chore: update ks-core helm chart

Signed-off-by: hongming <coder.scala@gmail.com>
2025-03-19 14:00:34 +08:00
parent 0bd5ba16fe
commit 6da63b8ce5
8 changed files with 28 additions and 103 deletions
--- a/config/ks-core/templates/cert-manager.yaml
+++ b/config/ks-core/templates/cert-manager.yaml
@@ -26,7 +26,7 @@ spec:
    privateKeySecretRef:
      name: letsencrypt-{{ .Values.letsEncrypt.environment }}
    {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
-    http01: { }
+    http01: {}
    {{- else }}
    solvers:
      - http01:
--- a/config/ks-core/templates/ks-apiserver.yaml
+++ b/config/ks-core/templates/ks-apiserver.yaml
@@ -133,4 +133,4 @@ spec:
            secretName: ks-apiserver-tls-certs
            defaultMode: 420
        {{- end }}
-{{ end }}
+{{ end }}
--- a/config/ks-core/templates/ks-console.yaml
+++ b/config/ks-core/templates/ks-console.yaml
@@ -70,7 +70,7 @@ spec:
                  app: ks-console
              topologyKey: kubernetes.io/hostname
              namespaces:
-                - {{ .Release.Namespace | quote }}
+              - {{ .Release.Namespace | quote }}
        {{- else }}
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
@@ -82,24 +82,24 @@ spec:
                namespaces:
                  - {{ .Release.Namespace | quote }}
        {{- end }}
-        {{- if .Values.tolerations }}
+      {{- if .Values.tolerations }}
      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
      {{- end }}
      {{- if .Values.internalTLS }}
      initContainers:
        - name: init-ca
          image: {{ template "kubectl.image" . }}
-          command: [ "/bin/sh", "-c" ]
-          args: [ "cp /tmp/ca.crt /usr/local/share/ca-certificates/ \
+          command: ["/bin/sh", "-c"]
+          args: ["cp /tmp/ca.crt /usr/local/share/ca-certificates/ \
                  && update-ca-certificates && cp /etc/ssl/certs/ca-certificates.crt /certs/"]
          volumeMounts:
-          - name: tls-cert
-            mountPath: /tmp/ca.crt
-            subPath: ca.crt
-            readOnly: false
-          - name: sys-cert
-            mountPath: /certs
-            readOnly: false
+            - name: tls-cert
+              mountPath: /tmp/ca.crt
+              subPath: ca.crt
+              readOnly: false
+            - name: sys-cert
+              mountPath: /certs
+              readOnly: false
      {{- end }}
      containers:
        - name: ks-console
@@ -171,8 +171,8 @@ spec:
        - name: sys-cert
          emptyDir: {}
        {{- end }}
---

+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -188,18 +188,17 @@ metadata:
  name: ks-console
 spec:
  ports:
-  - name: nginx
-  {{- if .Values.internalTLS }}
-    port: 443
-  {{- else }}
-    port: 80
+    - name: nginx
+{{- if .Values.internalTLS }}
+      port: 443
+{{- else }}
+      port: 80
+{{- end }}
+      protocol: TCP
+      targetPort: 8000
+  {{- with .Values.console.nodePort }}
+      nodePort: {{ . }}
  {{- end }}
-    protocol: TCP
-    targetPort: 8000
-    {{- with .Values.console.nodePort }}
-    nodePort:
-      {{- toYaml . | nindent 6 }}
-    {{- end }}
  selector:
    app: ks-console
 {{- if .Values.console.nodePort }}
--- a/config/ks-core/templates/kubesphere-config.yaml
+++ b/config/ks-core/templates/kubesphere-config.yaml
@@ -81,11 +81,6 @@ data:
    kubesphere:
      tls: {{ .Values.internalTLS }}
    {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}}
-    {{- if and .Values.telemetry.enabled (eq (include "multicluster.role" .) "host") }}
-    telemetry:
-      ksCloudURL: "https://kubesphere.cloud"
-    {{- end }}
-    {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}}
    {{- if .Values.ha.cache }}
    cache: {{- toYaml .Values.ha.cache | nindent 6}}
    {{- else }}
@@ -98,5 +93,4 @@ data:
        db: 0
    {{- end }}
    {{- end }}
-    {{- end }}
    auditing: {{- toYaml .Values.auditing | nindent 6}}
--- a/config/ks-core/templates/post-patch-system-ns-job.yaml
+++ b/config/ks-core/templates/post-patch-system-ns-job.yaml
@@ -3,7 +3,7 @@ kind: Job
 metadata:
  name: "{{ .Release.Name }}-post-patch-system-ns"
  annotations:
-    "helm.sh/hook": post-install
+    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
 spec:
@@ -16,7 +16,7 @@ spec:
      {{- end }}
      containers:
        - name: post-patch-system-ns
-          image:  {{ template "kubectl.image" . }}
+          image: {{ template "kubectl.image" . }}
          command:
            - /bin/bash
            - -c
@@ -27,6 +27,4 @@ spec:
                kubectl label ns $ns kubesphere.io/workspace=system-workspace
                kubectl label ns $ns kubesphere.io/managed=true
                kubectl label ns $ns kubesphere.io/protected-resource=true
-              done
-              kubectl get ns -l 'kubesphere.io/workspace,!kubesphere.io/managed' --no-headers -o custom-columns=NAME:.metadata.name | \
-              xargs -I {} kubectl label ns {} kubesphere.io/managed=true
+              done
--- a/config/ks-core/templates/roletemplates.yaml
+++ b/config/ks-core/templates/roletemplates.yaml
@@ -1569,64 +1569,6 @@ spec:
 ---
 apiVersion: iam.kubesphere.io/v1beta1
 kind: RoleTemplate
-metadata:
-  annotations:
-    iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "view"}'
-  labels:
-    iam.kubesphere.io/aggregate-to-operator: ""
-    iam.kubesphere.io/aggregate-to-viewer: ""
-    iam.kubesphere.io/aggregate-to-regular: ""
-    iam.kubesphere.io/category: namespace-configuration-management
-    iam.kubesphere.io/scope: "namespace"
-    kubesphere.io/managed: "true"
-  name: namespace-view-workloadtemplates
-spec:
-  description:
-    en: 'View workloadtemplates in the project.'
-    zh: '查看项目中的工作负载模板。'
-  displayName:
-    en: WorkloadTemplate Viewing
-    zh: '工作负载模板查看'
-  rules:
-    - apiGroups:
-        - 'workloadtemplate.kubesphere.io'
-      resources:
-        - "*"
-      verbs:
-        - get
-        - list
-        - watch
-
---
-apiVersion: iam.kubesphere.io/v1beta1
-kind: RoleTemplate
-metadata:
-  annotations:
-    iam.kubesphere.io/dependencies: '["namespace-view-workloadtemplates"]'
-    iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "manage"}'
-  labels:
-    iam.kubesphere.io/aggregate-to-operator: ""
-    iam.kubesphere.io/category: namespace-configuration-management
-    iam.kubesphere.io/scope: "namespace"
-    kubesphere.io/managed: "true"
-  name: namespace-manage-workloadtemplates
-spec:
-  description:
-    en: 'Create, edit, and delete workloadtemplates in the project.'
-    zh: '创建、编辑和删除项目中的工作负载模板。'
-  displayName:
-    en: WorkloadTemplate Management
-    zh: '工作负载模板管理'
-  rules:
-    - apiGroups:
-        - 'workloadtemplate.kubesphere.io'
-      resources:
-        - "*"
-      verbs:
-        - '*'
---
-apiVersion: iam.kubesphere.io/v1beta1
-kind: RoleTemplate
 metadata:
  annotations:
    iam.kubesphere.io/role-template-rules: '{"secrets": "view"}'
--- a/config/ks-core/templates/services.yaml
+++ b/config/ks-core/templates/services.yaml
@@ -15,8 +15,7 @@ spec:
    {{- end }}
      targetPort: 9090
    {{- with .Values.apiserver.nodePort }}
-      nodePort:
-      {{- toYaml . | nindent 8 }}
+      nodePort: {{ . }}
    {{- end }}
  selector:
    {{- if eq (include "multicluster.role" .) "host" }}
--- a/config/ks-core/values.yaml
+++ b/config/ks-core/values.yaml
@@ -436,13 +436,6 @@ ksCRDs:
      repository: kubesphere/kubectl
      tag: "v1.27.16"
      pullPolicy: IfNotPresent
-    resources:
-      limits:
-        cpu: 1
-        memory: 1024Mi
-      requests:
-        cpu: 20m
-        memory: 100Mi

 # add museum for all ks-extensions
 ksExtensionRepository: