feat: kubesphere 4.0 (#6115)

* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
2024-09-06 11:05:52 +08:00
parent b5015ec7b9
commit 447a51f08b
8557 changed files with 546695 additions and 1146174 deletions
--- a/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go
+++ b/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go
@@ -17,13 +17,16 @@ package pusher

 import (
 	"fmt"
-	"io/ioutil"
+	"net"
+	"net/http"
 	"os"
 	"path"
 	"strings"
+	"time"

 	"github.com/pkg/errors"

+	"helm.sh/helm/v3/internal/tlsutil"
 	"helm.sh/helm/v3/pkg/chart/loader"
 	"helm.sh/helm/v3/pkg/registry"
 )
@@ -59,8 +62,15 @@ func (pusher *OCIPusher) push(chartRef, href string) error {
 	}

 	client := pusher.opts.registryClient
+	if client == nil {
+		c, err := pusher.newRegistryClient()
+		if err != nil {
+			return err
+		}
+		client = c
+	}

-	chartBytes, err := ioutil.ReadFile(chartRef)
+	chartBytes, err := os.ReadFile(chartRef)
 	if err != nil {
 		return err
 	}
@@ -68,7 +78,7 @@ func (pusher *OCIPusher) push(chartRef, href string) error {
 	var pushOpts []registry.PushOption
 	provRef := fmt.Sprintf("%s.prov", chartRef)
 	if _, err := os.Stat(provRef); err == nil {
-		provBytes, err := ioutil.ReadFile(provRef)
+		provBytes, err := os.ReadFile(provRef)
 		if err != nil {
 			return err
 		}
@@ -85,18 +95,7 @@ func (pusher *OCIPusher) push(chartRef, href string) error {

 // NewOCIPusher constructs a valid OCI client as a Pusher
 func NewOCIPusher(ops ...Option) (Pusher, error) {
-	registryClient, err := registry.NewClient(
-		registry.ClientOptEnableCache(true),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	client := OCIPusher{
-		opts: options{
-			registryClient: registryClient,
-		},
-	}
+	var client OCIPusher

 	for _, opt := range ops {
 		opt(&client.opts)
@@ -104,3 +103,50 @@ func NewOCIPusher(ops ...Option) (Pusher, error) {

 	return &client, nil
 }
+
+func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) {
+	if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSverify {
+		tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile, pusher.opts.insecureSkipTLSverify)
+		if err != nil {
+			return nil, errors.Wrap(err, "can't create TLS config for client")
+		}
+
+		registryClient, err := registry.NewClient(
+			registry.ClientOptHTTPClient(&http.Client{
+				// From https://github.com/google/go-containerregistry/blob/31786c6cbb82d6ec4fb8eb79cd9387905130534e/pkg/v1/remote/options.go#L87
+				Transport: &http.Transport{
+					Proxy: http.ProxyFromEnvironment,
+					DialContext: (&net.Dialer{
+						// By default we wrap the transport in retries, so reduce the
+						// default dial timeout to 5s to avoid 5x 30s of connection
+						// timeouts when doing the "ping" on certain http registries.
+						Timeout:   5 * time.Second,
+						KeepAlive: 30 * time.Second,
+					}).DialContext,
+					ForceAttemptHTTP2:     true,
+					MaxIdleConns:          100,
+					IdleConnTimeout:       90 * time.Second,
+					TLSHandshakeTimeout:   10 * time.Second,
+					ExpectContinueTimeout: 1 * time.Second,
+					TLSClientConfig:       tlsConf,
+				},
+			}),
+			registry.ClientOptEnableCache(true),
+		)
+		if err != nil {
+			return nil, err
+		}
+		return registryClient, nil
+	}
+
+	opts := []registry.ClientOption{registry.ClientOptEnableCache(true)}
+	if pusher.opts.plainHTTP {
+		opts = append(opts, registry.ClientOptPlainHTTP())
+	}
+
+	registryClient, err := registry.NewClient(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return registryClient, nil
+}
--- a/vendor/helm.sh/helm/v3/pkg/pusher/pusher.go
+++ b/vendor/helm.sh/helm/v3/pkg/pusher/pusher.go
@@ -27,7 +27,12 @@ import (
 //
 // Pushers may or may not ignore these parameters as they are passed in.
 type options struct {
-	registryClient *registry.Client
+	registryClient        *registry.Client
+	certFile              string
+	keyFile               string
+	caFile                string
+	insecureSkipTLSverify bool
+	plainHTTP             bool
 }

 // Option allows specifying various settings configurable by the user for overriding the defaults
@@ -41,6 +46,28 @@ func WithRegistryClient(client *registry.Client) Option {
 	}
 }

+// WithTLSClientConfig sets the client auth with the provided credentials.
+func WithTLSClientConfig(certFile, keyFile, caFile string) Option {
+	return func(opts *options) {
+		opts.certFile = certFile
+		opts.keyFile = keyFile
+		opts.caFile = caFile
+	}
+}
+
+// WithInsecureSkipTLSVerify determines if a TLS Certificate will be checked
+func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option {
+	return func(opts *options) {
+		opts.insecureSkipTLSverify = insecureSkipTLSVerify
+	}
+}
+
+func WithPlainHTTP(plainHTTP bool) Option {
+	return func(opts *options) {
+		opts.plainHTTP = plainHTTP
+	}
+}
+
 // Pusher is an interface to support upload to the specified URL.
 type Pusher interface {
 	// Push file content by url string
@@ -89,7 +116,7 @@ var ociProvider = Provider{

 // All finds all of the registered pushers as a list of Provider instances.
 // Currently, just the built-in pushers are collected.
-func All(settings *cli.EnvSettings) Providers {
+func All(_ *cli.EnvSettings) Providers {
 	result := Providers{ociProvider}
 	return result
 }