspace applications/application versions/application instance management' + zh: '应用/应用版本/应用实例管理' displayName: - en: 'Workspace App Templates Management' - zh: '应用模板管理' + en: 'Workspace applications/application versions/application instance management' + zh: '应用/应用版本/应用实例管理' rules: - apiGroups: - application.kubesphere.io @@ -1879,6 +1943,7 @@ spec: - 'apps' - 'apps/versions' - 'applications' + - 'attachments' verbs: - '*' @@ -1907,6 +1972,7 @@ spec: - application.kubesphere.io resources: - applications + - attachments verbs: - get - list @@ -1917,7 +1983,7 @@ kind: RoleTemplate metadata: annotations: iam.kubesphere.io/role-template-rules: '{"app-releases": "manage"}' - iam.kubesphere.io/dependencies: '["namespace-view-app-releases"]' + iam.kubesphere.io/dependencies: '["namespace-view-app-releases","namespace-delete-app-releases","namespace-create-app-releases"]' labels: iam.kubesphere.io/category: namespace-app iam.kubesphere.io/scope: namespace @@ -1928,14 +1994,72 @@ metadata: spec: description: en: 'Namespace App Releases Management' - zh: '项目下部署升级应用实例。' + zh: '项目下应用实例管理' displayName: en: 'Namespace App Releases Management' - zh: '应用实例部署升级' + zh: '应用实例管理' + rules: + - apiGroups: + - application.kubesphere.io + resources: + - applications + - attachments + verbs: + - '*' +--- +apiVersion: iam.kubesphere.io/v1beta1 +kind: RoleTemplate +metadata: + annotations: + iam.kubesphere.io/role-template-rules: '{"app-releases": "manage"}' + labels: + iam.kubesphere.io/category: namespace-app + iam.kubesphere.io/scope: namespace + kubesphere.io/managed: "true" + iam.kubesphere.io/aggregate-to-operator: "" + iam.kubesphere.io/aggregate-to-admin: "" + name: namespace-delete-app-releases +spec: + description: + en: 'Namespace Application instance deletion' + zh: '项目下应用实例删除' + displayName: + en: 'Namespace Application instance deletion' + zh: '应用实例删除' + rules: + - apiGroups: + - application.kubesphere.io + resources: + - applications + - attachments + verbs: + - delete + +--- +apiVersion: iam.kubesphere.io/v1beta1 +kind: RoleTemplate +metadata: + annotations: + iam.kubesphere.io/role-template-rules: '{"app-releases": "manage"}' + labels: + iam.kubesphere.io/category: namespace-app + iam.kubesphere.io/scope: namespace + kubesphere.io/managed: "true" + iam.kubesphere.io/aggregate-to-operator: "" + iam.kubesphere.io/aggregate-to-admin: "" + name: namespace-create-app-releases +spec: + description: + en: 'Namespace Application instance create' + zh: '项目下应用实例创建' + displayName: + en: 'Namespace Application instance create' + zh: '应用实例创建' rules: - apiGroups: - application.kubesphere.io resources: - applications + - attachments verbs: - - '*' \ No newline at end of file + - post diff --git a/src/test/ks-core/values.yaml b/src/test/ks-core/values.yaml index 195a0db0..377a840a 100644 --- a/src/test/ks-core/values.yaml +++ b/src/test/ks-core/values.yaml @@ -272,7 +272,7 @@ extension: key: value upgrade: - disabled: false + disabled: true image: registry: "" repository: kse/ks-upgrade @@ -294,13 +294,389 @@ upgrade: accessMode: ReadWriteOnce size: 5Gi jobs: - iam: - disabled: false - priority: 10 - dynamicOptions: {} - devops: - disabled: false - priority: 11 - dynamicOptions: {} + network: + disabled: false + priority: 100 + extensionRef: + name: "network" + version: "1.0.0" + namespace: "extension-network" + configMap: "network-extension-1.0.0-chart" + configMapKey: "charts.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + dynamicOptions: { + "rerun": "false" + } + iam: + disabled: false + priority: 100 + extensionRef: + name: "" + version: "" + namespace: "" + configMap: "" + configMapKey: "" + configMapNamespace: "" + chartsPath: "" + config: "" + installationMode: HostOnly + # installationMode: Multicluster + clusterScheduling: + placement: + clusters: + - host + clusterSelector: + matchLabels: + node-role.kubernetes.io/master: "" + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + overrides: + k: v + dynamicOptions: { } + devops: + disabled: false + priority: 100 + extensionRef: + version: "1.1.0" + installationMode: Multicluster + clusterScheduling: + placement: + clusters: + - host + config: | + global: + image: + registry: + pullSecrets: [] + agent: + jenkins: + securityRealm: + openIdConnect: + # The kubesphere-core api used for jenkins OIDC + # If want to access to jenkinsUI, the kubesphereCoreApi must be specified and browser-accessible + # Modifying this configuration will take effect during installation + # If you wish for changes to take effect after installation, you need to update the jenkins-casc-config ConfigMap,copy the securityRealm configuration from jenkins.yaml to jenkins_user.yaml, save, and wait for approximately 70 seconds for the changes to take effect. + kubesphereCoreApi: "http://ks-apiserver.kubesphere-system.svc:30881" + dynamicOptions: {} + + storage-utils: + disabled: false + priority: 100 + extensionRef: + name: "storage-utils" + version: "1.0.0" + namespace: "extension-storage-utils" + configMap: "extension-storage-utils-1.0.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + config: | + backend: + pvcAutoResizer: + commandArgs: + prometheusUrl: "http://prometheus-k8s.kubesphere-monitoring-system:9090" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + dynamicOptions: { + "rerun": "false" + } + tower: + disabled: false + priority: 100 + extensionRef: + name: "tower" + version: "1.0.0" + namespace: "extension-tower" + configMap: "extension-tower-1.0.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + kubefed: + disabled: false + priority: 100 + extensionRef: + name: "kubefed" + version: "1.0.0" + namespace: "extension-kubefed" + configMap: "extension-kubefed-1.0.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + whizard-monitoring: + disabled: false + priority: 100 + extensionRef: + name: "whizard-monitoring" + version: "1.0.0" + namespace: "extension-whizard-monitoring" + configMap: "extension-whizard-monitoring-1.0.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + springcloud: + disabled: false + priority: 100 + extensionRef: + name: "springcloud" + version: "0.1.0" + namespace: "extension-springcloud" + configMap: "extension-springcloud-0.1.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + servicemesh: + disabled: false + priority: 100 + extensionRef: + name: "servicemesh" + version: "0.1.0" + namespace: "extension-servicemesh" + configMap: "extension-servicemesh-0.1.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + config: | + kiali: + prometheus_url: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 + jaeger: + storage: + options: + es: + server-urls: https://opensearch-cluster-master.kubesphere-logging-system.svc:9200 + username: admin + password: admin + # secretName: jaeger-secret-opensearch + dynamicOptions: { + "rerun": "false" + } + application: + disabled: false + priority: 100 + extensionRef: + name: "openpitrix" + version: "0.0.1" + namespace: "extension-openpitrix" + configMap: "extension-openpitrix-0.0.1-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + clusterScheduling: + placement: + clusters: + - host + clusterSelector: + matchLabels: + node-role.kubernetes.io/master: "" + + dmp: + disabled: false + priority: 100 + extensionRef: + name: "dmp" + version: "2.0.0" + namespace: "extension-dmp" + configMap: "extension-dmp-2.0.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + config: | + extension: + frontend: + image: + repository: registry.cn-beijing.aliyuncs.com/kse/dmp-frontend + tag: "2.0.0" + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 300Mi + agent: + dmp: + image: + repository: registry.cn-beijing.aliyuncs.com/kse/dmp + tag: "2.0.0" + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 300Mi + whizard-notification: + disabled: false + priority: 100 + extensionRef: + name: "whizard-notification" + version: "2.5.0" + namespace: "kubesphere-logging-system" + configMap: "extension-whizard-notification-2.5.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + clusterScheduling: + placement: + clusters: + - host + clusterSelector: + matchLabels: + node-role.kubernetes.io/master: "" + + alerting: + disabled: false + priority: 200 + extensionRef: + name: "whizard-alerting" + version: "0.1.6" + namespace: "extension-whizard-alerting" + configMap: "extension-whizard-alerting-0.1.6-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + dynamicOptions: { + "rerun": "false" + } + kubeedge: + disabled: false + priority: 100 + extensionRef: + name: "kubeedge" + version: "1.13.1" + namespace: "extension-kubeedge" + configMap: "extension-kubeedge-1.13.1-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true" + dynamicOptions: { + "rerun": "false" + } + + whizard-events: + disabled: false + priority: 100 + extensionRef: + name: "whizard-events" + version: "0.1.1" + namespace: "kubesphere-logging-system" + configMap: "extension-whizard-events-0.1.1-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + + gateway: + disabled: false + priority: 100 + extensionRef: + name: "gateway" + version: "0.1.0" + namespace: "extension-gateway" + configMap: "extension-gateway-0.1.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: HostOnly + + whizard-auditing: + disabled: false + priority: 100 + extensionRef: + name: "whizard-auditing" + version: "0.1.0" + namespace: "kubesphere-logging-system" + configMap: "extension-whizard-auditing-0.1.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + + whizard-logging: + disabled: false + priority: 100 + extensionRef: + name: "whizard-logging" + version: "0.1.0" + namespace: "kubesphere-logging-system" + configMap: "extension-whizard-logging-0.1.1-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + + vector: + disabled: false + priority: 101 + extensionRef: + name: "vector" + version: "0.30.0" + namespace: "kubesphere-logging-system" + configMap: "extension-vector-0.30.0-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + + opensearch: + disabled: false + priority: 100 + extensionRef: + name: "opensearch" + version: "2.11.1" + namespace: "kubesphere-logging-system" + configMap: "extension-opensearch-2.11.1-chart" + configMapKey: "chart.tgz" + configMapNamespace: "kubesphere-system" + chartsPath: "" + installationMode: Multicluster + clusterScheduling: + placement: + clusterSelector: + matchLabels: + kubesphere.io/managed: "true"