admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update ks-core helm chart

Browse Source 
Signed-off-by: hongming <coder.scala@gmail.com>
This commit is contained in:
hongming
2025-03-19 14:00:34 +08:00
committed by ks-ci-bot
parent 0e76a4bcc5
commit 3e12e76f43
7 changed files with 28 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/ks-core/templates/cert-manager.yaml
View File

@@ -26,7 +26,7 @@ spec:
privateKeySecretRef:
name: letsencrypt-{{ .Values.letsEncrypt.environment }}
{{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
http01: { }
http01: {}
{{- else }}
solvers:
- http01:

2
config/ks-core/templates/ks-apiserver.yaml
View File

@@ -133,4 +133,4 @@ spec:
secretName: ks-apiserver-tls-certs
defaultMode: 420
{{- end }}
{{ end }}
{{ end }}

45
config/ks-core/templates/ks-console.yaml
View File

@@ -70,7 +70,7 @@ spec:
app: ks-console
topologyKey: kubernetes.io/hostname
namespaces:
- {{ .Release.Namespace | quote }}
- {{ .Release.Namespace | quote }}
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
@@ -82,24 +82,24 @@ spec:
namespaces:
- {{ .Release.Namespace | quote }}
{{- end }}
{{- if .Values.tolerations }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.internalTLS }}
initContainers:
- name: init-ca
image: {{ template "kubectl.image" . }}
command: [ "/bin/sh", "-c" ]
args: [ "cp /tmp/ca.crt /usr/local/share/ca-certificates/ \
command: ["/bin/sh", "-c"]
args: ["cp /tmp/ca.crt /usr/local/share/ca-certificates/ \
&& update-ca-certificates && cp /etc/ssl/certs/ca-certificates.crt /certs/"]
volumeMounts:
- name: tls-cert
mountPath: /tmp/ca.crt
subPath: ca.crt
readOnly: false
- name: sys-cert
mountPath: /certs
readOnly: false
- name: tls-cert
mountPath: /tmp/ca.crt
subPath: ca.crt
readOnly: false
- name: sys-cert
mountPath: /certs
readOnly: false
{{- end }}
containers:
- name: ks-console
@@ -171,8 +171,8 @@ spec:
- name: sys-cert
emptyDir: {}
{{- end }}
---
---
apiVersion: v1
kind: Service
metadata:
@@ -188,18 +188,17 @@ metadata:
name: ks-console
spec:
ports:
- name: nginx
{{- if .Values.internalTLS }}
port: 443
{{- else }}
port: 80
- name: nginx
{{- if .Values.internalTLS }}
port: 443
{{- else }}
port: 80
{{- end }}
protocol: TCP
targetPort: 8000
{{- with .Values.console.nodePort }}
nodePort: {{ . }}
{{- end }}
protocol: TCP
targetPort: 8000
{{- with .Values.console.nodePort }}
nodePort:
{{- toYaml . | nindent 6 }}
{{- end }}
selector:
app: ks-console
{{- if .Values.console.nodePort }}

8
config/ks-core/templates/post-patch-system-ns-job.yaml
View File

@@ -3,7 +3,7 @@ kind: Job
metadata:
name: "{{ .Release.Name }}-post-patch-system-ns"
annotations:
"helm.sh/hook": post-install
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
spec:
@@ -16,7 +16,7 @@ spec:
{{- end }}
containers:
- name: post-patch-system-ns
image: {{ template "kubectl.image" . }}
image: {{ template "kubectl.image" . }}
command:
- /bin/bash
- -c
@@ -27,6 +27,4 @@ spec:
kubectl label ns $ns kubesphere.io/workspace=system-workspace
kubectl label ns $ns kubesphere.io/managed=true
kubectl label ns $ns kubesphere.io/protected-resource=true
done
kubectl get ns -l 'kubesphere.io/workspace,!kubesphere.io/managed' --no-headers -o custom-columns=NAME:.metadata.name | \
xargs -I {} kubectl label ns {} kubesphere.io/managed=true
done

58
config/ks-core/templates/roletemplates.yaml
View File

@@ -1569,64 +1569,6 @@ spec:
---
apiVersion: iam.kubesphere.io/v1beta1
kind: RoleTemplate
metadata:
annotations:
iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "view"}'
labels:
iam.kubesphere.io/aggregate-to-operator: ""
iam.kubesphere.io/aggregate-to-viewer: ""
iam.kubesphere.io/aggregate-to-regular: ""
iam.kubesphere.io/category: namespace-configuration-management
iam.kubesphere.io/scope: "namespace"
kubesphere.io/managed: "true"
name: namespace-view-workloadtemplates
spec:
description:
en: 'View workloadtemplates in the project.'
zh: '查看项目中的工作负载模板。'
displayName:
en: WorkloadTemplate Viewing
zh: '工作负载模板查看'
rules:
- apiGroups:
- 'workloadtemplate.kubesphere.io'
resources:
- "*"
verbs:
- get
- list
- watch
---
apiVersion: iam.kubesphere.io/v1beta1
kind: RoleTemplate
metadata:
annotations:
iam.kubesphere.io/dependencies: '["namespace-view-workloadtemplates"]'
iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "manage"}'
labels:
iam.kubesphere.io/aggregate-to-operator: ""
iam.kubesphere.io/category: namespace-configuration-management
iam.kubesphere.io/scope: "namespace"
kubesphere.io/managed: "true"
name: namespace-manage-workloadtemplates
spec:
description:
en: 'Create, edit, and delete workloadtemplates in the project.'
zh: '创建、编辑和删除项目中的工作负载模板。'
displayName:
en: WorkloadTemplate Management
zh: '工作负载模板管理'
rules:
- apiGroups:
- 'workloadtemplate.kubesphere.io'
resources:
- "*"
verbs:
- '*'
---
apiVersion: iam.kubesphere.io/v1beta1
kind: RoleTemplate
metadata:
annotations:
iam.kubesphere.io/role-template-rules: '{"secrets": "view"}'

3
config/ks-core/templates/services.yaml
View File

@@ -15,8 +15,7 @@ spec:
{{- end }}
targetPort: 9090
{{- with .Values.apiserver.nodePort }}
nodePort:
{{- toYaml . | nindent 8 }}
nodePort: {{ . }}
{{- end }}
selector:
{{- if eq (include "multicluster.role" .) "host" }}

7
config/ks-core/values.yaml
View File

@@ -436,13 +436,6 @@ ksCRDs:
repository: kubesphere/kubectl
tag: "v1.27.16"
pullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 20m
memory: 100Mi
# add museum for all ks-extensions
ksExtensionRepository: