diff --git a/config/ks-core/templates/NOTES.txt b/config/ks-core/templates/NOTES.txt index bf806549d..42109ab62 100644 --- a/config/ks-core/templates/NOTES.txt +++ b/config/ks-core/templates/NOTES.txt @@ -8,7 +8,7 @@ Please be patient and wait for several seconds for the KubeSphere deployment to kubectl get pods -n {{ .Release.Namespace }} -{{- if or (eq .Values.role "") (eq .Values.role "host") }} +{{- if or (eq .Values.multicluster.role "") (eq .Values.multicluster.role "host") }} 2. Access the KubeSphere Console Once the deployment is complete, you can access the KubeSphere console using the following URL: {{"\n"}} diff --git a/config/ks-core/templates/_helpers.tpl b/config/ks-core/templates/_helpers.tpl index d548bce4b..4a8e141c1 100644 --- a/config/ks-core/templates/_helpers.tpl +++ b/config/ks-core/templates/_helpers.tpl @@ -116,8 +116,8 @@ Create the name of the secret of sa token. {{- end }} {{- end }} -{{- define "role" -}} -{{- if eq .Values.role "" }} +{{- define "multicluster.role" -}} +{{- if eq $.Values.multicluster.role "" }} {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }} {{- with (fromYaml (index .data "kubesphere.yaml")) }} {{- if and .multicluster (.multicluster).clusterRole }} @@ -127,36 +127,36 @@ Create the name of the secret of sa token. {{- .multicluster.clusterRole }} {{- end }} {{- else }} -{{- $.Values.role | default "host" }} +{{- $.Values.multicluster.role | default "host" }} {{- end }} {{- else }} -{{- $.Values.role | default "host" }} +{{- $.Values.multicluster.role | default "host" }} {{- end }} {{- else }} -{{- $.Values.role | default "host" }} +{{- $.Values.multicluster.role | default "host" }} {{- end }} {{- else }} -{{- .Values.role }} +{{- $.Values.multicluster.role }} {{- end }} {{- end }} -{{- define "hostClusterName" -}} -{{- if eq .Values.hostClusterName "" }} +{{- define "multicluster.hostClusterName" -}} +{{- if eq $.Values.multicluster.hostClusterName "" }} {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }} {{- with (fromYaml (index .data "kubesphere.yaml")) }} {{- if and .multicluster (.multicluster).hostClusterName }} {{- .multicluster.hostClusterName }} {{- else }} -{{- $.Values.hostClusterName | default "host" }} +{{- $.Values.multicluster.hostClusterName | default "host" }} {{- end }} {{- else }} -{{- $.Values.hostClusterName | default "host" }} +{{- $.Values.multicluster.hostClusterName | default "host" }} {{- end }} {{- else }} -{{- $.Values.hostClusterName | default "host" }} +{{- $.Values.multicluster.hostClusterName | default "host" }} {{- end }} {{- else }} -{{- .Values.hostClusterName }} +{{- $.Values.multicluster.hostClusterName }} {{- end }} {{- end }} diff --git a/config/ks-core/templates/extension-categories.yaml b/config/ks-core/templates/extension-categories.yaml index d0b0540a8..3bf1daac6 100644 --- a/config/ks-core/templates/extension-categories.yaml +++ b/config/ks-core/templates/extension-categories.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} --- apiVersion: kubesphere.io/v1alpha1 kind: Category diff --git a/config/ks-core/templates/extension-museum.yaml b/config/ks-core/templates/extension-museum.yaml index b6c2a5c64..977b9543c 100644 --- a/config/ks-core/templates/extension-museum.yaml +++ b/config/ks-core/templates/extension-museum.yaml @@ -1,4 +1,4 @@ -{{- if and (eq (include "role" .) "host") .Values.ksExtensionRepository.enabled }} +{{- if and (eq (include "multicluster.role" .) "host") .Values.ksExtensionRepository.enabled }} {{- $ca := genCA "self-signed-ca" 3650 }} {{- $cn := printf "%s-extensions-museum" .Release.Name }} diff --git a/config/ks-core/templates/globalroles.yaml b/config/ks-core/templates/globalroles.yaml index 68cb33c69..49b393ecf 100644 --- a/config/ks-core/templates/globalroles.yaml +++ b/config/ks-core/templates/globalroles.yaml @@ -10,6 +10,14 @@ rules: verbs: - get - list + - apiGroups: + - extensions.kubesphere.io + resources: + - '*' + verbs: + - get + - list + - watch - nonResourceURLs: - '/static/images/*' verbs: diff --git a/config/ks-core/templates/ks-agent.yaml b/config/ks-core/templates/ks-agent.yaml index 39e4f06ea..c3c00ec26 100644 --- a/config/ks-core/templates/ks-agent.yaml +++ b/config/ks-core/templates/ks-agent.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "member" }} +{{ if eq (include "multicluster.role" .) "member" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/ks-core/templates/ks-apiserver.yaml b/config/ks-core/templates/ks-apiserver.yaml index c09a65aa7..514efe9f0 100644 --- a/config/ks-core/templates/ks-apiserver.yaml +++ b/config/ks-core/templates/ks-apiserver.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/ks-core/templates/ks-console.yaml b/config/ks-core/templates/ks-console.yaml index 0dcb873dc..64b4e22a2 100644 --- a/config/ks-core/templates/ks-console.yaml +++ b/config/ks-core/templates/ks-console.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/ks-core/templates/ks-controller-manager.yaml b/config/ks-core/templates/ks-controller-manager.yaml index 3662fc5e1..7fa3ee147 100644 --- a/config/ks-core/templates/ks-controller-manager.yaml +++ b/config/ks-core/templates/ks-controller-manager.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/ks-core/templates/kubesphere-config.yaml b/config/ks-core/templates/kubesphere-config.yaml index fe83655b2..6480fa752 100644 --- a/config/ks-core/templates/kubesphere-config.yaml +++ b/config/ks-core/templates/kubesphere-config.yaml @@ -13,7 +13,7 @@ data: url: {{ include "portal.url" . | quote }} jwtSecret: {{ include "jwtSecret" . | quote }} maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }} - {{- if eq (include "role" .) "member" }} + {{- if eq (include "multicluster.role" .) "member" }} accessTokenMaxAge: 0s {{- else }} accessTokenMaxAge: {{ .Values.authentication.issuer.accessTokenMaxAge }} @@ -30,8 +30,8 @@ data: bucket: {{ .Values.s3.bucket | default "uploads" }} {{- end }} multicluster: - clusterRole: {{ include "role" . | quote }} - hostClusterName: {{ include "hostClusterName" . | include "validateHostClusterName" | quote }} + clusterRole: {{ include "multicluster.role" . | quote }} + hostClusterName: {{ include "multicluster.hostClusterName" . | include "validateHostClusterName" | quote }} terminal: kubectl: image: {{ template "kubectl.image" . }} @@ -69,7 +69,7 @@ data: appSelector: {{ .Values.composedApp.appSelector | quote }} kubesphere: tls: {{ .Values.internalTLS }} - {{- if and (eq (include "role" .) "host") .Values.ha.enabled -}} + {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}} {{- if .Values.ha.cache }} cache: {{- toYaml .Values.ha.cache | nindent 6}} {{- else }} diff --git a/config/ks-core/templates/oauthclient-config.yaml b/config/ks-core/templates/oauthclient-config.yaml index a97f84779..484a06654 100644 --- a/config/ks-core/templates/oauthclient-config.yaml +++ b/config/ks-core/templates/oauthclient-config.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} apiVersion: v1 stringData: configuration.yaml: | diff --git a/config/ks-core/templates/platformconfig-telemetry.yaml b/config/ks-core/templates/platformconfig-telemetry.yaml index f4b10c67c..e039f97ab 100644 --- a/config/ks-core/templates/platformconfig-telemetry.yaml +++ b/config/ks-core/templates/platformconfig-telemetry.yaml @@ -1,4 +1,4 @@ -{{- if eq (include "role" .) "host" }} +{{- if eq (include "multicluster.role" .) "host" }} apiVersion: v1 kind: Secret metadata: diff --git a/config/ks-core/templates/redis.yaml b/config/ks-core/templates/redis.yaml index 767fd660c..061917e8b 100644 --- a/config/ks-core/templates/redis.yaml +++ b/config/ks-core/templates/redis.yaml @@ -1,3 +1,4 @@ +{{- if eq (include "multicluster.role" .) "host" }} {{- if and .Values.ha.enabled (not .Values.ha.cache) }} {{- if lookup "v1" "Secret" "kubesphere-system" "redis-secret" }} {{- lookup "v1" "Secret" "kubesphere-system" "redis-secret" | toYaml }} @@ -127,3 +128,4 @@ spec: {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/config/ks-core/templates/services.yaml b/config/ks-core/templates/services.yaml index 94654c80b..128fa0b1f 100644 --- a/config/ks-core/templates/services.yaml +++ b/config/ks-core/templates/services.yaml @@ -23,7 +23,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} selector: - {{- if eq (include "role" .) "host" }} + {{- if eq (include "multicluster.role" .) "host" }} app: ks-apiserver {{- else }} app: ks-agent @@ -52,7 +52,7 @@ spec: protocol: TCP targetPort: 8443 selector: - {{- if eq (include "role" .) "host" }} + {{- if eq (include "multicluster.role" .) "host" }} app: ks-controller-manager {{- else }} app: ks-agent diff --git a/config/ks-core/templates/webhook.yaml b/config/ks-core/templates/webhook.yaml index bf274d72c..1053bd76d 100644 --- a/config/ks-core/templates/webhook.yaml +++ b/config/ks-core/templates/webhook.yaml @@ -14,7 +14,7 @@ metadata: name: ks-controller-manager-webhook-cert type: Opaque -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -173,7 +173,7 @@ kind: ValidatingWebhookConfiguration metadata: name: extensions.kubesphere.io webhooks: - {{- if eq (include "role" .) "host" }} + {{- if eq (include "multicluster.role" .) "host" }} - admissionReviewVersions: - v1 clientConfig: @@ -321,7 +321,7 @@ webhooks: sideEffects: None timeoutSeconds: 30 -{{- if eq (include "role" .) "host" }} +{{- if eq (include "multicluster.role" .) "host" }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration diff --git a/config/ks-core/templates/workspace.yaml b/config/ks-core/templates/workspace.yaml index 521252180..c89941710 100644 --- a/config/ks-core/templates/workspace.yaml +++ b/config/ks-core/templates/workspace.yaml @@ -1,4 +1,4 @@ -{{ if eq (include "role" .) "host" }} +{{ if eq (include "multicluster.role" .) "host" }} apiVersion: tenant.kubesphere.io/v1beta1 kind: WorkspaceTemplate metadata: diff --git a/config/ks-core/values.yaml b/config/ks-core/values.yaml index b23e935b3..bd861c950 100644 --- a/config/ks-core/values.yaml +++ b/config/ks-core/values.yaml @@ -21,10 +21,10 @@ commonAnnotations: {} ## Role represents the role of the current cluster, ## and it can have one of two values: "host" or "member". ## Priority: specified in values > get from kubesphere-config > default role (host) -role: "" - -## Priority: specified in values > get from kubesphere-config > default name (host) -hostClusterName: "" +multicluster: + role: "" + ## Priority: specified in values > get from kubesphere-config > default name (host) + hostClusterName: "" portal: ## The IP address or hostname to access ks-console service. diff --git a/pkg/controller/cluster/helper.go b/pkg/controller/cluster/helper.go index d55b51030..6c7a7c44f 100644 --- a/pkg/controller/cluster/helper.go +++ b/pkg/controller/cluster/helper.go @@ -72,7 +72,8 @@ func installKSCoreInMemberCluster(kubeConfig []byte, jwtSecret, chartPath string // Override some necessary values values["role"] = "member" - // disable upgrade to prevent execution of ks-upgrade + values["multicluster"] = map[string]string{"role": "member"} + // disable upgrade to prevent execution of kse-upgrade values["upgrade"] = map[string]interface{}{ "enabled": false, }