diff --git a/src/test/ks-core/Chart.yaml b/src/test/ks-core/Chart.yaml index 80cb876d..8f4f3b68 100644 --- a/src/test/ks-core/Chart.yaml +++ b/src/test/ks-core/Chart.yaml @@ -7,7 +7,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.18 +version: 0.6.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/src/test/ks-core/crds/kubesphere.io_repositories.yaml b/src/test/ks-core/crds/kubesphere.io_repositories.yaml index 5b4a611e..7cea525d 100644 --- a/src/test/ks-core/crds/kubesphere.io_repositories.yaml +++ b/src/test/ks-core/crds/kubesphere.io_repositories.yaml @@ -49,6 +49,9 @@ spec: username: type: string type: object + caBundle: + description: if the caBundle is empty, use --insecure-skip-tls-verify. + type: string description: type: string image: diff --git a/src/test/ks-core/templates/globalroles.yaml b/src/test/ks-core/templates/globalroles.yaml index d5e6d423..6f4c2f48 100644 --- a/src/test/ks-core/templates/globalroles.yaml +++ b/src/test/ks-core/templates/globalroles.yaml @@ -140,13 +140,6 @@ rules: verbs: - get - list - - apiGroups: - - license.kubesphere.io - resources: - - licenses - verbs: - - get - - list - apiGroups: - cluster.kubesphere.io resources: diff --git a/src/test/ks-core/templates/kubesphere-config.yaml b/src/test/ks-core/templates/kubesphere-config.yaml index cab3a92e..41741893 100644 --- a/src/test/ks-core/templates/kubesphere-config.yaml +++ b/src/test/ks-core/templates/kubesphere-config.yaml @@ -21,7 +21,7 @@ data: accessTokenInactivityTimeout: {{ .Values.authentication.issuer.accessTokenInactivityTimeout }} {{- if .Values.s3 }} s3: - endpoint: {{ .Values.s3.endpoint | default "" }} + endpoint: {{ .Values.s3.endpoint | quote }} region: {{ .Values.s3.region | default "us-east-1" }} disableSSL: {{ .Values.s3.disableSSL | default true }} forcePathStyle: {{ .Values.s3.forcePathStyle | default true }} @@ -71,4 +71,4 @@ data: password: KUBESPHERE_CACHE_OPTIONS_PASSWORD db: 0 {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/src/test/ks-core/templates/post-upgrade-job.yaml b/src/test/ks-core/templates/post-upgrade-job.yaml index 78737074..586c6a1f 100644 --- a/src/test/ks-core/templates/post-upgrade-job.yaml +++ b/src/test/ks-core/templates/post-upgrade-job.yaml @@ -20,23 +20,27 @@ spec: - ks-upgrade - post-upgrade - --logtostderr=true - - --config=/etc/kubesphere/ks-upgrade.yaml + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} volumeMounts: - - mountPath: /etc/kubesphere/ + {{- if .Values.upgrade.config }} + - mountPath: /etc/kubesphere/config-patch.yaml name: config - {{- if not .Values.upgrade.storage.s3.endpoint }} + subPath: config-patch.yaml + {{- end }} - mountPath: /tmp/ks-upgrade name: data - {{- end }} resources: {{- toYaml .Values.upgrade.resources | nindent 12 }} volumes: + {{- if .Values.upgrade.config }} - name: config configMap: name: {{ .Release.Name }}-upgrade-config defaultMode: 420 - {{- if not .Values.upgrade.storage.s3.endpoint }} + {{- end }} - name: data persistentVolumeClaim: claimName: {{ .Values.upgrade.persistenceVolume.name }} - {{- end }} {{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/pre-upgrade-job.yaml b/src/test/ks-core/templates/pre-upgrade-job.yaml index 7a81022b..91ed504a 100644 --- a/src/test/ks-core/templates/pre-upgrade-job.yaml +++ b/src/test/ks-core/templates/pre-upgrade-job.yaml @@ -1,4 +1,5 @@ {{- if not .Values.upgrade.disabled }} +{{- if .Values.upgrade.config }} apiVersion: v1 kind: ConfigMap metadata: @@ -8,20 +9,11 @@ metadata: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-1" data: - ks-upgrade.yaml: | - storage: - {{- if .Values.upgrade.storage.s3.endpoint }} - s3: {{- toYaml .Values.upgrade.storage.s3 | nindent 8 }} - {{- else }} - local: - path: {{ .Values.upgrade.storage.local.path }} - {{- end }} - download: {{- toYaml .Values.upgrade.download | nindent 6 }} - skipValidator: {{ .Values.upgrade.skipValidator }} - jobs: {{- toYaml .Values.upgrade.jobs | nindent 6 }} + config-patch.yaml: | + {{- toYaml .Values.upgrade.config | nindent 4 }} +{{- end }} --- -{{- if not .Values.upgrade.storage.s3.endpoint }} {{- if not (lookup "v1" "PersistentVolumeClaim" .Release.Namespace .Values.upgrade.persistenceVolume.name) }} kind: PersistentVolumeClaim apiVersion: v1 @@ -42,7 +34,6 @@ spec: storage: {{ .Values.upgrade.persistenceVolume.size | quote }} storageClassName: {{ .Values.upgrade.persistenceVolume.storageClassName }} {{- end }} -{{- end }} --- apiVersion: batch/v1 @@ -66,23 +57,27 @@ spec: - ks-upgrade - pre-upgrade - --logtostderr=true - - --config=/etc/kubesphere/ks-upgrade.yaml + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} volumeMounts: - - mountPath: /etc/kubesphere/ + {{- if .Values.upgrade.config }} + - mountPath: /etc/kubesphere/config-patch.yaml name: config - {{- if not .Values.upgrade.storage.s3.endpoint }} + subPath: config-patch.yaml + {{- end }} - mountPath: /tmp/ks-upgrade name: data - {{- end }} resources: {{- toYaml .Values.upgrade.resources | nindent 12 }} volumes: + {{- if .Values.upgrade.config }} - name: config configMap: name: {{ .Release.Name }}-upgrade-config defaultMode: 420 - {{- if not .Values.upgrade.storage.s3.endpoint }} + {{- end }} - name: data persistentVolumeClaim: claimName: {{ .Values.upgrade.persistenceVolume.name }} - {{- end }} {{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/prepare-upgrade-job.yaml b/src/test/ks-core/templates/prepare-upgrade-job.yaml index 13836d1d..8d8221f1 100644 --- a/src/test/ks-core/templates/prepare-upgrade-job.yaml +++ b/src/test/ks-core/templates/prepare-upgrade-job.yaml @@ -1,21 +1,14 @@ {{- if .Values.upgrade.prepare }} +{{- if .Values.upgrade.config }} apiVersion: v1 kind: ConfigMap metadata: name: ks-upgrade-prepare-config namespace: {{ .Release.Namespace }} data: - ks-upgrade.yaml: | - storage: - {{- if .Values.upgrade.storage.s3.endpoint }} - s3: {{- toYaml .Values.upgrade.storage.s3 | nindent 8 }} - {{- else }} - local: - path: {{ .Values.upgrade.storage.local.path }} - {{- end }} - download: {{- toYaml .Values.upgrade.download | nindent 6 }} - skipValidator: {{ .Values.upgrade.skipValidator }} - jobs: {{- toYaml .Values.upgrade.jobs | nindent 6 }} + config-patch.yaml: | + {{- toYaml .Values.upgrade.config | nindent 4 }} +{{- end }} --- apiVersion: batch/v1 @@ -36,14 +29,22 @@ spec: - ks-upgrade - prepare-upgrade - --logtostderr=true - - --config=/etc/kubesphere/ks-upgrade.yaml + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} + {{- if .Values.upgrade.config }} volumeMounts: - - mountPath: /etc/kubesphere/ + - mountPath: /etc/kubesphere/config-patch.yaml name: config + subPath: config-patch.yaml + {{- end }} resources: {{- toYaml .Values.upgrade.resources | nindent 12 }} + {{- if .Values.upgrade.config }} volumes: - name: config configMap: name: ks-upgrade-prepare-config defaultMode: 420 + {{- end }} {{- end }} \ No newline at end of file diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml index b29c941a..3589fb75 100644 --- a/src/test/ks-core/templates/webhook.yaml +++ b/src/test/ks-core/templates/webhook.yaml @@ -327,41 +327,6 @@ webhooks: --- apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: license.kubesphere.io -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - caBundle: {{ b64enc $ca.Cert | quote }} - service: - name: ks-controller-manager - namespace: kubesphere-system - path: /license-cluster-checker - port: 443 - name: license-cluster-checker.kubesphere.io - failurePolicy: Ignore - matchPolicy: Exact - namespaceSelector: {} - objectSelector: - matchExpressions: - - key: cluster-role.kubesphere.io/host - operator: DoesNotExist - rules: - - apiGroups: - - cluster.kubesphere.io - apiVersions: - - v1alpha1 - operations: - - CREATE - resources: - - clusters - scope: '*' - sideEffects: None - timeoutSeconds: 30 ---- -apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: defaulter.config.kubesphere.io diff --git a/src/test/ks-core/values.yaml b/src/test/ks-core/values.yaml index aea64d5f..d3a22a1d 100644 --- a/src/test/ks-core/values.yaml +++ b/src/test/ks-core/values.yaml @@ -245,7 +245,7 @@ kubectl: image: registry: "" repository: kubesphereio/kubectl - tag: "v1.27.4" + tag: "v1.27.12" pullPolicy: IfNotPresent ingress: @@ -273,9 +273,9 @@ certmanager: nodeShell: image: - registry: "docker.io" - repository: alpine - tag: "3.18.4" + registry: "" + repository: kubesphereio/kubectl + tag: "v1.27.12" pullPolicy: IfNotPresent cloud: @@ -311,16 +311,6 @@ upgrade: repository: kse/ks-upgrade tag: "" pullPolicy: Always - storage: - s3: - endpoint: "" - bucket: "" - region: "" - disableSSL: true - access_key_id: "" - secret_access_key: "" - local: - path: /tmp/ks-upgrade persistenceVolume: name: ks-upgrade storageClassName: "" @@ -333,323 +323,90 @@ upgrade: requests: cpu: 20m memory: 100Mi - jobs: - core: - disabled: false - priority: 10000 - network: - disabled: true - priority: 100 - extensionRef: - name: "network" - version: "1.0.0" - namespace: "extension-network" - configMap: "network-extension-1.0.0-chart" - configMapKey: "charts.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" - dynamicOptions: { - "rerun": "false" - } - iam: - disabled: false - priority: 100 - devops: - disabled: true - priority: 100 - extensionRef: - version: "1.1.0" - installationMode: Multicluster - clusterScheduling: - placement: - clusters: - - host - config: | - global: - image: - registry: - pullSecrets: [] - agent: - jenkins: - securityRealm: - openIdConnect: - # The kubesphere-core api used for jenkins OIDC - # If want to access to jenkinsUI, the kubesphereCoreApi must be specified and browser-accessible - # Modifying this configuration will take effect during installation - # If you wish for changes to take effect after installation, you need to update the jenkins-casc-config ConfigMap,copy the securityRealm configuration from jenkins.yaml to jenkins_user.yaml, save, and wait for approximately 70 seconds for the changes to take effect. - kubesphereCoreApi: "http://ks-apiserver.kubesphere-system.svc:30881" - dynamicOptions: {} - storage-utils: - disabled: true - priority: 100 - extensionRef: - name: "storage-utils" - version: "1.0.0" - namespace: "extension-storage-utils" - configMap: "extension-storage-utils-1.0.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - config: | - backend: - pvcAutoResizer: - commandArgs: - prometheusUrl: "http://prometheus-k8s.kubesphere-monitoring-system:9090" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" - dynamicOptions: { - "rerun": "false" - } - tower: - disabled: true - priority: 100 - extensionRef: - name: "tower" - version: "1.0.0" - namespace: "extension-tower" - configMap: "extension-tower-1.0.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: HostOnly - kubefed: - disabled: true - priority: 100 - extensionRef: - name: "kubefed" - version: "1.0.0" - namespace: "kube-federation-system" - configMap: "extension-kubefed-1.0.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: HostOnly - whizard-monitoring: - disabled: true - priority: 100 - extensionRef: - name: "whizard-monitoring" - version: "1.0.0" - namespace: "extension-whizard-monitoring" - configMap: "extension-whizard-monitoring-1.0.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" - springcloud: - disabled: true - priority: 100 - extensionRef: - name: "springcloud" - version: "0.1.0" - namespace: "extension-springcloud" - configMap: "extension-springcloud-0.1.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - servicemesh: - disabled: true - priority: 100 - extensionRef: - name: "servicemesh" - version: "0.1.0" - namespace: "extension-servicemesh" - configMap: "extension-servicemesh-0.1.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - config: | - kiali: - prometheus_url: http://prometheus-k8s.kubesphere-monitoring-system.svc:9090 - jaeger: - storage: - options: - es: - server-urls: https://opensearch-cluster-master.kubesphere-logging-system.svc:9200 - username: admin - password: admin - # secretName: jaeger-secret-opensearch - dynamicOptions: { - "rerun": "false" - } - application: - disabled: true - priority: 100 - extensionRef: - name: "openpitrix" - version: "0.0.1" - namespace: "extension-openpitrix" - installationMode: HostOnly - - dmp: - disabled: true - priority: 100 - extensionRef: - name: "dmp" - version: "2.1.0" - namespace: "extension-dmp" - installationMode: Multicluster - - whizard-notification: - disabled: true - priority: 100 - extensionRef: - name: "whizard-notification" - version: "2.5.0" - namespace: "kubesphere-logging-system" - configMap: "extension-whizard-notification-2.5.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: HostOnly - clusterScheduling: - placement: - clusters: - - host - clusterSelector: - matchLabels: - node-role.kubernetes.io/master: "" - - alerting: - disabled: true - priority: 200 - extensionRef: - name: "whizard-alerting" - version: "0.1.6" - namespace: "extension-whizard-alerting" - configMap: "extension-whizard-alerting-0.1.6-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" - dynamicOptions: { - "rerun": "false" - } - kubeedge: - disabled: true - priority: 100 - extensionRef: - name: "kubeedge" - version: "1.13.1" - namespace: "extension-kubeedge" - configMap: "extension-kubeedge-1.13.1-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" - dynamicOptions: { - "rerun": "false" - } - - whizard-events: - disabled: true - priority: 100 - extensionRef: - name: "whizard-events" - version: "0.1.1" - namespace: "kubesphere-logging-system" - configMap: "extension-whizard-events-0.1.1-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - - gateway: - disabled: true - priority: 100 - extensionRef: - name: "gateway" - version: "0.1.0" - namespace: "extension-gateway" - configMap: "extension-gateway-0.1.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - - whizard-auditing: - disabled: true - priority: 100 - extensionRef: - name: "whizard-auditing" - version: "0.1.0" - namespace: "kubesphere-logging-system" - configMap: "extension-whizard-auditing-0.1.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - - whizard-logging: - disabled: true - priority: 100 - extensionRef: - name: "whizard-logging" - version: "0.1.0" - namespace: "kubesphere-logging-system" - configMap: "extension-whizard-logging-0.1.1-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - - vector: - disabled: true - priority: 101 - extensionRef: - name: "vector" - version: "0.30.0" - namespace: "kubesphere-logging-system" - configMap: "extension-vector-0.30.0-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - - opensearch: - disabled: true - priority: 100 - extensionRef: - name: "opensearch" - version: "2.11.1" - namespace: "kubesphere-logging-system" - configMap: "extension-opensearch-2.11.1-chart" - configMapKey: "chart.tgz" - configMapNamespace: "kubesphere-system" - chartsPath: "" - installationMode: Multicluster - clusterScheduling: - placement: - clusterSelector: - matchLabels: - kubesphere.io/managed: "true" + config: {} +# storage: +# local: +# path: /tmp/ks-upgrade +# download: +# globalRegistryUrl: "oci://hub.kubesphere.com.cn/kse-extensions" +# file: {} +# http: +# timeout: 20 +# oci: {} +# skipValidator: false +# jobs: +# core: +# disabled: false +# priority: 10000 +# iam: +# disabled: false +# priority: 999 +# network: +# disabled: true +# priority: 100 +# devops: +# disabled: true +# priority: 100 +# storage-utils: +# disabled: true +# priority: 100 +# tower: +# disabled: true +# priority: 100 +# kubefed: +# disabled: true +# priority: 100 +# whizard-monitoring: +# disabled: true +# priority: 100 +# springcloud: +# disabled: true +# priority: 100 +# servicemesh: +# disabled: true +# priority: 90 +# application: +# disabled: true +# priority: 100 +# dmp: +# disabled: true +# priority: 100 +# whizard-notification: +# disabled: true +# priority: 100 +# whizard-alerting: +# disabled: true +# priority: 10 +# kubeedge: +# disabled: true +# priority: 100 +# whizard-events: +# disabled: true +# priority: 100 +# gateway: +# disabled: true +# priority: 90 +# whizard-auditing: +# disabled: true +# priority: 100 +# whizard-logging: +# disabled: true +# priority: 100 +# vector: +# disabled: true +# priority: 101 +# opensearch: +# disabled: true +# priority: 100 +# whizard-telemetry-ruler: +# disabled: true +# priority: 100 +# whizard-telemetry: +# disabled: true +# priority: 100 +# metrics-server: +# disabled: true +# priority: 100 ha: enabled: false