admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create helm chart for ks-core

Browse Source 
Signed-off-by: Roland.Ma <rolandma@yunify.com>
This commit is contained in:
Roland.Ma
2021-05-19 07:10:04 +00:00
parent 738b1eecc4
commit 2a258c4530
18 changed files with 1535 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@@ -90,6 +90,13 @@ docker-build: all
docker-build-no-test: ks-apiserver ks-controller-manager docker-build-no-test: ks-apiserver ks-controller-manager
hack/docker_build.sh hack/docker_build.sh
helm-package:
ls config/crds/ | grep -v types.kubefed.io | xargs -i cp -r config/crds/{} config/ks-core/crds/
helm package config/ks-core --app-version=v3.1.0 --version=0.1.0 -d ./bin
helm-deploy:
helm upgrade --install ks-core ./config/ks-core -n kubesphere-system --create-namespace
# Run tests # Run tests
test: fmt vet test: fmt vet
export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=2m; go test ./pkg/... ./cmd/... -covermode=atomic -coverprofile=coverage.txt export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=2m; go test ./pkg/... ./cmd/... -covermode=atomic -coverprofile=coverage.txt

23
config/ks-core/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

15
config/ks-core/Chart.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v2
name: ks-core
description: A Helm chart for KubeSphere Core components
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "v3.1.0"

0
config/ks-core/crds/.gitkeep Normal file
View File

0
config/ks-core/templates/NOTES.txt Normal file
View File

63
config/ks-core/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ks-core.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ks-core.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ks-core.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ks-core.labels" -}}
helm.sh/chart: {{ include "ks-core.chart" . }}
{{ include "ks-core.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ks-core.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ks-core.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ks-core.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ks-core.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

129
config/ks-core/templates/ks-apiserver.yml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-apiserver
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-apiserver
namespace: kubesphere-system
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
template:
metadata:
labels:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- ks-apiserver
- --logtostderr=true
image: {{ .Values.image.ks_apiserver_repo }}:{{ .Values.image.ks_apiserver_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-apiserver
ports:
- containerPort: 9090
protocol: TCP
resources:
{{- toYaml .Values.apiserverResources | nindent 12 }}
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
- mountPath: /etc/kubesphere/ingress-controller
name: ks-router-config
- mountPath: /etc/kubesphere/
name: kubesphere-config
- mountPath: /etc/localtime
name: host-time
livenessProbe:
failureThreshold: 8
httpGet:
path: /kapis/version
port: 9090
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ""
{{- if gt .Values.replicaCount 1.0 }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ks-apiserver
namespaces:
- kubesphere-system
{{- end }}
volumes:
- hostPath:
path: /var/run/docker.sock
type: ""
name: docker-sock
- configMap:
defaultMode: 420
name: ks-router-config
name: ks-router-config
- configMap:
defaultMode: 420
name: kubesphere-config
name: kubesphere-config
- hostPath:
path: /etc/localtime
type: ""
name: host-time
---
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/created-by: kubesphere.io/ks-apiserver
labels:
app: ks-apiserver
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-apiserver
namespace: kubesphere-system
spec:
ports:
- port: 80
protocol: TCP
targetPort: 9090
selector:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
type: ClusterIP

28
config/ks-core/templates/ks-console-config.yml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
data:
local_config.yaml: |
server:
http:
hostname: localhost
port: 8000
static:
production:
/public: server/public
/assets: dist/assets
/dist: dist
redis:
port: 6379
host: redis.kubesphere-system.svc
redisTimeout: 5000
sessionTimeout: 7200000
client:
version:
kubesphere: {{ .Chart.AppVersion }}
kubernetes: {{ .Values.kube_version }}
openpitrix: {{ .Chart.AppVersion }}
enableKubeConfig: true
kind: ConfigMap
metadata:
name: ks-console-config
namespace: kubesphere-system

118
config/ks-core/templates/ks-console.yml Normal file
View File

@@ -0,0 +1,118 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-console
tier: frontend
version: {{ .Chart.AppVersion }}
name: ks-console
namespace: kubesphere-system
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ks-console
tier: frontend
template:
metadata:
labels:
app: ks-console
tier: frontend
spec:
containers:
- image: {{ .Values.image.ks_console_repo }}:{{ .Values.image.ks_console_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-console
resources:
{{- toYaml .Values.consoleResources | nindent 12 }}
volumeMounts:
- mountPath: /opt/kubesphere/console/server/local_config.yaml
name: ks-console-config
subPath: local_config.yaml
- mountPath: /opt/kubesphere/console/server/sample
name: sample-bookinfo
- mountPath: /etc/localtime
name: host-time
livenessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 15
periodSeconds: 10
successThreshold: 1
failureThreshold: 8
serviceAccount: kubesphere
serviceAccountName: kubesphere
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ""
{{- if gt .Values.replicaCount 1.0 }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ks-console
namespaces:
- kubesphere-system
{{- end }}
volumes:
- configMap:
defaultMode: 420
name: ks-console-config
items:
- key: local_config.yaml
path: local_config.yaml
name: ks-console-config
- configMap:
defaultMode: 420
name: sample-bookinfo
name: sample-bookinfo
- hostPath:
path: /etc/localtime
type: ""
name: host-time
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ks-console
tier: frontend
version: {{ .Chart.AppVersion }}
name: ks-console
namespace: kubesphere-system
spec:
ports:
- name: nginx
port: 80
protocol: TCP
targetPort: 8000
{{- with .Values.console.port }}
nodePort:
{{- toYaml . | nindent 6 }}
{{- end }}
selector:
app: ks-console
tier: frontend
type: {{ .Values.console.type }}

129
config/ks-core/templates/ks-controller-manager.yaml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-controller-manager
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-controller-manager
namespace: kubesphere-system
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
progressDeadlineSeconds: 600
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: 10
selector:
matchLabels:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
template:
metadata:
labels:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- controller-manager
- --logtostderr=true
- --leader-elect=true
image: {{ .Values.image.ks_controller_manager_repo }}:{{ .Values.image.ks_controller_manager_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-controller-manager
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
resources:
{{- toYaml .Values.controllerManagerResources | nindent 12 }}
volumeMounts:
- mountPath: /etc/kubesphere/
name: kubesphere-config
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-secret
- mountPath: /var/lib/kubelet/plugins/
name: kubelet-plugin
- mountPath: /etc/localtime
name: host-time
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
terminationGracePeriodSeconds: 30
volumes:
- name: kubesphere-config
configMap:
name: kubesphere-config
defaultMode: 420
- name: webhook-secret
secret:
defaultMode: 420
secretName: ks-controller-manager-webhook-cert
- name: kubelet-plugin
hostPath:
path: /var/lib/kubelet/plugins/
type: DirectoryOrCreate
- hostPath:
path: /etc/localtime
type: ""
name: host-time
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ""
{{- if gt .Values.replicaCount 1.0 }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ks-controller-manager
namespaces:
- kubesphere-system
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ks-controller-manager
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-controller-manager
namespace: kubesphere-system
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
sessionAffinity: None
type: ClusterIP

10
config/ks-core/templates/ks-router-cm.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ks-router-config
namespace: kubesphere-system
data:
ingress-controller-svc.yaml: |+
{{- include "ingress-controller-svc.yaml" . }}
ingress-controller.yaml: |
{{- include "ingress-controller.yaml" . }}

96
config/ks-core/templates/ks-router-config.tpl Normal file
View File

@@ -0,0 +1,96 @@
{{/* vim: set filetype=mustache: */}}
{{- define "ingress-controller.yaml" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: ks-router
spec:
replicas: 1
selector:
matchLabels:
app: kubesphere
component: ks-router
tier: backend
template:
metadata:
labels:
app: kubesphere
component: ks-router
tier: backend
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
serviceAccountName: kubesphere-router-serviceaccount
containers:
- name: nginx-ingress-controller
image: {{ .Values.image.nginx_ingress_controller_repo }}:{{ .Values.image.nginx_ingress_controller_tag | default .Chart.AppVersion}}
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --annotations-prefix=nginx.ingress.kubernetes.io
- --update-status
- --update-status-on-shutdown
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
runAsNonRoot: false
{{- end }}
{{- define "ingress-controller-svc.yaml" }}
apiVersion: v1
kind: Service
metadata:
name: kubesphere-router-gateway
labels:
app: kubesphere
component: ks-router
tier: backend
spec:
selector:
app: kubesphere
component: ks-router
tier: backend
type: LoadBalancer
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
- name: https
protocol: TCP
port: 443
targetPort: 443
{{- end }}

34
config/ks-core/templates/kubesphere-config.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.config.create -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: kubesphere-config
namespace: kubesphere-system
data:
kubesphere.yaml: |
authentication:
authenticateRateLimiterMaxTries: {{ .Values.config.authentication.authenticateRateLimiterMaxTries | default 10 }}
authenticateRateLimiterDuration: {{ .Values.config.authentication.authenticationRateLimiterDuration | default "10m0s" }}
loginHistoryRetentionPeriod: {{ .Values.config.authentication.loginHistoryRetentionPeriod | default "168h" }}
maximumClockSkew: {{ .Values.config.authentication.maximumClockSkew | default "10s" }}
multipleLogin: {{ .Values.console.enableMultiLogin | default true }}
kubectlImage: {{ .Values.image.ks_kubectl_repo }}:{{ .Values.image.ks_kubectl_tag | default "latest" }}
jwtSecret: "{{ .Values.jwtSecret }}"
{{- if .Values.config.authentication.oauthOptions }}
{{- with .Values.config.authentication.oauthOptions }}
oauthOptions:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else if eq (default .Values.config.multicluster.clusterRole "none") "member" }}
oauthOptions:
accessTokenMaxAge: 0
{{- end }}
monitoring:
endpoint: {{ .Values.config.monitoring.endpoint | default "http://prometheus-operated.kubesphere-monitoring-system.svc:9090" }}
{{- with .Values.config.servicemesh }}
servicemesh:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

238
config/ks-core/templates/kubesphere-controls-system.yaml Normal file
View File

@@ -0,0 +1,238 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:kubesphere-router-clusterrole
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: system:kubesphere-router-role
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubesphere-router-serviceaccount
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:nginx-ingress-clusterrole-nisa-binding
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kubesphere-router-clusterrole
subjects:
- kind: ServiceAccount
name: kubesphere-router-serviceaccount
namespace: kubesphere-controls-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system:kubesphere-router-role
subjects:
- kind: ServiceAccount
name: kubesphere-router-serviceaccount
namespace: kubesphere-controls-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: default-http-backend
labels:
app: kubesphere
component: kubesphere-router
version: express-1.0.alpha
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
spec:
replicas: 1
selector:
matchLabels:
app: kubesphere
component: kubesphere-router
template:
metadata:
labels:
app: kubesphere
component: kubesphere-router
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissible as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: {{ .Values.image.defaultbackend_repo }}:{{ .Values.image.defaultbackend_tag | default "latest" }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
labels:
app: kubesphere
component: kubesphere-router
annotations:
kubernetes.io/created-by: kubesphere.io/ks-router
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: kubesphere
component: kubesphere-router
---
# create a seviceaccount for kubectl pod
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubesphere-cluster-admin
namespace: kubesphere-controls-system
annotations:
kubernetes.io/created-by: kubesphere.io/kubectl
---
# bind kubesphere-cluster-admin sa to clusterrole cluster-admin
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kubesphere-cluster-admin
annotations:
kubernetes.io/created-by: kubesphere.io/kubectl
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubesphere-cluster-admin
namespace: kubesphere-controls-system

378
config/ks-core/templates/sample-bookinfo-configmap.yaml Normal file
View File

@@ -0,0 +1,378 @@
apiVersion: v1
data:
bookinfo.yaml: |
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: bookinfo
namespace: servicemesh
labels:
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
servicemesh.kubesphere.io/enabled: 'true'
spec:
selector:
matchLabels:
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
addOwnerRef: true
descriptor:
icons:
- src: '/assets/bookinfo.svg'
componentKinds:
- group: ''
kind: Service
- group: apps
kind: Deployment
- group: apps
kind: StatefulSet
- group: extensions
kind: Ingress
- group: servicemesh.kubesphere.io
kind: Strategy
- group: servicemesh.kubesphere.io
kind: ServicePolicy
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: servicemesh
annotations:
kubesphere.io/isElasticReplicas: 'false'
servicemesh.kubesphere.io/enabled: 'true'
labels:
app: productpage
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
name: productpage-v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
template:
metadata:
labels:
app: productpage
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
sidecar.istio.io/inject: 'true'
spec:
containers:
- name: productpage
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: '1'
memory: 1000Mi
imagePullPolicy: IfNotPresent
image: {{- .Values.image.bookinfo_productpage_v1_repo }}:{{- .Values.image.bookinfo_productpage_v1_tag }}
ports:
- name: http-web
protocol: TCP
containerPort: 9080
servicePort: 9080
serviceAccount: default
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
---
apiVersion: v1
kind: Service
metadata:
namespace: servicemesh
labels:
app: productpage
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
kubesphere.io/workloadType: Deployment
servicemesh.kubesphere.io/enabled: 'true'
name: productpage
spec:
type: ClusterIP
sessionAffinity: None
selector:
app: productpage
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
ports:
- name: http-web
protocol: TCP
port: 9080
targetPort: 9080
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: servicemesh
annotations:
kubesphere.io/isElasticReplicas: 'false'
servicemesh.kubesphere.io/enabled: 'true'
labels:
app: reviews
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
name: reviews-v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
template:
metadata:
labels:
app: reviews
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
sidecar.istio.io/inject: 'true'
spec:
containers:
- name: reviews
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: '1'
memory: 1000Mi
imagePullPolicy: IfNotPresent
image: {{- .Values.image.bookinfo_reviews_v1_repo }}:{{- .Values.image.bookinfo_reviews_v1_tag }}
ports:
- name: http-web
protocol: TCP
containerPort: 9080
servicePort: 9080
serviceAccount: default
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
---
apiVersion: v1
kind: Service
metadata:
namespace: servicemesh
labels:
app: reviews
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
kubesphere.io/workloadType: Deployment
servicemesh.kubesphere.io/enabled: 'true'
name: reviews
spec:
type: ClusterIP
sessionAffinity: None
selector:
app: reviews
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
ports:
- name: http-web
protocol: TCP
port: 9080
targetPort: 9080
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: servicemesh
annotations:
kubesphere.io/isElasticReplicas: 'false'
servicemesh.kubesphere.io/enabled: 'true'
labels:
app: details
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
name: details-v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
template:
metadata:
labels:
app: details
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
sidecar.istio.io/inject: 'true'
spec:
containers:
- name: details
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: '1'
memory: 1000Mi
imagePullPolicy: IfNotPresent
image: {{- .Values.image.bookinfo_details_v1_repo }}:{{- .Values.image.bookinfo_details_v1_tag }}
ports:
- name: http-web
protocol: TCP
containerPort: 9080
servicePort: 9080
serviceAccount: default
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
---
apiVersion: v1
kind: Service
metadata:
namespace: servicemesh
labels:
app: details
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
kubesphere.io/workloadType: Deployment
servicemesh.kubesphere.io/enabled: 'true'
name: details
spec:
type: ClusterIP
sessionAffinity: None
selector:
app: details
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
ports:
- name: http-web
protocol: TCP
port: 9080
targetPort: 9080
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: servicemesh
annotations:
kubesphere.io/isElasticReplicas: 'false'
servicemesh.kubesphere.io/enabled: 'true'
labels:
app: ratings
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
name: ratings-v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
template:
metadata:
labels:
app: ratings
version: v1
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
sidecar.istio.io/inject: 'true'
spec:
containers:
- name: ratings
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: '1'
memory: 1000Mi
imagePullPolicy: IfNotPresent
image: {{- .Values.image.bookinfo_ratings_v1_repo }}:{{- .Values.image.bookinfo_ratings_v1_tag }}
ports:
- name: http-web
protocol: TCP
containerPort: 9080
servicePort: 9080
serviceAccount: default
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
---
apiVersion: v1
kind: Service
metadata:
namespace: servicemesh
labels:
app: ratings
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
annotations:
kubesphere.io/workloadType: Deployment
servicemesh.kubesphere.io/enabled: 'true'
name: ratings
spec:
type: ClusterIP
sessionAffinity: None
selector:
app: ratings
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
ports:
- name: http-web
protocol: TCP
port: 9080
targetPort: 9080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: servicemesh
labels:
app.kubernetes.io/version: v1
app.kubernetes.io/name: bookinfo
name: bookinfo-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: productpage
servicePort: 9080
host: productpage.servicemesh.139.198.121.92.nip.io
kind: ConfigMap
metadata:
name: sample-bookinfo
namespace: kubesphere-system

26
config/ks-core/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ks-core.serviceAccountName" . }}
labels:
{{- include "ks-core.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubesphere
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubesphere
namespace: kubesphere-system

123
config/ks-core/templates/webhook.yaml Normal file
View File

@@ -0,0 +1,123 @@
{{- $ca := genCA "ks-controller-manager-ca" 3650 }}
{{- $cn := printf "%s-admission-webhook" .Release.Name }}
{{- $altName1 := printf "ks-controller-manager.kubesphere-system" }}
{{- $altName2 := printf "ks-controller-manager.kubesphere-system.svc" }}
{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
apiVersion: v1
data:
ca.crt: {{ b64enc $ca.Cert | quote }}
tls.crt: {{ b64enc $cert.Cert | quote }}
tls.key: {{ b64enc $cert.Key | quote }}
kind: Secret
metadata:
name: ks-controller-manager-webhook-cert
namespace: kubesphere-system
type: Opaque
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: users.iam.kubesphere.io
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: {{ b64enc $ca.Cert | quote }}
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-email-iam-kubesphere-io-v1alpha2
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: users.iam.kubesphere.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: DoesNotExist
objectSelector: {}
rules:
- apiGroups:
- iam.kubesphere.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- users
scope: '*'
sideEffects: None
timeoutSeconds: 30
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: network.kubesphere.io
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: {{ b64enc $ca.Cert | quote }}
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-network-kubesphere-io-v1alpha1
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: validating-network.kubesphere.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: DoesNotExist
objectSelector: {}
rules:
- apiGroups:
- network.kubesphere.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- ippools
scope: '*'
sideEffects: None
timeoutSeconds: 30
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: resourcesquotas.quota.kubesphere.io
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: {{ b64enc $ca.Cert | quote }}
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-quota-kubesphere-io-v1alpha2
port: 443
failurePolicy: Ignore
matchPolicy: Exact
name: resourcesquotas.quota.kubesphere.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- '*'
apiVersions:
- '*'
operations:
- CREATE
resources:
- pods
scope: '*'
sideEffects: None

118
config/ks-core/values.yaml Normal file
View File

@@ -0,0 +1,118 @@
# Default values for ks-core.
replicaCount: 1
image:
# Overrides the image tag whose default is the chart appVersion.
ks_controller_manager_repo: kubesphere/ks-controller-manager
ks_controller_manager_tag: ""
ks_apiserver_repo: kubesphere/ks-apiserver
ks_apiserver_tag: ""
ks_console_repo: "kubesphere/ks-console"
ks_console_tag: ""
ks_kubectl_repo: kubesphere/kubectl
ks_kubectl_tag: ""
nginx_ingress_controller_repo: kubesphere/nginx-ingress-controller
nginx_ingress_controller_tag: "v0.35.0"
defaultbackend_repo: "mirrorgooglecontainers/defaultbackend-amd64"
defaultbackend_tag: "1.4"
bookinfo_productpage_v1_repo: kubesphere/examples-bookinfo-productpage-v1
bookinfo_productpage_v1_tag: "1.16.2"
bookinfo_reviews_v1_repo: kubesphere/examples-bookinfo-reviews-v1
bookinfo_reviews_v1_tag: "1.16.2"
bookinfo_details_v1_repo: kubesphere/examples-bookinfo-details-v1
bookinfo_details_v1_tag: "1.16.2"
bookinfo_ratings_v1_repo: kubesphere/examples-bookinfo-ratings-v1
bookinfo_ratings_v1_tag: "1.16.3"
pullPolicy: IfNotPresent
config:
# Specifies whether the kubesphere-config configmap should be created
create: true
authentication: {}
# Jwt Secret is required
jwtSecret: ""
multicluster: {}
monitoring: {}
console:
port: 30880
type: NodePort
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "kubesphere"
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
apiserverResources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 20m
memory: 100Mi
consoleResources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 20m
memory: 100Mi
controllerManagerResources:
limits:
cpu: 1
memory: 1000Mi
requests:
cpu: 30m
memory: 50Mi
# Kubernetes Version shows in KubeSphere console
kube_version: "v1.19.4"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 60
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 60
affinity: {}