From 89db389dda971a24af54ee933791a8203dffc078 Mon Sep 17 00:00:00 2001 From: ci-bot Date: Fri, 12 Apr 2024 14:33:00 +0800 Subject: [PATCH] update ks-core helm chart --- src/test/ks-core/CHANGELOG_zh.md | 8 ++++ src/test/ks-core/Chart.yaml | 4 +- src/test/ks-core/README.md | 37 ------------------- src/test/ks-core/templates/cert-manager.yaml | 2 +- src/test/ks-core/templates/globalroles.yaml | 2 +- src/test/ks-core/templates/ks-console.yml | 30 +++++++-------- .../templates/post-patch-system-ns-job.yaml | 2 +- src/test/ks-core/values.yaml | 8 ++-- 8 files changed, 32 insertions(+), 61 deletions(-) delete mode 100644 src/test/ks-core/README.md diff --git a/src/test/ks-core/CHANGELOG_zh.md b/src/test/ks-core/CHANGELOG_zh.md index f5148f3ae..2f2231f9f 100644 --- a/src/test/ks-core/CHANGELOG_zh.md +++ b/src/test/ks-core/CHANGELOG_zh.md @@ -18,6 +18,7 @@ KubeSphere 企业版 4.1.0 内置了丰富全能的 KubeSphere 扩展市场。 - 支持动态扩展 Resource API - 支持添加指定租户、集群、项目为快捷访问 - 支持通过容器终端进行文件上传和下载 +- 支持适配不同厂商的云原生网关 ### 优化 @@ -40,6 +41,7 @@ KubeSphere 企业版 4.1.0 内置了丰富全能的 KubeSphere 扩展市场。 - 修复潜在的企业空间资源越权访问的问题 - 修复企业空间集群授权 API 潜在的越权问题 - 修复因错误配置导致会话异常登出的问题 +- 修复添加镜像服务信息从指定仓库拉取镜像时异常的问题 - 编辑 secret 保留 ownerReferences 信息 - 修复 console 首次登录白屏和页面错误重定向问题 - 修复 Windows 环境下,console 选择框滚动问题 @@ -77,6 +79,12 @@ v4.1 版本将停止提供以下已弃用的 API: * `/resources.kubesphere.io/v1alpha2/users/{user}/kubectl` 接口已移除,终端相关操作无需再调用该接口 * 用户 web kubectl 终端 API 路径从 `/kapis/terminal.kubesphere.io/v1alpha2/namespaces/{namespace}/pods/{pod}/exec` 调整为 `/kapis/terminal.kubesphere.io/v1alpha2/users/{user}/kubectl` +##### gateway + +`gateway.kubesphere.io/v1alpha1` API 版本被移除。 + +* 配置 Ingress 查询相关网关的 API 调整为 `/kapis/gateway.kubesphere.io/v1alpha2/namespaces/{namespace}/availableingressclassscopes`。 + #### API 弃用 以下 API 标记为弃用,将在未来的版本中移除: diff --git a/src/test/ks-core/Chart.yaml b/src/test/ks-core/Chart.yaml index 04568b0f9..7e58b054b 100644 --- a/src/test/ks-core/Chart.yaml +++ b/src/test/ks-core/Chart.yaml @@ -7,12 +7,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0-rc.1 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "v4.1.0-rc.1" +appVersion: "v4.1.0" dependencies: - name: redis-ha diff --git a/src/test/ks-core/README.md b/src/test/ks-core/README.md deleted file mode 100644 index 988cf5a55..000000000 --- a/src/test/ks-core/README.md +++ /dev/null @@ -1,37 +0,0 @@ -### Upgrade from KSE 3.X - -Preparing for upgrade. - -```bash -ITEMS=( - "globalroles.iam.kubesphere.io/anonymous" - "globalroles.iam.kubesphere.io/authenticated" - "globalroles.iam.kubesphere.io/platform-admin" - "globalroles.iam.kubesphere.io/platform-regular" - "globalroles.iam.kubesphere.io/platform-self-provisioner" - "globalroles.iam.kubesphere.io/pre-registration" - "globalrolebindings.iam.kubesphere.io/admin" - "globalrolebindings.iam.kubesphere.io/anonymous" - "globalrolebindings.iam.kubesphere.io/authenticated" - "globalrolebindings.iam.kubesphere.io/pre-registration" - "workspacetemplate.tenant.kubesphere.io/system-workspace" - "-n kubesphere-system configmap/kubesphere-config" -) -for i in "${ITEMS[@]}" -do - kubectl label $i app.kubernetes.io/managed-by=Helm --overwrite - kubectl annotate $i meta.helm.sh/release-name=ks-core --overwrite - kubectl annotate $i meta.helm.sh/release-namespace=kubesphere-system --overwrite -done - -items=$(kubectl get workspace -o jsonpath='{.items[*].metadata.name}') - -for i in $items -do - network_isolation=$(kubectl get workspace $i -o jsonpath='{.spec.networkIsolation}') - - if [ "$network_isolation" == "true" ]; then - kubectl annotate workspace $i kubesphere.io/network-isolate=enabled --overwrite - fi -done -``` diff --git a/src/test/ks-core/templates/cert-manager.yaml b/src/test/ks-core/templates/cert-manager.yaml index 8796bc78d..4748ff4e2 100644 --- a/src/test/ks-core/templates/cert-manager.yaml +++ b/src/test/ks-core/templates/cert-manager.yaml @@ -27,7 +27,7 @@ spec: privateKeySecretRef: name: letsencrypt-{{ .Values.letsEncrypt.environment }} {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} - http01: { } + http01: {} {{- else }} solvers: - http01: diff --git a/src/test/ks-core/templates/globalroles.yaml b/src/test/ks-core/templates/globalroles.yaml index d5e6d4235..7f4340730 100644 --- a/src/test/ks-core/templates/globalroles.yaml +++ b/src/test/ks-core/templates/globalroles.yaml @@ -219,7 +219,7 @@ metadata: kubesphere.io/description: '{"zh": "被邀请加入企业空间之前无法访问任何资源。", "en": "Cannot access any resources before joining a workspace."}' kubesphere.io/creator: admin name: platform-regular -rules: [ ] +rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 diff --git a/src/test/ks-core/templates/ks-console.yml b/src/test/ks-core/templates/ks-console.yml index 4201f6dad..5bec79af0 100644 --- a/src/test/ks-core/templates/ks-console.yml +++ b/src/test/ks-core/templates/ks-console.yml @@ -42,17 +42,17 @@ spec: initContainers: - name: init-ca image: {{ template "kubectl.image" . }} - command: [ "/bin/sh", "-c" ] - args: [ "cp /tmp/ca.crt /usr/local/share/ca-certificates/ \ + command: ["/bin/sh", "-c"] + args: ["cp /tmp/ca.crt /usr/local/share/ca-certificates/ \ && update-ca-certificates && cp /etc/ssl/certs/ca-certificates.crt /certs/"] volumeMounts: - - name: tls-cert - mountPath: /tmp/ca.crt - subPath: ca.crt - readOnly: false - - name: sys-cert - mountPath: /certs - readOnly: false + - name: tls-cert + mountPath: /tmp/ca.crt + subPath: ca.crt + readOnly: false + - name: sys-cert + mountPath: /certs + readOnly: false {{- end }} containers: - name: ks-console @@ -142,16 +142,16 @@ metadata: name: ks-console spec: ports: - - name: nginx + - name: nginx {{- if .Values.internalTLS }} - port: 443 + port: 443 {{- else }} - port: 80 + port: 80 {{- end }} - protocol: TCP - targetPort: 8000 + protocol: TCP + targetPort: 8000 {{- with .Values.console.nodePort }} - nodePort: + nodePort: {{- toYaml . | nindent 6 }} {{- end }} selector: diff --git a/src/test/ks-core/templates/post-patch-system-ns-job.yaml b/src/test/ks-core/templates/post-patch-system-ns-job.yaml index bb7d55547..f1d3c2b8d 100644 --- a/src/test/ks-core/templates/post-patch-system-ns-job.yaml +++ b/src/test/ks-core/templates/post-patch-system-ns-job.yaml @@ -13,7 +13,7 @@ spec: serviceAccountName: {{ include "ks-core.serviceAccountName" . }} containers: - name: post-patch-system-ns - image: {{ template "kubectl.image" . }} + image: {{ template "kubectl.image" . }} command: - /bin/bash - -c diff --git a/src/test/ks-core/values.yaml b/src/test/ks-core/values.yaml index 6aca549a8..235bc17fa 100644 --- a/src/test/ks-core/values.yaml +++ b/src/test/ks-core/values.yaml @@ -2,7 +2,7 @@ ## @param global.tag Global Docker image tag global: imageRegistry: registry.cn-beijing.aliyuncs.com - tag: v4.1.0-rc.1 + tag: v4.1.0 imagePullSecrets: [] ## @param nameOverride String to partially override common.names.fullname @@ -104,7 +104,7 @@ apiserver: repository: kse/ks-apiserver tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent ## Optionally, specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -154,7 +154,7 @@ console: repository: kse/ks-console tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent ## Optionally, specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -196,7 +196,7 @@ controller: repository: kse/ks-controller-manager tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent ## Optionally, specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/