From 939f8d9a4863096c080fc77f4b0ebfcd704b650b Mon Sep 17 00:00:00 2001 From: ci-bot Date: Thu, 14 Mar 2024 10:47:20 +0000 Subject: [PATCH] update ks-core helm chart --- src/test/ks-core/templates/builtinroles.yaml | 7 ---- src/test/ks-core/templates/clusterroles.yaml | 6 ++-- src/test/ks-core/templates/globalroles.yaml | 11 +----- src/test/ks-core/templates/webhook.yaml | 35 -------------------- 4 files changed, 3 insertions(+), 56 deletions(-) diff --git a/src/test/ks-core/templates/builtinroles.yaml b/src/test/ks-core/templates/builtinroles.yaml index 2bb48b65b..e14db6a72 100644 --- a/src/test/ks-core/templates/builtinroles.yaml +++ b/src/test/ks-core/templates/builtinroles.yaml @@ -19,7 +19,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理项目中的所有资源。", "en": "Manage all resources in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: admin rules: @@ -53,7 +52,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理项目中除用户和角色之外的资源。", "en": "Manage resources other than users and roles in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: operator rules: @@ -107,7 +105,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看项目中的所有资源。", "en": "View all resources in the project."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: viewer rules: @@ -150,7 +147,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理企业空间中的所有资源。", "en": "Manage all resources in the workspace."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: admin rules: @@ -183,7 +179,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业空间设置。", "en": "View workspace settings."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: regular rules: @@ -219,7 +214,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业设置、创建项目。", "en": "View workspace settings, create projects."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: self-provisioner rules: [] @@ -249,7 +243,6 @@ role: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看企业空间中的所有资源。", "en": "View all resources in the workspace."}' - labels: iam.kubesphere.io/auto-aggregate: "true" name: viewer rules: diff --git a/src/test/ks-core/templates/clusterroles.yaml b/src/test/ks-core/templates/clusterroles.yaml index 109ddb048..5aa0a707f 100644 --- a/src/test/ks-core/templates/clusterroles.yaml +++ b/src/test/ks-core/templates/clusterroles.yaml @@ -4,9 +4,8 @@ metadata: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "管理集群中的所有资源。", "en": "Manage all resources in the cluster."}' - name: cluster-admin - labels: iam.kubesphere.io/auto-aggregate: "true" + name: cluster-admin aggregationRoleTemplates: roleSelector: matchLabels: @@ -31,9 +30,8 @@ metadata: annotations: kubesphere.io/creator: system kubesphere.io/description: '{"zh": "查看集群中的所有资源。", "en": "View all resources in the cluster."}' - name: cluster-viewer - labels: iam.kubesphere.io/auto-aggregate: "true" + name: cluster-viewer aggregationRoleTemplates: roleSelector: matchLabels: diff --git a/src/test/ks-core/templates/globalroles.yaml b/src/test/ks-core/templates/globalroles.yaml index dff003ae8..2525d82e8 100644 --- a/src/test/ks-core/templates/globalroles.yaml +++ b/src/test/ks-core/templates/globalroles.yaml @@ -19,9 +19,8 @@ rules: apiVersion: iam.kubesphere.io/v1beta1 kind: GlobalRole metadata: - labels: - iam.kubesphere.io/auto-aggregate: "true" annotations: + iam.kubesphere.io/auto-aggregate: "true" iam.kubesphere.io/rego-override: |- package authz default allow = false @@ -129,13 +128,6 @@ rules: verbs: - get - list - - apiGroups: - - license.kubesphere.io - resources: - - licenses - verbs: - - get - - list - apiGroups: - cluster.kubesphere.io resources: @@ -168,7 +160,6 @@ metadata: allowedScopes := ["Workspace","Namespace","Cluster"] allowedScopes[_] == input.ResourceScope } - labels: iam.kubesphere.io/auto-aggregate: "true" name: platform-admin aggregationRoleTemplates: diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml index 0c3d05113..f3c6f2a95 100644 --- a/src/test/ks-core/templates/webhook.yaml +++ b/src/test/ks-core/templates/webhook.yaml @@ -284,41 +284,6 @@ webhooks: --- apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: license.kubesphere.io -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - caBundle: {{ b64enc $ca.Cert | quote }} - service: - name: ks-controller-manager - namespace: kubesphere-system - path: /license-cluster-checker - port: 443 - name: license-cluster-checker.kubesphere.io - failurePolicy: Ignore - matchPolicy: Exact - namespaceSelector: {} - objectSelector: - matchExpressions: - - key: cluster-role.kubesphere.io/host - operator: DoesNotExist - rules: - - apiGroups: - - cluster.kubesphere.io - apiVersions: - - v1alpha1 - operations: - - CREATE - resources: - - clusters - scope: '*' - sideEffects: None - timeoutSeconds: 30 ---- -apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: defaulter.config.kubesphere.io